diff options
| author | Jonathan Cameron <Jonathan.Cameron@huawei.com> | 2020-07-22 16:50:39 +0100 |
|---|---|---|
| committer | Jonathan Cameron <Jonathan.Cameron@huawei.com> | 2020-08-22 11:38:51 +0100 |
| commit | a6f86f724394de3629da63fe5e1b7a4ab3396efe (patch) | |
| tree | 682b9f5b3f8eb3acadf6440ad1c5379f44840c49 /mm/mprotect.c | |
| parent | 89226a296d816727405d3fea684ef69e7d388bd8 (diff) | |
| download | linux-a6f86f724394de3629da63fe5e1b7a4ab3396efe.tar.bz2 | |
iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver which uses a 16 byte array of smaller elements on the stack.
As Lars also noted this anti pattern can involve a leak of data to
userspace and that indeed can happen here. We close both issues by moving
to a suitable structure in the iio_priv() data with alignment
ensured by use of an explicit c structure. This data is allocated
with kzalloc so no data can leak appart from previous readings.
Fixes tag is beyond some major refactoring so likely manual backporting
would be needed to get that far back.
Whilst the force alignment of the ts is not strictly necessary, it
does make the code less fragile.
Fixes: 3bbec9773389 ("iio: bmc150_accel: add support for hardware fifo")
Reported-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: <Stable@vger.kernel.org>
Diffstat (limited to 'mm/mprotect.c')
0 files changed, 0 insertions, 0 deletions