From: Lisa Du Date: Wed, 17 Feb 2016 01:32:52 +0000 (+0800) Subject: drivers: android: correct the size of struct binder_uintptr_t for BC_DEAD_BINDER_DONE X-Git-Tag: firefly_0821_release~176^2~475^2~342 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=3e908446627523e106c1edc7cf6fe7706924d6d3;p=firefly-linux-kernel-4.4.55.git drivers: android: correct the size of struct binder_uintptr_t for BC_DEAD_BINDER_DONE commit 7a64cd887fdb97f074c3fda03bee0bfb9faceac3 upstream. There's one point was missed in the patch commit da49889deb34 ("staging: binder: Support concurrent 32 bit and 64 bit processes."). When configure BINDER_IPC_32BIT, the size of binder_uintptr_t was 32bits, but size of void * is 64bit on 64bit system. Correct it here. Signed-off-by: Lisa Du Signed-off-by: Nicolas Boichat Fixes: da49889deb34 ("staging: binder: Support concurrent 32 bit and 64 bit processes.") Acked-by: Olof Johansson Signed-off-by: Greg Kroah-Hartman Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/android/binder.c b/drivers/android/binder.c index a39e85f9efa9..7d00b7a015ea 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2074,7 +2074,7 @@ static int binder_thread_write(struct binder_proc *proc, if (get_user(cookie, (binder_uintptr_t __user *)ptr)) return -EFAULT; - ptr += sizeof(void *); + ptr += sizeof(cookie); list_for_each_entry(w, &proc->delivered_death, entry) { struct binder_ref_death *tmp_death = container_of(w, struct binder_ref_death, work);