github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
8660424807
linux/drivers
History
Jonathan Cameron 8660424807 iio:light:st_uvis25: Fix timestamp alignment and prevent data leak. 
commit d837a996f5 upstream.

One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp() assumes the buffer used is aligned
to the size of the timestamp (8 bytes).  This is not guaranteed in
this driver which uses an array of smaller elements on the stack.
As Lars also noted this anti pattern can involve a leak of data to
userspace and that indeed can happen here.  We close both issues by
moving to a suitable structure in the iio_priv()

This data is allocated with kzalloc() so no data can leak apart
from previous readings.

A local unsigned int variable is used for the regmap call so it
is clear there is no potential issue with writing into the padding
of the structure.

Fixes: 3025c8688c ("iio: light: add support for UVIS25 sensor")
Reported-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
Acked-by: Lorenzo Bianconi <lorenzo@kernel.org>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200920112742.170751-3-jic23@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:26:15 +01:00
..
accessibility
acpi ACPI: PNP: compare the string length in the matching_id() 2020-12-30 11:26:08 +01:00
amba
android binder: fix UAF when releasing todo list 2020-10-29 09:54:56 +01:00
ata ata: sata_nv: Fix retrieving of active qcs 2020-11-05 11:08:38 +01:00
atm atm: nicstar: Unmap DMA on send error 2020-11-24 13:27:15 +01:00
auxdisplay
base PM: runtime: Resume the device earlier in __device_release_driver() 2020-11-10 12:36:01 +01:00
bcma bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA 2020-01-27 14:51:09 +01:00
block nbd: fix a block_device refcount leak in nbd_release 2020-11-18 19:18:47 +01:00
bluetooth Bluetooth: hci_h5: fix memory leak in h5_close 2020-12-30 11:25:52 +01:00
bus bus: fsl-mc: fix error return code in fsl_mc_object_allocate() 2020-12-30 11:26:02 +01:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:13:12 +01:00
char random32: make prandom_u32() output unpredictable 2020-11-18 19:18:52 +01:00
clk clk: sunxi-ng: Make sure divider tables have sentinel 2020-12-30 11:26:06 +01:00
clocksource clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI 2020-12-30 11:26:00 +01:00
connector
cpufreq cpufreq: scpi: Add missing MODULE_ALIAS 2020-12-30 11:26:01 +01:00
cpuidle cpuidle: Fixup IRQ state 2020-09-09 19:04:23 +02:00
crypto crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe 2020-12-30 11:25:55 +01:00
dax
dca
devfreq PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out 2020-10-01 13:14:26 +02:00
dio
dma dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() 2020-12-30 11:25:56 +01:00
dma-buf dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) 2020-10-01 13:14:24 +02:00
edac EDAC/amd64: Fix PCI component registration 2020-12-30 11:26:10 +01:00
eisa
extcon extcon: max77693: Fix modalias string 2020-12-30 11:26:03 +01:00
firewire net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:19:09 +01:00
firmware firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp 2020-10-01 13:14:35 +02:00
fmc
fpga fpga: dfl: fix bug in port reset handshake 2020-07-29 10:16:48 +02:00
fsi fsi: sbefifo: Don't fail operations when in SBE IPL state 2020-01-27 14:51:00 +01:00
gnss gnss: sirf: fix error return code in sirf_probe() 2020-06-22 09:05:28 +02:00
gpio gpio: eic-sprd: break loop when getting NULL device resource 2020-12-30 11:25:45 +01:00
gpu drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() 2020-12-30 11:26:13 +01:00
hid HID: i2c-hid: add Vero K147 to descriptor override 2020-12-30 11:25:48 +01:00
hsi HSI: omap_ssi: Don't jump to free ID in ssi_add_controller() 2020-12-30 11:25:57 +01:00
hv hv_balloon: disable warning when floor reached 2020-11-18 19:18:41 +01:00
hwmon hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} 2020-10-29 09:55:02 +01:00
hwspinlock
hwtracing coresight: tmc-etr: Check if page is valid before dma_map_page() 2020-12-30 11:25:48 +01:00
i2c i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() 2020-12-11 13:25:04 +01:00
ide ide: serverworks: potential overflow in svwks_set_pio_mode() 2020-02-24 08:34:49 +01:00
idle
iio iio:light:st_uvis25: Fix timestamp alignment and prevent data leak. 2020-12-30 11:26:15 +01:00
infiniband RDMA/cxgb4: Validate the number of CQEs 2020-12-30 11:25:56 +01:00
input Input: cyapa_gen6 - fix out-of-bounds stack access 2020-12-30 11:26:07 +01:00
iommu iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs 2020-12-11 13:25:03 +01:00
ipack ipack: tpci200: fix error return code in tpci200_register() 2020-05-27 17:37:43 +02:00
irqchip irqchip/alpine-msi: Fix freeing of interrupts on allocation error path 2020-12-30 11:26:03 +01:00
isdn PCI: add USR vendor id and use it in r8169 and w6692 driver 2020-06-22 09:05:23 +02:00
leds leds: bcm6328, bcm6358: use devres LED registering function 2020-11-05 11:08:46 +01:00
lightnvm lightnvm: pblk: fix lock order in pblk_rb_tear_down_check 2020-01-27 14:50:45 +01:00
macintosh drivers/macintosh: Fix memleak in windfarm_pm112 driver 2020-06-22 09:05:29 +02:00
