| Message ID | 5859403e-905e-4307-9fc5-dcdc93f85cf2@schaufler-ca.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [lsm/dev] Binder: Initialize lsm_context structure | expand |
On Dec 6, 2024 Casey Schaufler <casey@schaufler-ca.com> wrote: > > It is possible to reach the end of binder_transaction() without > having set lsmctx. As the variable value is checked there it needs > to be initialized. > > Suggested-by: Kees Bakker <kees@ijzerbout.nl> > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > --- > drivers/android/binder.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Merged into lsm/dev, thanks. -- paul-moore.com
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 919da8e674f5..a4b98e95ab85 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3017,7 +3017,7 @@ static void binder_transaction(struct binder_proc *proc, struct binder_context *context = proc->context; int t_debug_id = atomic_inc_return(&binder_last_id); ktime_t t_start_time = ktime_get(); - struct lsm_context lsmctx; + struct lsm_context lsmctx = { }; struct list_head sgc_head; struct list_head pf_head; const void __user *user_buffer = (const void __user *)
It is possible to reach the end of binder_transaction() without having set lsmctx. As the variable value is checked there it needs to be initialized. Suggested-by: Kees Bakker <kees@ijzerbout.nl> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- drivers/android/binder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)