Re: [PATCH v1 2/9] staging: android: binder: Add binder_copy_to_user()

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Serban Constantinescu <serban.constantinescu@arm.com>
Cc: arve@android.com, devel@driverdev.osuosl.org,
	linux-kernel@vger.kernel.org, john.stultz@linaro.org,
	ccross@android.com, Dave.Butcher@arm.com, irogers@google.com,
	romlem@android.com
Subject: Re: [PATCH v1 2/9] staging: android: binder: Add binder_copy_to_user()
Date: Wed, 4 Dec 2013 15:17:45 -0800	[thread overview]
Message-ID: <20131204231745.GA10410@kroah.com> (raw)
In-Reply-To: <1386180581-6710-3-git-send-email-serban.constantinescu@arm.com>

On Wed, Dec 04, 2013 at 06:09:34PM +0000, Serban Constantinescu wrote:
> This patch adds binder_copy_to_user() to be used for copying binder
> commands to user address space. This way we can abstract away the
> copy_to_user() calls and add separate handling for the compat layer.
> 
> Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
> ---
>  drivers/staging/android/binder.c |   39 ++++++++++++++++++++------------------
>  1 file changed, 21 insertions(+), 18 deletions(-)
> 
> diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
> index 233889c..6fbb340 100644
> --- a/drivers/staging/android/binder.c
> +++ b/drivers/staging/android/binder.c
> @@ -2117,6 +2117,18 @@ static int binder_has_thread_work(struct binder_thread *thread)
>  		(thread->looper & BINDER_LOOPER_STATE_NEED_RETURN);
>  }
>  
> +static int binder_copy_to_user(uint32_t cmd, void *parcel,
> +			       void __user **ptr, size_t size)
> +{
> +	if (put_user(cmd, (uint32_t __user *)*ptr))
> +		return -EFAULT;
> +	*ptr += sizeof(uint32_t);
> +	if (copy_to_user(*ptr, parcel, size))
> +		return -EFAULT;
> +	*ptr += size;
> +	return 0;
> +}

I know what you are trying to do here, but ick, why not just use the
structure involved in the copying out here?  Or just copy the thing out
in one "chunk", not two different calls, which should make this go
faster, right?


> +
>  static int binder_thread_read(struct binder_proc *proc,
>  			      struct binder_thread *thread,
>  			      void  __user *buffer, size_t size,
> @@ -2263,15 +2275,12 @@ retry:
>  				node->has_weak_ref = 0;
>  			}
>  			if (cmd != BR_NOOP) {
> -				if (put_user(cmd, (uint32_t __user *)ptr))
> -					return -EFAULT;
> -				ptr += sizeof(uint32_t);
> -				if (put_user(node->ptr, (void * __user *)ptr))
> -					return -EFAULT;
> -				ptr += sizeof(void *);
> -				if (put_user(node->cookie, (void * __user *)ptr))
> +				struct binder_ptr_cookie tmp;
> +
> +				tmp.ptr = node->ptr;
> +				tmp.cookie = node->cookie;
> +				if (binder_copy_to_user(cmd, &tmp, &ptr, sizeof(struct binder_ptr_cookie)))
>  					return -EFAULT;
> -				ptr += sizeof(void *);

Are you sure this is correct?  You are now no longer incrementing ptr
anymore, is that ok with the larger loop here?


>  
>  				binder_stat_br(proc, thread, cmd);
>  				binder_debug(BINDER_DEBUG_USER_REFS,
> @@ -2306,12 +2315,10 @@ retry:
>  				cmd = BR_CLEAR_DEATH_NOTIFICATION_DONE;
>  			else
>  				cmd = BR_DEAD_BINDER;
> -			if (put_user(cmd, (uint32_t __user *)ptr))
> -				return -EFAULT;
> -			ptr += sizeof(uint32_t);
> -			if (put_user(death->cookie, (void * __user *)ptr))
> +
> +			if (binder_copy_to_user(cmd, &death->cookie, &ptr, sizeof(void *)))
>  				return -EFAULT;
> -			ptr += sizeof(void *);
> +

Same here, no more ptr incrementing.


