android: binder: use copy_from_user_preempt_disabled
To keep the driver consistent, and until we have fine-grained locking in place. Change-Id: Idda7ae8df889b5fae5e96bf343ab17782b4c46b1 Signed-off-by: Martijn Coenen <maco@android.com>
This commit is contained in:
parent
86d127873a
commit
1f061b6803
|
@ -2187,9 +2187,10 @@ static void binder_transaction(struct binder_proc *proc,
|
|||
return_error = BR_FAILED_REPLY;
|
||||
goto err_bad_offset;
|
||||
}
|
||||
if (copy_from_user(sg_bufp,
|
||||
(const void __user *)(uintptr_t)
|
||||
bp->buffer, bp->length)) {
|
||||
if (copy_from_user_preempt_disabled(
|
||||
sg_bufp,
|
||||
(const void __user *)(uintptr_t)
|
||||
bp->buffer, bp->length)) {
|
||||
binder_user_error("%d:%d got transaction with invalid offsets ptr\n",
|
||||
proc->pid, thread->pid);
|
||||
return_error = BR_FAILED_REPLY;
|
||||
|
@ -2478,7 +2479,8 @@ int binder_thread_write(struct binder_proc *proc,
|
|||
case BC_REPLY_SG: {
|
||||
struct binder_transaction_data_sg tr;
|
||||
|
||||
if (copy_from_user(&tr, ptr, sizeof(tr)))
|
||||
if (copy_from_user_preempt_disabled(&tr, ptr,
|
||||
sizeof(tr)))
|
||||
return -EFAULT;
|
||||
ptr += sizeof(tr);
|
||||
binder_transaction(proc, thread, &tr.transaction_data,
|
||||
|
|
Loading…
Reference in New Issue