linux_dsm_epyc7002/drivers/iio
Jonathan Cameron c1f4549a73 iio:adc:ti-ads124s08: Fix alignment and data leak issues.
commit 1e405bc2512f80a903ddd6ba8740cee885238d7f upstream.

One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp() assumes the buffer used is aligned
to the size of the timestamp (8 bytes).  This is not guaranteed in
this driver which uses an array of smaller elements on the stack.
As Lars also noted this anti pattern can involve a leak of data to
userspace and that indeed can happen here.  We close both issues by
moving to a suitable structure in the iio_priv() data with alignment
explicitly requested.  This data is allocated with kzalloc() so no
data can leak apart from previous readings.

In this driver the timestamp can end up in various different locations
depending on what other channels are enabled.  As a result, we don't
use a structure to specify it's position as that would be misleading.

Fixes: e717f8c6df ("iio: adc: Add the TI ads124s08 ADC code")
Reported-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
Cc: Dan Murphy <dmurphy@ti.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200920112742.170751-9-jic23@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:54:25 +01:00
..
accel iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode 2020-11-14 17:33:47 +00:00
adc iio:adc:ti-ads124s08: Fix alignment and data leak issues. 2020-12-30 11:54:25 +01:00
afe iio: afe: iio-rescale: Simplify with dev_err_probe() 2020-09-03 19:40:50 +01:00
amplifiers iio: amplifiers: hmc425a: Simplify with dev_err_probe() 2020-09-03 19:40:50 +01:00
buffer iio: buffer: Kconfig: add title for IIO_TRIGGERED_BUFFER symbol 2020-09-29 17:27:08 +01:00
chemical Second set of features and cleanups for IIO in 5.10 2020-09-22 09:45:11 +02:00
common iio: cros_ec: Use default frequencies when EC returns invalid information 2020-11-01 15:22:45 +00:00
dac Second set of features and cleanups for IIO in 5.10 2020-09-22 09:45:11 +02:00
dummy iio: dummy: iio_dummy_evgen: Demote file header and supply description for 'irq_sim_domain' 2020-09-21 18:41:36 +01:00
frequency iio: frequency: adf4350: Replace indio_dev->mlock with own device lock 2020-09-16 18:58:01 +01:00
gyro iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. 2020-09-21 20:01:50 +01:00
health Second set of features and cleanups for IIO in 5.10 2020-09-22 09:45:11 +02:00
humidity iio:humidity:si7020: Drop of_match_ptr protection 2020-09-21 18:41:34 +01:00
imu iio:imu:bmi160: Fix alignment and data leak issues 2020-12-30 11:54:25 +01:00
light iio:light:st_uvis25: Fix timestamp alignment and prevent data leak. 2020-12-30 11:54:24 +01:00
magnetometer iio:magnetometer:mag3110: Fix alignment and data leak issues. 2020-12-30 11:54:24 +01:00
multiplexer iio: multiplexer: iio-mux: Simplify with dev_err_probe() 2020-09-03 19:40:51 +01:00
orientation iio: remove left-over parent assignments 2020-06-14 11:50:04 +01:00
position iio: remove explicit IIO device parent assignment 2020-06-14 11:49:59 +01:00
potentiometer iio:potentiometer:mcp4531: Drop of_match_ptr and CONFIG_OF protections. 2020-09-21 18:41:27 +01:00
potentiostat iio:potentiostat:lmp91000: Drop of_match_ptr and use generic fw accessors 2020-09-21 18:41:29 +01:00
pressure iio:pressure:mpl3115: Force alignment of buffer 2020-12-30 11:54:24 +01:00
proximity Second set of features and cleanups for IIO in 5.10 2020-09-22 09:45:11 +02:00
resolver iio:resolver:ad2s1200: Drop of_match_ptr protection 2020-09-21 18:41:31 +01:00
temperature iio: ltc2983: Fix of_node refcounting 2020-09-29 17:34:18 +01:00
trigger iio: hrtimer-trigger: Mark hrtimer to expire in hard interrupt context 2020-12-30 11:53:33 +01:00
iio_core_trigger.h iio: trigger: make stub functions static inline 2020-08-22 10:53:18 +01:00
iio_core.h iio: buffer: rename 'read_first_n' callback to 'read' 2019-12-29 15:20:09 +00:00
industrialio-buffer.c iio: buffer: Fix demux update 2020-12-30 11:54:24 +01:00
industrialio-configfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
industrialio-core.c Second set of features and cleanups for IIO in 5.10 2020-09-22 09:45:11 +02:00
industrialio-event.c iio: event: NULL-ify IIO device's event_interface ref during unregister 2020-09-29 17:27:05 +01:00
industrialio-sw-device.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
industrialio-sw-trigger.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
industrialio-trigger.c iio: Add __printf() attributes to various allocation functions 2020-09-21 18:54:18 +01:00
industrialio-triggered-event.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
inkern.c iio: inkern: drop devm_iio_channel_release{_all} API calls 2020-04-19 16:56:37 +01:00
Kconfig iio: Kconfig: Provide title for IIO_TRIGGERED_EVENT symbol 2020-09-29 17:27:08 +01:00
Makefile iio: position: Add support for Azoteq IQS624/625 angle sensors 2020-03-27 08:25:59 +00:00
TODO iio: add a TODO 2020-03-08 17:28:53 +00:00