• Jonathan Cameron's avatar
    iio:light:max44000 Fix timestamp alignment and prevent data leak. · 52362885
    Jonathan Cameron authored
    One of a class of bugs pointed out by Lars in a recent review.
    iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
    to the size of the timestamp (8 bytes).  This is not guaranteed in
    this driver which uses a 16 byte array of smaller elements on the stack.
    As Lars also noted this anti pattern can involve a leak of data to
    userspace and that indeed can happen here.  We close both issues by
    moving to a suitable structure in the iio_priv().
    This data is allocated with kzalloc so no data can leak appart
    from previous readings.
    
    It is necessary to force the alignment of ts to avoid the padding
    on x86_32 being different from 64 bit platorms (it alows for
    4 bytes aligned 8 byte types.
    
    Fixes: 06ad7ea1 ("max44000: Initial triggered buffer support")
    Reported-by: default avatarLars-Peter Clausen <lars@metafoo.de>
    Signed-off-by: default avatarJonathan Cameron <Jonathan.Cameron@huawei.com>
    Reviewed-by: default avatarAndy Shevchenko <andy.shevchenko@gmail.com>
    Cc: <Stable@vger.kernel.org>
    52362885
max44000.c 16.6 KB