redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
Jonathan Cameron 7005a4885a iio:health:afe4404 Fix timestamp alignment and prevent data leak. 
[ Upstream commit f88ecccac4 ]

One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes).  This is not guaranteed in
this driver which uses a 40 byte array of smaller elements on the stack.
As Lars also noted this anti pattern can involve a leak of data to
userspace and that indeed can happen here.  We close both issues by
moving to a suitable structure in the iio_priv() data with alignment
explicitly requested.  This data is allocated with kzalloc so no
data can leak appart from previous readings.

Fixes: 87aec56e27 ("iio: health: Add driver for the TI AFE4404 heart monitor")
Reported-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Acked-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2020-07-22 09:33:00 +02:00
..
accessibility
acpi ACPI: video: Use native backlight on Acer TravelMate 5735Z 2020-07-22 09:33:00 +02:00
amba
android binder: fix null deref of proc->context 2020-06-30 15:36:48 -04:00
ata ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function 2020-06-30 15:37:03 -04:00
atm fore200e: Fix incorrect checks of NULL pointer dereference 2020-02-24 08:36:36 +01:00
auxdisplay
base regmap: fix alignment issue 2020-07-16 08:16:32 +02:00
bcma
block nbd: Fix memory leak in nbd_add_socket 2020-07-16 08:16:40 +02:00
bluetooth Bluetooth: hci_bcm: fix freeing not-requested IRQ 2020-06-22 09:31:18 +02:00
bus bus: ti-sysc: Use optional clocks on for enable and wait for softreset bit 2020-07-22 09:33:00 +02:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:18:25 +01:00
char tpm_tis: extra chip->ops check on error path in tpm_tis_core_init 2020-07-22 09:32:53 +02:00
clk clk: sifive: allocate sufficient memory for struct __prci_data 2020-06-30 15:37:01 -04:00
clocksource arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040 2020-07-22 09:32:51 +02:00
connector
counter counter: 104-quad-8: Add lock guards - generic interface 2020-05-02 08:48:44 +02:00
cpufreq cpufreq: Fix up cpufreq_boost_set_sw() 2020-06-17 16:40:33 +02:00
cpuidle cpuidle: Fix three reference count leaks 2020-06-22 09:31:10 +02:00
crypto crypto: atmel - Fix build error of CRYPTO_AUTHENC 2020-07-22 09:32:46 +02:00
dax device-dax: don't leak kernel memory to user space after unloading kmem 2020-05-27 17:46:48 +02:00
dca
devfreq PM / devfreq: Add missing locking while setting suspend_freq 2020-05-10 10:31:34 +02:00
dio
dma dmaengine: owl: Use correct lock in owl_dma_get_pchan() 2020-05-27 17:46:43 +02:00
dma-buf dma-buf: Move dma_buf_release() from fops to dentry_ops 2020-07-09 09:37:56 +02:00
edac EDAC/amd64: Read back the scrub rate PCI register on F15h 2020-07-09 09:37:49 +02:00
eisa
extcon extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' 2020-06-24 17:50:36 +02:00
firewire net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:20:06 +01:00
firmware efi: Make it possible to disable efivar_ssdt entirely 2020-07-09 09:37:57 +02:00
fpga fpga: dfl: afu: Corrected error handling levels 2020-06-24 17:50:29 +02:00
fsi fsi: core: Fix small accesses and unaligned offsets via sysfs 2019-12-31 16:45:09 +01:00
gnss gnss: sirf: fix error return code in sirf_probe() 2020-06-22 09:31:20 +02:00
gpio gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 2020-07-16 08:16:37 +02:00
gpu drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 2020-07-22 09:32:57 +02:00
greybus
hid HID: quirks: Remove ITE 8595 entry from hid_have_special_driver 2020-07-22 09:32:57 +02:00
hsi
hv Drivers: hv: vmbus: Always handle the VMBus messages on CPU0 2020-06-22 09:31:00 +02:00
hwmon hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() 2020-07-09 09:37:53 +02:00
hwspinlock
hwtracing coresight: tmc: Fix TMC mode read in tmc_read_prepare_etb() 2020-06-24 17:50:15 +02:00
i2c i2c: eg20t: Load module automatically if ID matches 2020-07-22 09:32:53 +02:00
i3c
ide ide: serverworks: potential overflow in svwks_set_pio_mode() 2020-02-24 08:36:53 +01:00
idle
iio iio:health:afe4404 Fix timestamp alignment and prevent data leak. 2020-07-22 09:33:00 +02:00
infiniband IB/hfi1: Do not destroy link_wq when the device is shut down 2020-07-16 08:16:42 +02:00
input Input: mms114 - add extra compatible for mms345l 2020-07-22 09:33:00 +02:00
interconnect
iommu iommu/vt-d: Don't apply gfx quirks to untrusted devices 2020-07-16 08:16:35 +02:00
ipack ipack: tpci200: fix error return code in tpci200_register() 2020-05-27 17:46:47 +02:00
irqchip irqchip/gic: Atomically update affinity 2020-07-09 09:37:56 +02:00
isdn
leds leds: core: Fix warning message when init_data 2020-04-23 10:36:37 +02:00
lightnvm
macintosh drivers/macintosh: Fix memleak in windfarm_pm112 driver 2020-06-22 09:31:22 +02:00
mailbox mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() 2020-06-24 17:50:36 +02:00
mcb
md dm writecache: reject asynchronous pmem devices 2020-07-16 08:16:47 +02:00
