Commit 5cdcf4c6 authored by Martijn Coenen's avatar Martijn Coenen Committed by Greg Kroah-Hartman

ANDROID: binder: add padding to binder_fd_array_object.

binder_fd_array_object starts with a 4-byte header,
followed by a few fields that are 8 bytes when
ANDROID_BINDER_IPC_32BIT=N.

This can cause alignment issues in a 64-bit kernel
with a 32-bit userspace, as on x86_32 an 8-byte primitive
may be aligned to a 4-byte address. Pad with a __u32
to fix this.
Signed-off-by: default avatarMartijn Coenen <maco@android.com>
Cc: stable <stable@vger.kernel.org> # 4.11+
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 6f3d791f
...@@ -132,6 +132,7 @@ enum { ...@@ -132,6 +132,7 @@ enum {
/* struct binder_fd_array_object - object describing an array of fds in a buffer /* struct binder_fd_array_object - object describing an array of fds in a buffer
* @hdr: common header structure * @hdr: common header structure
* @pad: padding to ensure correct alignment
* @num_fds: number of file descriptors in the buffer * @num_fds: number of file descriptors in the buffer
* @parent: index in offset array to buffer holding the fd array * @parent: index in offset array to buffer holding the fd array
* @parent_offset: start offset of fd array in the buffer * @parent_offset: start offset of fd array in the buffer
...@@ -152,6 +153,7 @@ enum { ...@@ -152,6 +153,7 @@ enum {
*/ */
struct binder_fd_array_object { struct binder_fd_array_object {
struct binder_object_header hdr; struct binder_object_header hdr;
__u32 pad;
binder_size_t num_fds; binder_size_t num_fds;
binder_size_t parent; binder_size_t parent;
binder_size_t parent_offset; binder_size_t parent_offset;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment