The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from size_t to __u32 in order to avoid incompatibility issues between 32 and 64-bit kernels. However, the internal types used to copy from user and store the value were never updated. Use u32 to fix the inconsistency.
Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration") Reported-by: Arve Hjønnevåg arve@android.com Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas cmllamas@google.com --- drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index f120a24c9ae6..2596cbfa16d0 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -5408,7 +5408,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) goto err; break; case BINDER_SET_MAX_THREADS: { - int max_threads; + u32 max_threads;
if (copy_from_user(&max_threads, ubuf, sizeof(max_threads))) { diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index 221ab7a6384a..3c522698083f 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -426,7 +426,7 @@ struct binder_proc { struct list_head todo; struct binder_stats stats; struct list_head delivered_death; - int max_threads; + u32 max_threads; int requested_threads; int requested_threads_started; int tmp_ref;
On Wed, Apr 17, 2024 at 07:13:44PM +0000, Carlos Llamas wrote:
The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from size_t to __u32 in order to avoid incompatibility issues between 32 and 64-bit kernels. However, the internal types used to copy from user and store the value were never updated. Use u32 to fix the inconsistency.
Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration") Reported-by: Arve Hjønnevåg arve@android.com Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas cmllamas@google.com
drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
Why does only patch 4/4 need to go into the tree now, and as a stable backport, but the first 3 do not? Shouldn't this be two different series of patches, one 3 long, and one 1 long, to go to the different branches (next and linus)?
thanks,
greg k-h
On Thu, Apr 18, 2024 at 06:40:52AM +0200, Greg Kroah-Hartman wrote:
On Wed, Apr 17, 2024 at 07:13:44PM +0000, Carlos Llamas wrote:
The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from size_t to __u32 in order to avoid incompatibility issues between 32 and 64-bit kernels. However, the internal types used to copy from user and store the value were never updated. Use u32 to fix the inconsistency.
Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration") Reported-by: Arve Hjønnevåg arve@android.com Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas cmllamas@google.com
drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
Why does only patch 4/4 need to go into the tree now, and as a stable backport, but the first 3 do not? Shouldn't this be two different series of patches, one 3 long, and one 1 long, to go to the different branches (next and linus)?
Yes, that is correct. Only patch 4/4 would need to be picked for linus now and for stable. The others would go to next. Sorry, I was not aware that sending them separately would be preferred.
I'll drop 4/4 patch from the series in v2. Let me know if you still need me to send it again separately.
Thanks, Carlos Llamas
On Sun, Apr 21, 2024 at 12:00:30AM +0000, Carlos Llamas wrote:
On Thu, Apr 18, 2024 at 06:40:52AM +0200, Greg Kroah-Hartman wrote:
On Wed, Apr 17, 2024 at 07:13:44PM +0000, Carlos Llamas wrote:
The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from size_t to __u32 in order to avoid incompatibility issues between 32 and 64-bit kernels. However, the internal types used to copy from user and store the value were never updated. Use u32 to fix the inconsistency.
Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration") Reported-by: Arve Hjønnevåg arve@android.com Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas cmllamas@google.com
drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
Why does only patch 4/4 need to go into the tree now, and as a stable backport, but the first 3 do not? Shouldn't this be two different series of patches, one 3 long, and one 1 long, to go to the different branches (next and linus)?
Yes, that is correct. Only patch 4/4 would need to be picked for linus now and for stable. The others would go to next. Sorry, I was not aware that sending them separately would be preferred.
I'll drop 4/4 patch from the series in v2. Let me know if you still need me to send it again separately.
Please do, thanks!
greg k-h
On Sun, Apr 21, 2024 at 08:39:23AM +0200, Greg Kroah-Hartman wrote:
On Sun, Apr 21, 2024 at 12:00:30AM +0000, Carlos Llamas wrote:
On Thu, Apr 18, 2024 at 06:40:52AM +0200, Greg Kroah-Hartman wrote:
On Wed, Apr 17, 2024 at 07:13:44PM +0000, Carlos Llamas wrote:
The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from size_t to __u32 in order to avoid incompatibility issues between 32 and 64-bit kernels. However, the internal types used to copy from user and store the value were never updated. Use u32 to fix the inconsistency.
Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration") Reported-by: Arve Hjønnevåg arve@android.com Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas cmllamas@google.com
drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
Why does only patch 4/4 need to go into the tree now, and as a stable backport, but the first 3 do not? Shouldn't this be two different series of patches, one 3 long, and one 1 long, to go to the different branches (next and linus)?
Yes, that is correct. Only patch 4/4 would need to be picked for linus now and for stable. The others would go to next. Sorry, I was not aware that sending them separately would be preferred.
I'll drop 4/4 patch from the series in v2. Let me know if you still need me to send it again separately.
Please do, thanks!
greg k-h
Ok, done. The separated patch is here: https://lore.kernel.org/all/20240421173750.3117808-1-cmllamas@google.com/
Thanks, Carlos Llamas
linux-stable-mirror@lists.linaro.org
-
Carlos Llamas -
Greg Kroah-Hartman