From: Martijn Coenen Date: Tue, 9 Jul 2019 11:09:23 +0000 (+0200) Subject: BACKPORT: binder: Set end of SG buffer area properly. X-Git-Url: https://git.stricted.de/?p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git;a=commitdiff_plain;h=5e1baad7aaf461546dc53d790133e205a4c0535d BACKPORT: binder: Set end of SG buffer area properly. In case the target node requests a security context, the extra_buffers_size is increased with the size of the security context. But, that size is not available for use by regular scatter-gather buffers; make sure the ending of that buffer is marked correctly. Bug: 136210786 Acked-by: Todd Kjos Fixes: ec74136ded79 ("binder: create node flag to request sender's security context") Signed-off-by: Martijn Coenen Cc: stable@vger.kernel.org # 5.1+ Link: https://lore.kernel.org/r/20190709110923.220736-1-maco@android.com Signed-off-by: Greg Kroah-Hartman (cherry picked from commit a56587065094fd96eb4c2b5ad65571daad32156d) Change-Id: Ib4d3a99e7a881992c1313169f902cfad02a508a6 --- diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 235c4e11e01..1fe5f0c6f39 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3230,7 +3230,8 @@ static void binder_transaction(struct binder_proc *proc, } off_end = (void *)off_start + tr->offsets_size; sg_bufp = (u8 *)(PTR_ALIGN(off_end, sizeof(void *))); - sg_buf_end = sg_bufp + extra_buffers_size; + sg_buf_end = sg_bufp + extra_buffers_size - + ALIGN(secctx_sz, sizeof(u64)); off_min = 0; for (; offp < off_end; offp++) { struct binder_object_header *hdr;