redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
Jonathan Cameron 66b8b8f75e iio:proximity:mb1232: Fix timestamp alignment and prevent data leak. 
commit f60e8bb842 upstream.

One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes).  This is not guaranteed in
this driver which uses a 16 byte s16 array on the stack   As Lars also noted
this anti pattern can involve a leak of data to userspace and that
indeed can happen here.  We close both issues by moving to
a suitable structure in the iio_priv() data with alignment
ensured by use of an explicit c structure.  This data is allocated
with kzalloc so no data can leak appart from previous readings.

In this case the forced alignment of the ts is necessary to ensure
correct padding on x86_32 where the s64 would only be 4 byte aligned.

Fixes: 16b0526153 ("mb1232.c: add distance iio sensor with i2c")
Reported-by: Lars-Peter Clausen <lars@metafoo.de>
Cc: Andreas Klinger <ak@it-klinger.de>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: <Stable@vger.kernel.org>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-09-17 13:47:50 +02:00
..
accessibility
acpi ACPICA: Do not increment operation_region reference counts for field units 2020-08-19 08:16:05 +02:00
amba
android binder: Prevent context manager from incrementing ref 0 2020-08-11 15:33:35 +02:00
ata libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks 2020-09-09 19:12:34 +02:00
atm firestream: Fix memleak in fs_open 2020-09-17 13:47:45 +02:00
auxdisplay
base device property: Fix the secondary firmware node handling in set_primary_fwnode() 2020-09-03 11:27:05 +02:00
bcma
block nbd: restore default timeout when setting it to zero 2020-09-09 19:12:22 +02:00
bluetooth Bluetooth: hci_serdev: Only unregister device if it was registered 2020-08-19 08:16:16 +02:00
bus bus: ti-sysc: Add missing quirk flags for usb_host_hs 2020-08-19 08:16:00 +02:00
cdrom
char tpm: Unify the mismatching TPM space buffer sizes 2020-08-19 08:16:27 +02:00
clk clk: bcm2835: Do not use prediv with bcm2711's PLLs 2020-08-21 13:05:35 +02:00
clocksource arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040 2020-07-22 09:32:51 +02:00
connector
counter counter: 104-quad-8: Add lock guards - generic interface 2020-05-02 08:48:44 +02:00
cpufreq cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled 2020-09-17 13:47:49 +02:00
cpuidle cpuidle: Fixup IRQ state 2020-09-09 19:12:21 +02:00
crypto crypto: caam - Remove broken arc4 support 2020-08-21 13:05:32 +02:00
dax device-dax: don't leak kernel memory to user space after unloading kmem 2020-05-27 17:46:48 +02:00
dca
devfreq PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent 2020-09-03 11:26:50 +02:00
dio
dma drivers/dma/dma-jz4780: Fix race condition between probe and irq handler 2020-09-17 13:47:46 +02:00
dma-buf dmabuf: use spinlock to access dmabuf->name 2020-07-29 10:18:29 +02:00
edac EDAC/{i7core,sb,pnd2,skx}: Fix error event severity 2020-09-03 11:26:53 +02:00
eisa
extcon extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' 2020-06-24 17:50:36 +02:00
firewire
firmware efi: add missed destroy_workqueue when efisubsys_init fails 2020-08-26 10:41:07 +02:00
fpga fpga: dfl: fix bug in port reset handshake 2020-07-29 10:18:31 +02:00
fsi
gnss gnss: sirf: fix error return code in sirf_probe() 2020-06-22 09:31:20 +02:00
gpio gpio: arizona: put pm_runtime in case of failure 2020-07-29 10:18:26 +02:00
gpu drm/amdgpu: Fix bug in reporting voltage for CIK 2020-09-17 13:47:49 +02:00
greybus
hid HID: elan: Fix memleak in elan_input_configured 2020-09-17 13:47:48 +02:00
hsi
hv Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23) 2020-08-11 15:33:38 +02:00
hwmon hwmon: (applesmc) check status earlier. 2020-09-09 19:12:20 +02:00
hwspinlock
hwtracing coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb() 2020-08-19 08:16:14 +02:00
i2c i2c: rcar: in slave mode, clear NACK earlier 2020-09-03 11:26:55 +02:00
i3c
ide
idle
iio iio:proximity:mb1232: Fix timestamp alignment and prevent data leak. 2020-09-17 13:47:50 +02:00
infiniband IB/isert: Fix unaligned immediate-data handling 2020-09-17 13:47:44 +02:00
input Input: psmouse - add a newline when printing 'proto' by sysfs 2020-08-26 10:40:55 +02:00
interconnect
iommu iommu/amd: Do not use IOMMUv2 functionality when SME is active 2020-09-17 13:47:49 +02:00
ipack ipack: tpci200: fix error return code in tpci200_register() 2020-05-27 17:46:47 +02:00
irqchip irqchip/stm32-exti: Avoid losing interrupts due to clearing pending bits by mistake 2020-09-03 11:27:06 +02:00
isdn
