binder: change error code from postive to negative in binder_transaction

Depending on the context, the error return value
here (extra_buffers_size < added_size) should be
negative.

Acked-by: Martijn Coenen <maco@android.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20201026110314.135481-1-zhangqilong3@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 3241d233a12d8228e289bf81b96a262f574fe2bc..cf70cb91e9f65bc6a3fda386601b539f4fd987e0 100644 (file)
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3103,7 +3103,7 @@ static void binder_transaction(struct binder_proc *proc,
                if (extra_buffers_size < added_size) {
                        /* integer overflow of extra_buffers_size */
                        return_error = BR_FAILED_REPLY;
-                       return_error_param = EINVAL;
+                       return_error_param = -EINVAL;
                        return_error_line = __LINE__;
                        goto err_bad_extra_size;
                }