ANDROID: binder: add padding to binder_fd_array_object.

BugLink: http://bugs.launchpad.net/bugs/1716284
commit 5cdcf4c6a638591ec0e98c57404a19e7f9997567 upstream.

binder_fd_array_object starts with a 4-byte header,
followed by a few fields that are 8 bytes when
ANDROID_BINDER_IPC_32BIT=N.

This can cause alignment issues in a 64-bit kernel
with a 32-bit userspace, as on x86_32 an 8-byte primitive
may be aligned to a 4-byte address. Pad with a __u32
to fix this.

Signed-off-by: Martijn Coenen <maco@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h
index 51f891fb1b18ad9b14713fe3a4f2a541c9ca5442..7668b5791c91ad0eb9fe05ff6ba5a7a2e19be66a 100644 (file)
--- a/include/uapi/linux/android/binder.h
+++ b/include/uapi/linux/android/binder.h
@@ -132,6 +132,7 @@ enum {
 
 /* struct binder_fd_array_object - object describing an array of fds in a buffer
  * @hdr:               common header structure
+ * @pad:               padding to ensure correct alignment
  * @num_fds:           number of file descriptors in the buffer
  * @parent:            index in offset array to buffer holding the fd array
  * @parent_offset:     start offset of fd array in the buffer
@@ -152,6 +153,7 @@ enum {
  */
 struct binder_fd_array_object {
        struct binder_object_header     hdr;
+       __u32                           pad;
        binder_size_t                   num_fds;
        binder_size_t                   parent;
        binder_size_t                   parent_offset;