mailbox mailbox: avoid timer start from callback 2020-10-30 10:38:21 +01:00
mcb
md dm ioctl: fix error return code in target_message 2020-12-30 11:26:00 +01:00
media media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE 2020-12-30 11:26:07 +01:00
memory memory: emif: Remove bogus debugfs error handling 2020-11-05 11:08:45 +01:00
memstick memstick: r592: Fix error return in r592_probe() 2020-12-30 11:26:00 +01:00
message scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() 2020-11-05 11:08:47 +01:00
mfd mfd: sprd: Add wakeup capability for PMIC IRQ 2020-11-18 19:18:46 +01:00
misc mei: protect mei_cl_mtu from null dereference 2020-11-18 19:18:49 +01:00
mmc mmc: block: Fixup condition for CMD13 polling for RPMB requests 2020-12-30 11:25:39 +01:00
mtd mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read 2020-12-30 11:26:15 +01:00
mux
net qlcnic: Fix error code in probe 2020-12-30 11:26:05 +01:00
nfc nfc: s3fwrn5: Release the nfc firmware 2020-12-30 11:26:04 +01:00
ntb NTB: hw: amd: fix an issue about leak system resources 2020-10-30 10:38:25 +01:00
nubus
nvdimm libnvdimm/label: Return -ENXIO for no slot in __blk_label_update 2020-12-30 11:26:05 +01:00
nvme nvme: free sq/cq dbbuf pointers when dbbuf set fails 2020-12-02 08:48:09 +01:00
nvmem nvmem: qfprom: remove incorrect write support 2020-06-10 21:35:00 +02:00
of of/address: Fix of_node memory leak in of_dma_is_coherent 2020-11-18 19:18:48 +01:00
opp OPP: Fix missing debugfs supply directory for OPPs 2020-01-27 14:50:04 +01:00
oprofile
parisc parisc: mask out enable and reserved bits from sba imask 2020-08-19 08:15:07 +02:00
parport parport: load lowlevel driver if ports not found 2019-12-31 16:36:01 +01:00
pci PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() 2020-12-30 11:26:08 +01:00
pcmcia
perf drivers/perf: xgene_pmu: Fix uninitialized resource struct 2020-10-29 09:55:00 +01:00
phy phy: tegra: xusb: Fix dangling pointer on probe failure 2020-12-02 08:48:10 +01:00
pinctrl pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() 2020-12-30 11:26:00 +01:00
platform platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems 2020-12-30 11:26:01 +01:00
pnp
power power: supply: bq24190_charger: fix reference leak 2020-12-30 11:25:57 +01:00
powercap powercap: restrict energy meter to root access 2020-11-10 21:11:27 +01:00
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:26:04 +01:00
ptp ptp: free ptp device pin descriptors properly 2020-01-23 08:21:35 +01:00
pwm pwm: lp3943: Dynamically allocate PWM chip base 2020-12-30 11:26:05 +01:00
rapidio rapidio: fix the missed put_device() for rio_mport_add_riodev 2020-10-30 10:38:21 +01:00
ras
regulator regulator: workaround self-referent regulators 2020-11-24 13:27:25 +01:00
remoteproc remoteproc: qcom: q6v5: Update running state before requesting stop 2020-08-21 11:05:34 +02:00
reset reset: uniphier: Add SCSSI reset control for each channel 2020-02-24 08:34:44 +01:00
rpmsg rpmsg: glink: Use complete_all for open states 2020-11-05 11:08:43 +01:00
rtc rtc: rx8010: don't modify the global rtc ops 2020-11-05 11:08:54 +01:00
s390 s390/dasd: fix list corruption of lcu list 2020-12-30 11:26:10 +01:00
sbus
scsi scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() 2020-12-30 11:26:15 +01:00
sfi
sh
siox
slimbus slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI 2020-12-30 11:25:57 +01:00
sn
soc soc: qcom: smp2p: Safely acquire spinlock without IRQs 2020-12-30 11:26:14 +01:00
soundwire soundwire: intel: fix PDI/stream mapping for Bulk 2019-12-31 16:35:55 +01:00
spi spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path 2020-12-30 11:26:14 +01:00
spmi
ssb
staging spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe 2020-12-30 11:26:14 +01:00
target scsi: target: iscsi: Fix cmd abort fabric stop race 2020-12-02 08:48:10 +01:00
tc
tee optee: add writeback to valid memory type 2020-12-02 08:48:12 +01:00
thermal thermal: rcar_thermal: Handle probe error gracefully 2020-10-01 13:14:39 +02:00
thunderbolt thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() 2020-11-18 19:18:49 +01:00
tty serial_core: Check for port state when tty is in error state 2020-12-30 11:25:48 +01:00
uio uio: Fix use-after-free in uio_unregister_device() 2020-11-18 19:18:49 +01:00
usb USB: serial: keyspan_pda: fix write unthrottling 2020-12-30 11:26:11 +01:00
uwb
vfio vfio-pci: Use io_remap_pfn_range() for PCI IO memory 2020-12-30 11:25:59 +01:00
vhost vringh: fix __vringh_iov() when riov and wiov are different 2020-11-05 11:08:53 +01:00
video video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() 2020-12-30 11:25:54 +01:00
virt drivers/virt/fsl_hypervisor: Fix error handling path 2020-10-29 09:55:09 +01:00
virtio virtio_ring: Avoid loop when vq is broken in virtqueue_poll 2020-08-26 10:31:01 +02:00
visorbus visorbus: fix uninitialized variable access 2020-02-24 08:34:47 +01:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-24 08:34:47 +01:00
w1 w1: mxc_w1: Fix timeout resolution problem leading to bus error 2020-11-05 11:08:47 +01:00
watchdog watchdog: coh901327: add COMMON_CLK dependency 2020-12-30 11:26:05 +01:00
xen xen/events: block rogue events for some time 2020-11-05 11:08:37 +01:00
zorro
Kconfig
Makefile