On Thu, Aug 08, 2019 at 03:27:26PM -0700, Hridya Valsaraju wrote:
> Length of a binderfs device name cannot exceed BINDERFS_MAX_NAME.
> This patch adds a check in binderfs_init() to ensure the same
> for the default binder devices that will be created in every
> binderfs instance.
>
> Co-developed-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
> Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
> Signed-off-by: Hridya Valsaraju <hridya@xxxxxxxxxx>
> ---
> drivers/android/binderfs.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
> index aee46dd1be91..55c5adb87585 100644
> --- a/drivers/android/binderfs.c
> +++ b/drivers/android/binderfs.c
> @@ -570,6 +570,18 @@ static struct file_system_type binder_fs_type = {
> int __init init_binderfs(void)
> {
> int ret;
> + const char *name;
> + size_t len;
> +
> + /* Verify that the default binderfs device names are valid. */
> + name = binder_devices_param;
> + for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) {
> + if (len > BINDERFS_MAX_NAME)
> + return -E2BIG;
> + name += len;
> + if (*name == ',')
> + name++;
> + }
Shouldn't this be a bugfix separate from patch 1/2?
And shouldn't it be backported to older kernels that currently have this
issue?
thanks,
greg k-h
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