media media: ov5640: fix use of destroyed mutex 2020-06-22 09:31:19 +02:00
memory memory: mtk-smi: Add PM suspend and resume ops 2020-01-17 19:48:59 +01:00
memstick
message scsi: mptscsih: Fix read sense data size 2020-07-16 08:16:36 +02:00
mfd mfd: stmfx: Disable IRQ in suspend to avoid spurious interrupt 2020-06-24 17:50:33 +02:00
misc misc: xilinx-sdfec: improve get_user_pages_fast() error handling 2020-06-24 17:50:35 +02:00
mmc mmc: sdhci: do not enable card detect interrupt for gpio cd type 2020-07-22 09:32:59 +02:00
mtd mtd: rawnand: tmio: Fix the probe error path 2020-06-22 09:31:26 +02:00
mux
net net: sfp: add some quirks for GPON modules 2020-07-22 09:32:56 +02:00
nfc NFC: st21nfca: add missed kfree_skb() in an error path 2020-06-10 20:24:54 +02:00
ntb NTB: perf: Fix race condition when run with ntb_test 2020-06-24 17:50:41 +02:00
nubus
nvdimm libnvdimm: Out of bounds read in __nd_ioctl() 2020-04-23 10:36:42 +02:00
nvme nvme-rdma: assign completion vector correctly 2020-07-16 08:16:36 +02:00
nvmem nvmem: qfprom: remove incorrect write support 2020-06-10 20:24:57 +02:00
of of: of_mdio: Correct loop scanning logic 2020-07-22 09:32:55 +02:00
opp opp: Free static OPPs on errors while adding them 2020-02-24 08:36:34 +01:00
oprofile
parisc
parport parport: load lowlevel driver if ports not found 2019-12-31 16:45:25 +01:00
pci PCI: amlogic: meson: Don't use FAST_LINK_MODE to set up link 2020-06-24 17:50:31 +02:00
pcmcia
perf drivers/perf: hisi: Fix wrong value for all counters enable 2020-06-24 17:50:41 +02:00
phy drivers: phy: sr-usb: do not use internal fsm for USB2 phy init 2020-06-24 17:50:28 +02:00
pinctrl pinctrl: tegra: Use noirq suspend/resume callbacks 2020-06-30 15:37:04 -04:00
platform platform/x86: asus_wmi: Reserve more space for struct bias_args 2020-06-22 09:31:11 +02:00
pnp
power power: supply: smb347-charger: IRQSTAT_D is volatile 2020-06-24 17:50:25 +02:00
powercap powercap: intel_rapl: add NULL pointer check to rapl_mmio_cpu_online() 2020-01-14 20:08:18 +01:00
pps
ps3
ptp ptp: free ptp device pin descriptors properly 2020-01-23 08:22:51 +01:00
pwm pwm: jz4740: Fix build failure 2020-07-16 08:16:48 +02:00
rapidio rapidio: fix an error in get_user_pages_fast() error handling 2020-05-27 17:46:48 +02:00
ras
regulator regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 2020-06-30 15:36:54 -04:00
remoteproc remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use 2020-06-24 17:50:13 +02:00
reset reset: uniphier: Add SCSSI reset control for each channel 2020-02-24 08:36:41 +01:00
rpmsg rpmsg: char: release allocated memory 2020-01-14 20:08:37 +01:00
rtc rtc: rv3028: Add missed check for devm_regmap_init_i2c() 2020-06-24 17:50:36 +02:00
s390 s390/qeth: fix error handling for isolation mode cmds 2020-06-30 15:36:57 -04:00
sbus
scsi scsi: sr: remove references to BLK_DEV_SR_VENDOR, leave it enabled 2020-07-22 09:32:57 +02:00
sfi
sh
siox
slimbus slimbus: ngd: get drvdata from correct device 2020-06-24 17:50:22 +02:00
soc soc/tegra: pmc: Select GENERIC_PINCONF 2020-06-22 09:31:22 +02:00
soundwire soundwire: slave: don't init debugfs on device registration error 2020-06-24 17:50:23 +02:00
spi spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer 2020-07-22 09:32:55 +02:00
spmi spmi: pmic-arb: Set lockdep class for hierarchical irq domains 2020-02-19 19:53:07 +01:00
ssb
staging Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() 2020-06-30 15:37:11 -04:00
target scsi: target: tcmu: Fix a use after free in tcmu_check_expired_queue_cmd() 2020-06-24 17:50:34 +02:00
tc
tee tee: optee: Fix compilation issue with nommu 2020-02-05 21:22:49 +00:00
thermal thermal/drivers: imx: Fix missing of_node_put() at probe time 2020-07-22 09:32:52 +02:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-28 17:22:13 +01:00
tty Revert "tty: hvc: Fix data abort due to race in hvc_open" 2020-06-30 15:37:13 -04:00
uio uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol() 2020-02-24 08:36:27 +01:00
usb Revert "usb/xhci-plat: Set PM runtime as active on resume" 2020-07-22 09:32:56 +02:00
vfio vfio/mdev: Fix reference count leak in add_mdev_supported_type 2020-06-24 17:50:36 +02:00
vhost scsi: vhost: Notify TCM about the maximum sg entries supported per command 2020-06-24 17:50:17 +02:00
video backlight: lp855x: Ensure regulators are disabled on probe failure 2020-06-24 17:50:09 +02:00
virt
virtio virtio_ring: Fix mem leak with vring_new_virtqueue() 2020-03-18 07:17:55 +01:00
visorbus visorbus: fix uninitialized variable access 2020-02-24 08:36:47 +01:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-24 08:36:48 +01:00
w1 w1: omap-hdq: cleanup to add missing newline for some dev_dbg 2020-06-22 09:31:26 +02:00
watchdog watchdog: da9062: No need to ping manually before setting timeout 2020-06-24 17:50:32 +02:00
xen xen/pvcalls-back: test for errors when calling backend_connect() 2020-06-17 16:40:38 +02:00
zorro
Kconfig
Makefile