All the other ioctl paths return EFAULT in case the
copy_from_user/copy_to_user call fails, make oneway spam detection
follow the same paradigm.
Fixes: a7dc1e6f99df ("binder: tell userspace to dump current backtrace
when detected oneway spamming")
Signed-off-by: Luca Stefani <[email protected]>
---
drivers/android/binder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 61d34e1dc59c..bcec598b89f2 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -4918,7 +4918,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
uint32_t enable;
if (copy_from_user(&enable, ubuf, sizeof(enable))) {
- ret = -EINVAL;
+ ret = -EFAULT;
goto err;
}
binder_inner_proc_lock(proc);
--
2.31.1
On Thu, May 6, 2021 at 12:37 PM Luca Stefani <[email protected]> wrote:
>
> All the other ioctl paths return EFAULT in case the
> copy_from_user/copy_to_user call fails, make oneway spam detection
> follow the same paradigm.
>
> Fixes: a7dc1e6f99df ("binder: tell userspace to dump current backtrace
> when detected oneway spamming")
> Signed-off-by: Luca Stefani <[email protected]>
Acked-by: Todd Kjos <[email protected]>
> ---
> drivers/android/binder.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/android/binder.c b/drivers/android/binder.c
> index 61d34e1dc59c..bcec598b89f2 100644
> --- a/drivers/android/binder.c
> +++ b/drivers/android/binder.c
> @@ -4918,7 +4918,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
> uint32_t enable;
>
> if (copy_from_user(&enable, ubuf, sizeof(enable))) {
> - ret = -EINVAL;
> + ret = -EFAULT;
> goto err;
> }
> binder_inner_proc_lock(proc);
> --
> 2.31.1
>
On Thu, May 06, 2021 at 09:37:25PM +0200, Luca Stefani wrote:
> All the other ioctl paths return EFAULT in case the
> copy_from_user/copy_to_user call fails, make oneway spam detection
> follow the same paradigm.
>
> Fixes: a7dc1e6f99df ("binder: tell userspace to dump current backtrace
> when detected oneway spamming")
> Signed-off-by: Luca Stefani <[email protected]>
> ---
Looks good,
Acked-by: Christian Brauner <[email protected]>