shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-09 12:17:12 +09:00
Code Issues Packages Projects Releases Wiki Activity

staging: android: binder: Add binder_copy_to_user()

Browse Source 
This patch adds binder_copy_to_user() to be used for copying binder
commands to user address space. This way we can abstract away the
copy_to_user() calls and add separate handling for the compat layer.

Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
This commit is contained in:
Serban Constantinescu
2013-12-04 18:09:34 +00:00
committed by John Stultz
parent 9dcd36a520
commit 8b88117ca6
1 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
drivers/staging/android/binder.c
View File

@@ -2135,6 +2135,18 @@ static int binder_has_thread_work(struct binder_thread *thread)
(thread->looper & BINDER_LOOPER_STATE_NEED_RETURN);
}
static int binder_copy_to_user(uint32_t cmd, void *parcel,
void __user **ptr, size_t size)
{
if (put_user(cmd, (uint32_t __user *)*ptr))
return -EFAULT;
*ptr += sizeof(uint32_t);
if (copy_to_user(*ptr, parcel, size))
return -EFAULT;
*ptr += size;
return 0;
}
static int binder_thread_read(struct binder_proc *proc,
struct binder_thread *thread,
void __user *buffer, size_t size,
@@ -2281,15 +2293,12 @@ retry:
node->has_weak_ref = 0;
}
if (cmd != BR_NOOP) {
if (put_user(cmd, (uint32_t __user *)ptr))
struct binder_ptr_cookie tmp;
tmp.ptr = node->ptr;
tmp.cookie = node->cookie;
if (binder_copy_to_user(cmd, &tmp, &ptr, sizeof(struct binder_ptr_cookie)))
return -EFAULT;
ptr += sizeof(uint32_t);
if (put_user(node->ptr, (void * __user *)ptr))
return -EFAULT;
ptr += sizeof(void *);
if (put_user(node->cookie, (void * __user *)ptr))
return -EFAULT;
ptr += sizeof(void *);
binder_stat_br(proc, thread, cmd);
binder_debug(BINDER_DEBUG_USER_REFS,
@@ -2324,12 +2333,10 @@ retry:
cmd = BR_CLEAR_DEATH_NOTIFICATION_DONE;
else
cmd = BR_DEAD_BINDER;
if (put_user(cmd, (uint32_t __user *)ptr))
if (binder_copy_to_user(cmd, &death->cookie, &ptr, sizeof(void *)))
return -EFAULT;
ptr += sizeof(uint32_t);
if (put_user(death->cookie, (void * __user *)ptr))
return -EFAULT;
ptr += sizeof(void *);
binder_stat_br(proc, thread, cmd);
binder_debug(BINDER_DEBUG_DEATH_NOTIFICATION,
"%d:%d %s %p\n",
@@ -2391,12 +2398,8 @@ retry:
ALIGN(t->buffer->data_size,
sizeof(void *));
if (put_user(cmd, (uint32_t __user *)ptr))
if (binder_copy_to_user(cmd, &tr, &ptr, sizeof(struct binder_transaction_data)))
return -EFAULT;
ptr += sizeof(uint32_t);
if (copy_to_user(ptr, &tr, sizeof(tr)))
return -EFAULT;
ptr += sizeof(tr);
trace_binder_transaction_received(t);
binder_stat_br(proc, thread, cmd);