* [PATCH] binder: Set end of SG buffer area properly.
@ 2019-07-09 11:09 Martijn Coenen
0 siblings, 0 replies; only message in thread
From: Martijn Coenen @ 2019-07-09 11:09 UTC (permalink / raw)
To: gregkh, john.stultz, tkjos, arve, amit.pundir
Cc: linux-kernel, devel, maco, stable, Martijn Coenen
In case the target node requests a security context, the
extra_buffers_size is increased with the size of the security context.
But, that size is not available for use by regular scatter-gather
buffers; make sure the ending of that buffer is marked correctly.
Acked-by: Todd Kjos <tkjos@google.com>
Fixes: ec74136ded79 ("binder: create node flag to request sender's
security context")
Signed-off-by: Martijn Coenen <maco@android.com>
Cc: stable@vger.kernel.org # 5.1+
---
drivers/android/binder.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 38a59a630cd4c..5bde08603fbc2 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3239,7 +3239,8 @@ static void binder_transaction(struct binder_proc *proc,
buffer_offset = off_start_offset;
off_end_offset = off_start_offset + tr->offsets_size;
sg_buf_offset = ALIGN(off_end_offset, sizeof(void *));
- sg_buf_end_offset = sg_buf_offset + extra_buffers_size;
+ sg_buf_end_offset = sg_buf_offset + extra_buffers_size -
+ ALIGN(secctx_sz, sizeof(u64));
off_min = 0;
for (buffer_offset = off_start_offset; buffer_offset < off_end_offset;
buffer_offset += sizeof(binder_size_t)) {
--
2.22.0.410.gd8fdbe21b5-goog
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-07-09 11:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-07-09 11:09 [PATCH] binder: Set end of SG buffer area properly Martijn Coenen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.