>  			binder_stat_br(proc, thread, cmd);
>  			binder_debug(BINDER_DEBUG_DEATH_NOTIFICATION,
>  				     "%d:%d %s %p\n",
> @@ -2373,12 +2380,8 @@ retry:
>  					ALIGN(t->buffer->data_size,
>  					    sizeof(void *));
>  
> -		if (put_user(cmd, (uint32_t __user *)ptr))
> -			return -EFAULT;
> -		ptr += sizeof(uint32_t);
> -		if (copy_to_user(ptr, &tr, sizeof(tr)))
> +		if (binder_copy_to_user(cmd, &tr, &ptr, sizeof(struct binder_transaction_data)))
>  			return -EFAULT;
> -		ptr += sizeof(tr);

And here, no more ptr incrementing.

thanks,

greg k-h

next prev parent reply	other threads:[~2013-12-04 23:55 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-04 18:09 [PATCH v1 0/9] Android: Add Support for Binder Compat Serban Constantinescu
2013-12-04 18:09 ` [PATCH v1 1/9] staging: android: binder: Move some of the logic into subfunction Serban Constantinescu
2013-12-05  8:00   ` Dan Carpenter
2013-12-05 18:37     ` Serban Constantinescu
2013-12-05  8:18   ` Dan Carpenter
2013-12-05 15:31     ` Greg KH
2013-12-05 18:35     ` Serban Constantinescu
2013-12-04 18:09 ` [PATCH v1 2/9] staging: android: binder: Add binder_copy_to_user() Serban Constantinescu
2013-12-04 23:17   ` Greg KH [this message]
2013-12-05 18:44     ` Serban Constantinescu
2013-12-05  8:36   ` Dan Carpenter
2013-12-04 18:09 ` [PATCH v1 3/9] staging: android: binder: Add cmd == CMD_NAME handling Serban Constantinescu
2013-12-05  8:40   ` Dan Carpenter
2013-12-05 18:50     ` Serban Constantinescu
2013-12-04 18:09 ` [PATCH v1 4/9] staging: android: binder: Add align_helper() macro Serban Constantinescu
2013-12-05  8:41   ` Dan Carpenter
2013-12-04 18:09 ` [PATCH v1 5/9] staging: android: binder: Add deref_helper() macro Serban Constantinescu
2013-12-04 18:09 ` [PATCH v1 6/9] staging: android: binder: Add size_helper() macro Serban Constantinescu
2013-12-04 18:09 ` [PATCH v1 7/9] staging: android: binder: Add copy_flat_binder_object() Serban Constantinescu
2013-12-04 18:09 ` [PATCH v1 8/9] staging: android: binder: Add binder compat handling to binder.h Serban Constantinescu
2013-12-04 18:09 ` [PATCH v1 9/9] staging: android: binder: Add binder compat layer Serban Constantinescu
2013-12-04 18:35   ` Greg KH
2013-12-04 20:46     ` Colin Cross
2013-12-04 21:43       ` Greg KH
2013-12-04 21:55         ` Colin Cross
2013-12-04 22:02           ` Greg KH
2013-12-04 22:22             ` Colin Cross
2013-12-05  0:02               ` Greg KH
2013-12-05  0:21                 ` Colin Cross
2013-12-05  2:02             ` Arve Hjønnevåg
2013-12-05 18:31               ` Serban Constantinescu
2013-12-05 18:49                 ` Greg KH
2013-12-10  3:01               ` Octavian Purdila
2013-12-11  3:21                 ` Arve Hjønnevåg
2013-12-11 18:10                   ` Octavian Purdila
2013-12-11 23:00                     ` Arve Hjønnevåg
2013-12-12  8:45                       ` Octavian Purdila
2013-12-13  5:14                         ` Arve Hjønnevåg
2013-12-13  7:39                           ` Octavian Purdila
2013-12-04 23:21     ` One Thousand Gnomes
2013-12-04 23:40       ` Colin Cross
2013-12-05  0:32         ` One Thousand Gnomes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131204231745.GA10410@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=Dave.Butcher@arm.com \
    --cc=arve@android.com \
    --cc=ccross@android.com \
    --cc=devel@driverdev.osuosl.org \
    --cc=irogers@google.com \
    --cc=john.stultz@linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=romlem@android.com \
    --cc=serban.constantinescu@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox