This patch adds copy_flat_binder_object macro() that will help dereference struct flat_binder_object on 64bit systems where the structure differs between 32bit and 64bit userspace.
This patch is a temporary patch that will be extended with 32bit compat handling. Signed-off-by: Serban Constantinescu <serban.constantine...@arm.com> --- drivers/staging/android/binder.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c index 6d22717..855d348 100644 --- a/drivers/staging/android/binder.c +++ b/drivers/staging/android/binder.c @@ -144,6 +144,11 @@ module_param_call(stop_on_user_error, binder_set_stop_on_user_error, #define deref_helper(ptr) (*(typeof(size_t *))ptr) #define size_helper(x) sizeof(x) +static inline struct flat_binder_object *copy_flat_binder_object(void __user *ptr) +{ + return (struct flat_binder_object *)ptr; +} + enum binder_stat_types { BINDER_STAT_PROC, BINDER_STAT_THREAD, @@ -1257,7 +1262,7 @@ static void binder_transaction_buffer_release(struct binder_proc *proc, debug_id, deref_helper(offp), buffer->data_size); continue; } - fp = (struct flat_binder_object *)(buffer->data + deref_helper(offp)); + fp = copy_flat_binder_object(buffer->data + deref_helper(offp)); switch (fp->type) { case BINDER_TYPE_BINDER: case BINDER_TYPE_WEAK_BINDER: { @@ -1507,7 +1512,7 @@ static void binder_transaction(struct binder_proc *proc, return_error = BR_FAILED_REPLY; goto err_bad_offset; } - fp = (struct flat_binder_object *)(t->buffer->data + deref_helper(offp)); + fp = copy_flat_binder_object(t->buffer->data + deref_helper(offp)); switch (fp->type) { case BINDER_TYPE_BINDER: case BINDER_TYPE_WEAK_BINDER: { -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/