mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-30 08:02:30 +00:00
Char/Misc fix for 5.4-rc5
This is a single char/misc driver fix (well, a binder fix to be specific) to resolve a reported issue by Jann. It's been in linux-next for a while with no reported issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXbSKbg8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+yk6wwCgwkxF667WQcJ2Eh9nE/9ZvDvrmlwAn3q2VmZM 94K3nJrFLohNgTBJ4SHG =d8Af -----END PGP SIGNATURE----- Merge tag 'char-misc-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull binder fix from Greg KH: "This is a single binder fix to resolve a reported issue by Jann. It's been in linux-next for a while with no reported issues" * tag 'char-misc-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: binder: Don't modify VMA bounds in ->mmap handler
This commit is contained in:
commit
a03885d596
2 changed files with 4 additions and 9 deletions
|
@ -97,10 +97,6 @@ DEFINE_SHOW_ATTRIBUTE(proc);
|
||||||
#define SZ_1K 0x400
|
#define SZ_1K 0x400
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef SZ_4M
|
|
||||||
#define SZ_4M 0x400000
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define FORBIDDEN_MMAP_FLAGS (VM_WRITE)
|
#define FORBIDDEN_MMAP_FLAGS (VM_WRITE)
|
||||||
|
|
||||||
enum {
|
enum {
|
||||||
|
@ -5177,9 +5173,6 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma)
|
||||||
if (proc->tsk != current->group_leader)
|
if (proc->tsk != current->group_leader)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if ((vma->vm_end - vma->vm_start) > SZ_4M)
|
|
||||||
vma->vm_end = vma->vm_start + SZ_4M;
|
|
||||||
|
|
||||||
binder_debug(BINDER_DEBUG_OPEN_CLOSE,
|
binder_debug(BINDER_DEBUG_OPEN_CLOSE,
|
||||||
"%s: %d %lx-%lx (%ld K) vma %lx pagep %lx\n",
|
"%s: %d %lx-%lx (%ld K) vma %lx pagep %lx\n",
|
||||||
__func__, proc->pid, vma->vm_start, vma->vm_end,
|
__func__, proc->pid, vma->vm_start, vma->vm_end,
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
#include <asm/cacheflush.h>
|
#include <asm/cacheflush.h>
|
||||||
#include <linux/uaccess.h>
|
#include <linux/uaccess.h>
|
||||||
#include <linux/highmem.h>
|
#include <linux/highmem.h>
|
||||||
|
#include <linux/sizes.h>
|
||||||
#include "binder_alloc.h"
|
#include "binder_alloc.h"
|
||||||
#include "binder_trace.h"
|
#include "binder_trace.h"
|
||||||
|
|
||||||
|
@ -689,7 +690,9 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
|
||||||
alloc->buffer = (void __user *)vma->vm_start;
|
alloc->buffer = (void __user *)vma->vm_start;
|
||||||
mutex_unlock(&binder_alloc_mmap_lock);
|
mutex_unlock(&binder_alloc_mmap_lock);
|
||||||
|
|
||||||
alloc->pages = kcalloc((vma->vm_end - vma->vm_start) / PAGE_SIZE,
|
alloc->buffer_size = min_t(unsigned long, vma->vm_end - vma->vm_start,
|
||||||
|
SZ_4M);
|
||||||
|
alloc->pages = kcalloc(alloc->buffer_size / PAGE_SIZE,
|
||||||
sizeof(alloc->pages[0]),
|
sizeof(alloc->pages[0]),
|
||||||
GFP_KERNEL);
|
GFP_KERNEL);
|
||||||
if (alloc->pages == NULL) {
|
if (alloc->pages == NULL) {
|
||||||
|
@ -697,7 +700,6 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
|
||||||
failure_string = "alloc page array";
|
failure_string = "alloc page array";
|
||||||
goto err_alloc_pages_failed;
|
goto err_alloc_pages_failed;
|
||||||
}
|
}
|
||||||
alloc->buffer_size = vma->vm_end - vma->vm_start;
|
|
||||||
|
|
||||||
buffer = kzalloc(sizeof(*buffer), GFP_KERNEL);
|
buffer = kzalloc(sizeof(*buffer), GFP_KERNEL);
|
||||||
if (!buffer) {
|
if (!buffer) {
|
||||||
|
|
Loading…
Reference in a new issue