aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/android/binder.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/android/binder.c')
-rw-r--r--drivers/android/binder.c17
1 files changed, 8 insertions, 9 deletions
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index e578eee31589..95283f3bb51c 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -72,10 +72,6 @@
72#include <linux/security.h> 72#include <linux/security.h>
73#include <linux/spinlock.h> 73#include <linux/spinlock.h>
74 74
75#ifdef CONFIG_ANDROID_BINDER_IPC_32BIT
76#define BINDER_IPC_32BIT 1
77#endif
78
79#include <uapi/linux/android/binder.h> 75#include <uapi/linux/android/binder.h>
80#include "binder_alloc.h" 76#include "binder_alloc.h"
81#include "binder_trace.h" 77#include "binder_trace.h"
@@ -2058,8 +2054,8 @@ static size_t binder_validate_object(struct binder_buffer *buffer, u64 offset)
2058 struct binder_object_header *hdr; 2054 struct binder_object_header *hdr;
2059 size_t object_size = 0; 2055 size_t object_size = 0;
2060 2056
2061 if (offset > buffer->data_size - sizeof(*hdr) || 2057 if (buffer->data_size < sizeof(*hdr) ||
2062 buffer->data_size < sizeof(*hdr) || 2058 offset > buffer->data_size - sizeof(*hdr) ||
2063 !IS_ALIGNED(offset, sizeof(u32))) 2059 !IS_ALIGNED(offset, sizeof(u32)))
2064 return 0; 2060 return 0;
2065 2061
@@ -3925,10 +3921,11 @@ retry:
3925 binder_inner_proc_unlock(proc); 3921 binder_inner_proc_unlock(proc);
3926 if (put_user(e->cmd, (uint32_t __user *)ptr)) 3922 if (put_user(e->cmd, (uint32_t __user *)ptr))
3927 return -EFAULT; 3923 return -EFAULT;
3924 cmd = e->cmd;
3928 e->cmd = BR_OK; 3925 e->cmd = BR_OK;
3929 ptr += sizeof(uint32_t); 3926 ptr += sizeof(uint32_t);
3930 3927
3931 binder_stat_br(proc, thread, e->cmd); 3928 binder_stat_br(proc, thread, cmd);
3932 } break; 3929 } break;
3933 case BINDER_WORK_TRANSACTION_COMPLETE: { 3930 case BINDER_WORK_TRANSACTION_COMPLETE: {
3934 binder_inner_proc_unlock(proc); 3931 binder_inner_proc_unlock(proc);
@@ -4696,7 +4693,7 @@ static void binder_vma_close(struct vm_area_struct *vma)
4696 binder_defer_work(proc, BINDER_DEFERRED_PUT_FILES); 4693 binder_defer_work(proc, BINDER_DEFERRED_PUT_FILES);
4697} 4694}
4698 4695
4699static int binder_vm_fault(struct vm_fault *vmf) 4696static vm_fault_t binder_vm_fault(struct vm_fault *vmf)
4700{ 4697{
4701 return VM_FAULT_SIGBUS; 4698 return VM_FAULT_SIGBUS;
4702} 4699}
@@ -4730,7 +4727,9 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma)
4730 failure_string = "bad vm_flags"; 4727 failure_string = "bad vm_flags";
4731 goto err_bad_arg; 4728 goto err_bad_arg;
4732 } 4729 }
4733 vma->vm_flags = (vma->vm_flags | VM_DONTCOPY) & ~VM_MAYWRITE; 4730 vma->vm_flags |= VM_DONTCOPY | VM_MIXEDMAP;
4731 vma->vm_flags &= ~VM_MAYWRITE;
4732
4734 vma->vm_ops = &binder_vm_ops; 4733 vma->vm_ops = &binder_vm_ops;
4735 vma->vm_private_data = proc; 4734 vma->vm_private_data = proc;
4736 4735
generated by cgit v1.2.2 (git 2.25.0) at 2025-05-01 02:52:52 -0400