summaryrefslogtreecommitdiffstats
path: root/crypto/memneq.c
diff options
context:
space:
mode:
authorJonathan Cameron <Jonathan.Cameron@huawei.com>2020-07-22 16:50:39 +0100
committerJonathan Cameron <Jonathan.Cameron@huawei.com>2020-08-22 11:38:51 +0100
commita6f86f724394de3629da63fe5e1b7a4ab3396efe (patch)
tree682b9f5b3f8eb3acadf6440ad1c5379f44840c49 /crypto/memneq.c
parent89226a296d816727405d3fea684ef69e7d388bd8 (diff)
downloadlinux-a6f86f724394de3629da63fe5e1b7a4ab3396efe.tar.bz2
iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses a 16 byte array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data with alignment ensured by use of an explicit c structure. This data is allocated with kzalloc so no data can leak appart from previous readings. Fixes tag is beyond some major refactoring so likely manual backporting would be needed to get that far back. Whilst the force alignment of the ts is not strictly necessary, it does make the code less fragile. Fixes: 3bbec9773389 ("iio: bmc150_accel: add support for hardware fifo") Reported-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Cc: <Stable@vger.kernel.org>
Diffstat (limited to 'crypto/memneq.c')
0 files changed, 0 insertions, 0 deletions