Commit 5cdcf4c6 authored Jul 28, 2017 by Martijn Coenen Committed by Greg Kroah-Hartman Aug 22, 2017

ANDROID: binder: add padding to binder_fd_array_object.



binder_fd_array_object starts with a 4-byte header,
followed by a few fields that are 8 bytes when
ANDROID_BINDER_IPC_32BIT=N.

This can cause alignment issues in a 64-bit kernel
with a 32-bit userspace, as on x86_32 an 8-byte primitive
may be aligned to a 4-byte address. Pad with a __u32
to fix this.

Signed-off-by: Martijn Coenen <maco@android.com>
Cc: stable <stable@vger.kernel.org> # 4.11+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 6f3d791f

include/uapi/linux/android/binder.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -132,6 +132,7 @@ enum {

		/* struct binder_fd_array_object - object describing an array of fds in a buffer
		* @hdr: common header structure
		* @pad: padding to ensure correct alignment
		* @num_fds: number of file descriptors in the buffer
		* @parent: index in offset array to buffer holding the fd array
		* @parent_offset: start offset of fd array in the buffer
		@@ -152,6 +153,7 @@ enum {
		*/
		struct binder_fd_array_object {
		struct binder_object_header hdr;
		__u32 pad;
		binder_size_t num_fds;
		binder_size_t parent;
		binder_size_t parent_offset;