Re: [PATCH v5 5/6] iio: imu: Add support for adis16475

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 27 Apr 2020 20:06:07 +0200
Lars-Peter Clausen <lars@xxxxxxxxxx> wrote:

> On 4/13/20 10:24 AM, Nuno Sá wrote:
> > [...]
> > +static irqreturn_t adis16475_trigger_handler(int irq, void *p)
> > +{
> > [...]
> > +	__be16 data[ADIS16475_MAX_SCAN_DATA], *buffer;
> > [...]
> > +
> > +	iio_push_to_buffers_with_timestamp(indio_dev, data, pf->timestamp);  
> 
> If the timestamp is enabled the IIO core might insert padding between 
> the data channels and the timestamp. If that happens this will disclose 
> kernel stack memory to userspace.
> 
> This needs either a memset(data, 0x00, sizeof(data)) or maybe put data 
> into the state struct and kzalloc it.

Good spot. Could simply do __be16 data[ADI..] = {0}; rather than explicit
memset, but some form of zeroization is needed.

I've fixed up the applied patch with the above approach.

Thanks,

Jonathan

> 
> - Lars
> 





[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Input]     [Linux Kernel]     [Linux SCSI]     [X.org]

  Powered by Linux