On Thu, Feb 14, 2019 at 3:42 PM Todd Kjos <tkjos@xxxxxxxxxx> wrote: > > On Thu, Feb 14, 2019 at 11:45 AM Joel Fernandes <joelaf@xxxxxxxxxx> wrote: [snip] > > > + * check_buffer() - verify that buffer/offset is safe to access > > > + * @alloc: binder_alloc for this proc > > > + * @buffer: binder buffer to be accessed > > > + * @offset: offset into @buffer data > > > + * @bytes: bytes to access from offset > > > + * > > > + * Check that the @offset/@bytes are within the size of the given > > > + * @buffer and that the buffer is currently active and not freeable. > > > + * Offsets must also be multiples of sizeof(u32). The kernel is > > > > In all callers of binder_alloc_copy_user_to_buffer, the alignment of offsets > > is set to sizeof(void *). Then shouldn't this function check for sizeof(void *) > > alignment instead of u32? > > But there are other callers of check_buffer() later in the series that > don't require pointer-size alignment. u32 alignment is consistent with > the alignment requirements of the binder driver before this change. > The copy functions don't actually need to insist on alignment, but > these binder buffer objects have always used u32 alignment which has > been checked in the driver. If user code misaligned it, then errors > are returned. The alignment checks are really to be consistent with > previous binder driver behavior. Got it, thanks. - Joel _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
