[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20190709110923.220736-1-maco@android.com>
Date: Tue, 9 Jul 2019 13:09:23 +0200
From: Martijn Coenen <maco@...roid.com>
To: gregkh@...uxfoundation.org, john.stultz@...aro.org,
tkjos@...gle.com, arve@...roid.com, amit.pundir@...aro.org
Cc: linux-kernel@...r.kernel.org, devel@...verdev.osuosl.org,
maco@...gle.com, stable@...r.kernel.org,
Martijn Coenen <maco@...roid.com>
Subject: [PATCH] binder: Set end of SG buffer area properly.
In case the target node requests a security context, the
extra_buffers_size is increased with the size of the security context.
But, that size is not available for use by regular scatter-gather
buffers; make sure the ending of that buffer is marked correctly.
Acked-by: Todd Kjos <tkjos@...gle.com>
Fixes: ec74136ded79 ("binder: create node flag to request sender's
security context")
Signed-off-by: Martijn Coenen <maco@...roid.com>
Cc: stable@...r.kernel.org # 5.1+
---
drivers/android/binder.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 38a59a630cd4c..5bde08603fbc2 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3239,7 +3239,8 @@ static void binder_transaction(struct binder_proc *proc,
buffer_offset = off_start_offset;
off_end_offset = off_start_offset + tr->offsets_size;
sg_buf_offset = ALIGN(off_end_offset, sizeof(void *));
- sg_buf_end_offset = sg_buf_offset + extra_buffers_size;
+ sg_buf_end_offset = sg_buf_offset + extra_buffers_size -
+ ALIGN(secctx_sz, sizeof(u64));
off_min = 0;
for (buffer_offset = off_start_offset; buffer_offset < off_end_offset;
buffer_offset += sizeof(binder_size_t)) {
--
2.22.0.410.gd8fdbe21b5-goog
Powered by blists - more mailing lists