binder: Validate the default binderfs device names.

Length of a binderfs device name cannot exceed BINDERFS_MAX_NAME.
This patch adds a check in binderfs_init() to ensure the same
for the default binder devices that will be created in every
binderfs instance.

Co-developed-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Hridya Valsaraju <hridya@google.com>
Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Link: https://lore.kernel.org/r/20190808222727.132744-3-hridya@google.com
Link: https://lore.kernel.org/r/20190904110704.8606-3-christian.brauner@ubuntu.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
index e773f45..d8307cc 100644 (file)
--- a/drivers/android/binderfs.c
+++ b/drivers/android/binderfs.c
@@ -553,6 +553,18 @@ static struct file_system_type binder_fs_type = {
 int __init init_binderfs(void)
 {
        int ret;
+       const char *name;
+       size_t len;
+
+       /* Verify that the default binderfs device names are valid. */
+       name = binder_devices_param;
+       for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) {
+               if (len > BINDERFS_MAX_NAME)
+                       return -E2BIG;
+               name += len;
+               if (*name == ',')
+                       name++;
+       }
 
        /* Allocate new major number for binderfs. */
        ret = alloc_chrdev_region(&binderfs_dev, 0, BINDERFS_MAX_MINOR,