2018-01-22 13:21 GMT+01:00 Linus Walleij <linus.walleij@xxxxxxxxxx>: > The GPIO event descriptor was leaking kernel stack to > userspace because we don't zero the variable before > use. Ooops. Fix this. > > Cc: stable@xxxxxxxxxxxxxxx > Cc: Bartosz Golaszewski <brgl@xxxxxxxx> > Cc: Arnd Bergmann <arnd@xxxxxxxx> > Reported-by: Arnd Bergmann <arnd@xxxxxxxx> > Signed-off-by: Linus Walleij <linus.walleij@xxxxxxxxxx> > --- > drivers/gpio/gpiolib.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c > index 37e31ba82ca0..754836e4ca0e 100644 > --- a/drivers/gpio/gpiolib.c > +++ b/drivers/gpio/gpiolib.c > @@ -744,6 +744,9 @@ static irqreturn_t lineevent_irq_thread(int irq, void *p) > struct gpioevent_data ge; > int ret, level; > > + /* Do not leak kernel stack to userspace */ > + memset(&ge, 0, sizeof(ge)); > + > ge.timestamp = ktime_get_real_ns(); > level = gpiod_get_value_cansleep(le->desc); > > -- > 2.14.3 > Reviewed-by: Bartosz Golaszewski <brgl@xxxxxxxx>