Patch "ANDROID: binder: add padding to binder_fd_array_object." has been added to the 4.12-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Thu, 07 Sep 2017 16:47:43 +0200

This is a note to let you know that I've just added the patch titled

    ANDROID: binder: add padding to binder_fd_array_object.

to the 4.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     android-binder-add-padding-to-binder_fd_array_object.patch
and it can be found in the queue-4.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 5cdcf4c6a638591ec0e98c57404a19e7f9997567 Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@xxxxxxxxxxx>
Date: Fri, 28 Jul 2017 13:56:06 +0200
Subject: ANDROID: binder: add padding to binder_fd_array_object.

From: Martijn Coenen <maco@xxxxxxxxxxx>

commit 5cdcf4c6a638591ec0e98c57404a19e7f9997567 upstream.

binder_fd_array_object starts with a 4-byte header,
followed by a few fields that are 8 bytes when
ANDROID_BINDER_IPC_32BIT=N.

This can cause alignment issues in a 64-bit kernel
with a 32-bit userspace, as on x86_32 an 8-byte primitive
may be aligned to a 4-byte address. Pad with a __u32
to fix this.

Signed-off-by: Martijn Coenen <maco@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 include/uapi/linux/android/binder.h |    2 ++
 1 file changed, 2 insertions(+)

--- a/include/uapi/linux/android/binder.h
+++ b/include/uapi/linux/android/binder.h
@@ -132,6 +132,7 @@ enum {
 
 /* struct binder_fd_array_object - object describing an array of fds in a buffer
  * @hdr:		common header structure
+ * @pad:		padding to ensure correct alignment
  * @num_fds:		number of file descriptors in the buffer
  * @parent:		index in offset array to buffer holding the fd array
  * @parent_offset:	start offset of fd array in the buffer
@@ -152,6 +153,7 @@ enum {
  */
 struct binder_fd_array_object {
 	struct binder_object_header	hdr;
+	__u32				pad;
 	binder_size_t			num_fds;
 	binder_size_t			parent;
 	binder_size_t			parent_offset;


Patches currently in stable-queue which might be from maco@xxxxxxxxxxx are

queue-4.12/android-binder-add-hwbinder-vndbinder-to-binder_devices.patch
queue-4.12/android-binder-add-padding-to-binder_fd_array_object.patch






