The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from
size_t to __u32 in order to avoid incompatibility issues between 32 and
64-bit kernels. However, the internal types used to copy from user and
store the value were never updated. Use u32 to fix the inconsistency.
Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration")
Reported-by: Arve Hjønnevåg <[email protected]>
Cc: [email protected]
Signed-off-by: Carlos Llamas <[email protected]>
---
drivers/android/binder.c | 2 +-
drivers/android/binder_internal.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index f120a24c9ae6..2596cbfa16d0 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -5408,7 +5408,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
goto err;
break;
case BINDER_SET_MAX_THREADS: {
- int max_threads;
+ u32 max_threads;
if (copy_from_user(&max_threads, ubuf,
sizeof(max_threads))) {
diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h
index 221ab7a6384a..3c522698083f 100644
--- a/drivers/android/binder_internal.h
+++ b/drivers/android/binder_internal.h
@@ -426,7 +426,7 @@ struct binder_proc {
struct list_head todo;
struct binder_stats stats;
struct list_head delivered_death;
- int max_threads;
+ u32 max_threads;
int requested_threads;
int requested_threads_started;
int tmp_ref;
--
2.44.0.683.g7961c838ac-goog
On Wed, Apr 17, 2024 at 07:13:44PM +0000, Carlos Llamas wrote:
> The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from
> size_t to __u32 in order to avoid incompatibility issues between 32 and
> 64-bit kernels. However, the internal types used to copy from user and
> store the value were never updated. Use u32 to fix the inconsistency.
>
> Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration")
> Reported-by: Arve Hj?nnev?g <[email protected]>
> Cc: [email protected]
> Signed-off-by: Carlos Llamas <[email protected]>
> ---
> drivers/android/binder.c | 2 +-
> drivers/android/binder_internal.h | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Why does only patch 4/4 need to go into the tree now, and as a stable
backport, but the first 3 do not? Shouldn't this be two different
series of patches, one 3 long, and one 1 long, to go to the different
branches (next and linus)?
thanks,
greg k-h
On Thu, Apr 18, 2024 at 06:40:52AM +0200, Greg Kroah-Hartman wrote:
> On Wed, Apr 17, 2024 at 07:13:44PM +0000, Carlos Llamas wrote:
> > The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from
> > size_t to __u32 in order to avoid incompatibility issues between 32 and
> > 64-bit kernels. However, the internal types used to copy from user and
> > store the value were never updated. Use u32 to fix the inconsistency.
> >
> > Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration")
> > Reported-by: Arve Hj?nnev?g <[email protected]>
> > Cc: [email protected]
> > Signed-off-by: Carlos Llamas <[email protected]>
> > ---
> > drivers/android/binder.c | 2 +-
> > drivers/android/binder_internal.h | 2 +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
>
> Why does only patch 4/4 need to go into the tree now, and as a stable
> backport, but the first 3 do not? Shouldn't this be two different
> series of patches, one 3 long, and one 1 long, to go to the different
> branches (next and linus)?
Yes, that is correct. Only patch 4/4 would need to be picked for linus
now and for stable. The others would go to next. Sorry, I was not aware
that sending them separately would be preferred.
I'll drop 4/4 patch from the series in v2. Let me know if you still need
me to send it again separately.
Thanks,
Carlos Llamas
On Sun, Apr 21, 2024 at 12:00:30AM +0000, Carlos Llamas wrote:
> On Thu, Apr 18, 2024 at 06:40:52AM +0200, Greg Kroah-Hartman wrote:
> > On Wed, Apr 17, 2024 at 07:13:44PM +0000, Carlos Llamas wrote:
> > > The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from
> > > size_t to __u32 in order to avoid incompatibility issues between 32 and
> > > 64-bit kernels. However, the internal types used to copy from user and
> > > store the value were never updated. Use u32 to fix the inconsistency.
> > >
> > > Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration")
> > > Reported-by: Arve Hj?nnev?g <[email protected]>
> > > Cc: [email protected]
> > > Signed-off-by: Carlos Llamas <[email protected]>
> > > ---
> > > drivers/android/binder.c | 2 +-
> > > drivers/android/binder_internal.h | 2 +-
> > > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > Why does only patch 4/4 need to go into the tree now, and as a stable
> > backport, but the first 3 do not? Shouldn't this be two different
> > series of patches, one 3 long, and one 1 long, to go to the different
> > branches (next and linus)?
>
> Yes, that is correct. Only patch 4/4 would need to be picked for linus
> now and for stable. The others would go to next. Sorry, I was not aware
> that sending them separately would be preferred.
>
> I'll drop 4/4 patch from the series in v2. Let me know if you still need
> me to send it again separately.
Please do, thanks!
greg k-h
On Sun, Apr 21, 2024 at 08:39:23AM +0200, Greg Kroah-Hartman wrote:
> On Sun, Apr 21, 2024 at 12:00:30AM +0000, Carlos Llamas wrote:
> > On Thu, Apr 18, 2024 at 06:40:52AM +0200, Greg Kroah-Hartman wrote:
> > > On Wed, Apr 17, 2024 at 07:13:44PM +0000, Carlos Llamas wrote:
> > > > The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from
> > > > size_t to __u32 in order to avoid incompatibility issues between 32 and
> > > > 64-bit kernels. However, the internal types used to copy from user and
> > > > store the value were never updated. Use u32 to fix the inconsistency.
> > > >
> > > > Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration")
> > > > Reported-by: Arve Hj?nnev?g <[email protected]>
> > > > Cc: [email protected]
> > > > Signed-off-by: Carlos Llamas <[email protected]>
> > > > ---
> > > > drivers/android/binder.c | 2 +-
> > > > drivers/android/binder_internal.h | 2 +-
> > > > 2 files changed, 2 insertions(+), 2 deletions(-)
> > >
> > > Why does only patch 4/4 need to go into the tree now, and as a stable
> > > backport, but the first 3 do not? Shouldn't this be two different
> > > series of patches, one 3 long, and one 1 long, to go to the different
> > > branches (next and linus)?
> >
> > Yes, that is correct. Only patch 4/4 would need to be picked for linus
> > now and for stable. The others would go to next. Sorry, I was not aware
> > that sending them separately would be preferred.
> >
> > I'll drop 4/4 patch from the series in v2. Let me know if you still need
> > me to send it again separately.
>
> Please do, thanks!
>
> greg k-h
>
Ok, done. The separated patch is here:
https://lore.kernel.org/all/[email protected]/
Thanks,
Carlos Llamas