leds leds: core: Flush scheduled work for system suspend 2020-08-19 08:16:11 +02:00
lightnvm
macintosh macintosh/via-macii: Access autopoll_devs when inside lock 2020-08-19 08:16:15 +02:00
mailbox mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() 2020-06-24 17:50:36 +02:00
mcb
md dm thin metadata: Fix use-after-free in dm_bm_set_read_only 2020-09-09 19:12:36 +02:00
media media: rc: uevent sysfs file races with rc_unregister_device() 2020-09-09 19:12:34 +02:00
memory
memstick
message scsi: mptscsih: Fix read sense data size 2020-07-16 08:16:36 +02:00
mfd mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs 2020-09-03 11:26:43 +02:00
misc habanalabs: check correct vmalloc return code 2020-09-09 19:12:21 +02:00
mmc mmc: sdhci-msm: Add retries when all tuning phases are found valid 2020-09-17 13:47:44 +02:00
mtd mtd: rawnand: fsl_upm: Remove unused mtd var 2020-08-21 13:05:30 +02:00
mux
net drivers/net/wan/hdlc_cisco: Add hard_header_len 2020-09-17 13:47:48 +02:00
nfc NFC: st95hf: Fix memleak in st95hf_in_send_cmd 2020-09-17 13:47:45 +02:00
ntb NTB: perf: Fix race condition when run with ntb_test 2020-06-24 17:50:41 +02:00
nubus
nvdimm libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr 2020-08-21 13:05:35 +02:00
nvme nvme-pci: cancel nvme device request before disabling 2020-09-17 13:47:48 +02:00
nvmem nvmem: qfprom: remove incorrect write support 2020-06-10 20:24:57 +02:00
of of: of_mdio: Correct loop scanning logic 2020-07-22 09:32:55 +02:00
opp opp: Enable resources again if they were disabled earlier 2020-08-26 10:40:53 +02:00
oprofile
parisc parisc: mask out enable and reserved bits from sba imask 2020-08-19 08:16:26 +02:00
parport
pci PCI: qcom: Add missing reset for ipq806x 2020-09-03 11:26:53 +02:00
pcmcia
perf drivers/perf: Prevent forced unbinding of PMU drivers 2020-07-29 10:18:40 +02:00
phy phy: armada-38x: fix NETA lockup when repeatedly switching speeds 2020-08-19 08:16:14 +02:00
pinctrl pinctrl: ingenic: Properly detect GPIO direction when configured for IRQ 2020-08-21 13:05:29 +02:00
platform platform/chrome: cros_ec_ishtp: Fix a double-unlock issue 2020-08-21 13:05:30 +02:00
pnp
power power: supply: check if calc_soc succeeded in pm860x_init_battery 2020-08-19 08:16:16 +02:00
powercap
pps
ps3
ptp
pwm pwm: bcm-iproc: handle clk_get_rate() return 2020-08-21 13:05:34 +02:00
rapidio rapidio: fix an error in get_user_pages_fast() error handling 2020-05-27 17:46:48 +02:00
ras
regulator regulator: remove superfluous lock in regulator_resolve_coupling() 2020-09-17 13:47:41 +02:00
remoteproc remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load 2020-08-21 13:05:29 +02:00
reset
rpmsg
rtc rtc: goldfish: Enable interrupt in set_alarm() when necessary 2020-08-26 10:40:54 +02:00
s390 s390/cio: add cond_resched() in the slow_eval_known_fn() loop 2020-09-03 11:26:59 +02:00
sbus
scsi scsi: mpt3sas: Don't call disable_irq from IRQ poll handler 2020-09-17 13:47:43 +02:00
sfi
sh
siox
slimbus slimbus: core: Fix mismatch in of_node_get/put 2020-07-22 09:33:08 +02:00
soc soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag 2020-08-19 08:15:59 +02:00
soundwire soundwire: fix double free of dangling pointer 2020-09-17 13:47:43 +02:00
spi spi: stm32: fix pm_runtime_get_sync() error checking 2020-09-17 13:47:44 +02:00
spmi
ssb
staging media: cedrus: Add missing v4l2_ctrl_request_hdl_put() 2020-09-09 19:12:26 +02:00
target scsi: target: tcmu: Optimize use of flush_dcache_page 2020-09-05 11:22:51 +02:00
tc
tee
thermal thermal: qcom-spmi-temp-alarm: Don't suppress negative temp 2020-09-09 19:12:29 +02:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-28 17:22:13 +01:00
tty tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup 2020-09-09 19:12:20 +02:00
uio uio_pdrv_genirq: fix use without device tree and no interrupt 2020-07-22 09:33:13 +02:00
usb usb: dwc3: gadget: Handle ZLP for sg requests 2020-09-03 11:27:09 +02:00
vfio vfio/pci: Fix SR-IOV VF handling with MMIO blocking 2020-09-09 19:12:36 +02:00
vhost vhost/scsi: fix up req type endian-ness 2020-08-05 09:59:42 +02:00
video fbmem: pull fbcon_update_vcs() out of fb_set_var() 2020-09-03 11:27:09 +02:00
virt virt: vbox: Fix guest capabilities mask check 2020-07-22 09:33:11 +02:00
virtio virtio_ring: Avoid loop when vq is broken in virtqueue_poll 2020-08-26 10:40:57 +02:00
visorbus
vlynq
vme
w1 w1: omap-hdq: cleanup to add missing newline for some dev_dbg 2020-06-22 09:31:26 +02:00
watchdog watchdog: initialize device before misc_register 2020-08-21 13:05:36 +02:00
xen xen/xenbus: Fix granting of vmalloc'd memory 2020-09-09 19:12:22 +02:00
zorro
Kconfig
Makefile