staging: android: binder: fix alignment issues

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The Android userspace aligns the data written to the binder buffers to
4bytes. Thus for 32bit platforms or 64bit platforms running an 32bit
Android userspace we can have a buffer looking like this:

platform buffer(binder_cmd pointer) size
32/32 32b 32b 8B
64/32 32b 64b 12B
64/64 32b 64b 12B

Thus the kernel needs to check that the buffer size is aligned to 4bytes
not to (void *) that will be 8bytes on 64bit machines.

The change does not affect existing 32bit ABI.

Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
Acked-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Serban Constantinescu and committed by

Greg Kroah-Hartman 12 years ago ec35e852 fc56f2ec

+2 -2

1 changed file

expand all

drivers

staging

android

binder.c

+2 -2

drivers/staging/android/binder.c

··· 1248 1248 struct flat_binder_object *fp; 1249 1249 if (*offp > buffer->data_size - sizeof(*fp) || 1250 1250 buffer->data_size < sizeof(*fp) || 1251 - !IS_ALIGNED(*offp, sizeof(void *))) { 1251 + !IS_ALIGNED(*offp, sizeof(u32))) { 1252 1252 pr_err("transaction release %d bad offset %zd, size %zd\n", 1253 1253 debug_id, *offp, buffer->data_size); 1254 1254 continue; ··· 1497 1497 struct flat_binder_object *fp; 1498 1498 if (*offp > t->buffer->data_size - sizeof(*fp) || 1499 1499 t->buffer->data_size < sizeof(*fp) || 1500 - !IS_ALIGNED(*offp, sizeof(void *))) { 1500 + !IS_ALIGNED(*offp, sizeof(u32))) { 1501 1501 binder_user_error("%d:%d got transaction with invalid offset, %zd\n", 1502 1502 proc->pid, thread->pid, *offp); 1503 1503 return_error = BR_FAILED_REPLY;