Commit 5236288
committed
iio:light:max44000 Fix timestamp alignment and prevent data leak.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver which uses a 16 byte array of smaller elements on the stack.
As Lars also noted this anti pattern can involve a leak of data to
userspace and that indeed can happen here. We close both issues by
moving to a suitable structure in the iio_priv().
This data is allocated with kzalloc so no data can leak appart
from previous readings.
It is necessary to force the alignment of ts to avoid the padding
on x86_32 being different from 64 bit platorms (it alows for
4 bytes aligned 8 byte types.
Fixes: 06ad7ea ("max44000: Initial triggered buffer support")
Reported-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: <Stable@vger.kernel.org>1 parent eb1a148 commit 5236288
1 file changed
Lines changed: 8 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
75 | 75 | | |
76 | 76 | | |
77 | 77 | | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
78 | 83 | | |
79 | 84 | | |
80 | 85 | | |
| |||
488 | 493 | | |
489 | 494 | | |
490 | 495 | | |
491 | | - | |
492 | 496 | | |
493 | 497 | | |
494 | 498 | | |
| |||
498 | 502 | | |
499 | 503 | | |
500 | 504 | | |
501 | | - | |
| 505 | + | |
502 | 506 | | |
503 | 507 | | |
504 | 508 | | |
505 | 509 | | |
506 | 510 | | |
507 | | - | |
| 511 | + | |
508 | 512 | | |
509 | 513 | | |
510 | 514 | | |
511 | | - | |
| 515 | + | |
512 | 516 | | |
513 | 517 | | |
514 | 518 | | |
| |||
0 commit comments