commit 170d1a3738908eef6a0dbf378ea77fb4ae8e294d upstream.
The vma start address should be substracted from the buffer's user data address and not the other way around.
Cc: Tiffany Y. Yang ynaffit@google.com Cc: stable stable@kernel.org Fixes: 162c79731448 ("binder: avoid user addresses in debug logs") Signed-off-by: Carlos Llamas cmllamas@google.com Reviewed-by: Tiffany Y. Yang ynaffit@google.com Link: https://lore.kernel.org/r/20250325184902.587138-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org [cmllamas: fix conflicts due to alloc->buffer renaming] Signed-off-by: Carlos Llamas cmllamas@google.com --- drivers/android/binder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index ef353ca13c35..bdf09e8b898d 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -6374,7 +6374,7 @@ static void print_binder_transaction_ilocked(struct seq_file *m, seq_printf(m, " node %d", buffer->target_node->debug_id); seq_printf(m, " size %zd:%zd offset %lx\n", buffer->data_size, buffer->offsets_size, - proc->alloc.buffer - buffer->user_data); + buffer->user_data - proc->alloc.buffer); }
static void print_binder_work_ilocked(struct seq_file *m,