linux/drivers/iio
Jonathan Cameron 0456ecf34d iio:light:si1145: Fix timestamp alignment and prevent data leak.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes).  This is not guaranteed in
this driver which uses a 24 byte array of smaller elements on the stack.
As Lars also noted this anti pattern can involve a leak of data to
userspace and that indeed can happen here.  We close both issues by
moving to a suitable array in the iio_priv() data with alignment
explicitly requested.  This data is allocated with kzalloc so no
data can leak appart from previous readings.

Depending on the enabled channels, the  location of the timestamp
can be at various aligned offsets through the buffer.  As such we
any use of a structure to enforce this alignment would incorrectly
suggest a single location for the timestamp.  Comments adjusted to
express this clearly in the code.

Fixes: ac45e57f15 ("iio: light: Add driver for Silabs si1132, si1141/2/3 and si1145/6/7 ambient light, uv index and proximity sensors")
Reported-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: Peter Meerwald-Stadler <pmeerw@pmeerw.net>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200722155103.979802-9-jic23@kernel.org
2020-09-21 20:01:50 +01:00
..
accel iio:accel:bma180: Fix use of true when should be iio_shared_by enum 2020-09-21 19:59:57 +01:00
adc iio: adc: exynos_adc: Replace indio_dev->mlock with own device lock 2020-09-21 20:01:50 +01:00
afe iio: afe: iio-rescale: Simplify with dev_err_probe() 2020-09-03 19:40:50 +01:00
amplifiers iio: amplifiers: hmc425a: Simplify with dev_err_probe() 2020-09-03 19:40:50 +01:00
buffer iio: buffer-dmaengine: adjust bytes_used with residue info 2020-09-03 19:40:58 +01:00
chemical iio: chemical: sgp30: Add description for sgp_read_cmd()'s 'duration_us' 2020-09-21 18:41:37 +01:00
common iio: common: ms_sensors: ms_sensors_i2c: Fix misspelling of parameter 'client' 2020-07-20 09:02:48 +01:00
dac iio: dac: ad5592r: localize locks only where needed in ad5592r_read_raw() 2020-09-21 18:54:18 +01:00
dummy iio: dummy: iio_dummy_evgen: Demote file header and supply description for 'irq_sim_domain' 2020-09-21 18:41:36 +01:00
frequency iio: frequency: adf4350: Replace indio_dev->mlock with own device lock 2020-09-16 18:58:01 +01:00
gyro iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. 2020-09-21 20:01:50 +01:00
health iio:health:max30102: Drop of_match_ptr and use generic fw accessors 2020-09-21 18:41:35 +01:00
humidity iio:humidity:si7020: Drop of_match_ptr protection 2020-09-21 18:41:34 +01:00
imu iio:imu:st_lsm6dsx: check st_lsm6dsx_shub_read_output return 2020-09-21 20:01:50 +01:00
light iio:light:si1145: Fix timestamp alignment and prevent data leak. 2020-09-21 20:01:50 +01:00
magnetometer iio:magn:hmc5843: Fix passing true where iio_shared_by enum required. 2020-09-21 18:54:18 +01:00
multiplexer iio: multiplexer: iio-mux: Simplify with dev_err_probe() 2020-09-03 19:40:51 +01:00
orientation iio: remove left-over parent assignments 2020-06-14 11:50:04 +01:00
position iio: remove explicit IIO device parent assignment 2020-06-14 11:49:59 +01:00
potentiometer iio:potentiometer:mcp4531: Drop of_match_ptr and CONFIG_OF protections. 2020-09-21 18:41:27 +01:00
potentiostat iio:potentiostat:lmp91000: Drop of_match_ptr and use generic fw accessors 2020-09-21 18:41:29 +01:00
pressure iio:pressure:zpa2326: Drop of_match_ptr protection 2020-09-21 18:41:30 +01:00
proximity iio: proximity: vl53l0x: Add IRQ support 2020-09-21 18:41:35 +01:00
resolver iio:resolver:ad2s1200: Drop of_match_ptr protection 2020-09-21 18:41:31 +01:00
temperature iio:temperature:tmp007: Drop of_match_ptr protection 2020-09-21 18:41:30 +01:00
trigger iio: Remove superfluous of_node assignments 2020-06-14 14:20:08 +01:00
iio_core_trigger.h iio: trigger: make stub functions static inline 2020-08-22 10:53:18 +01:00
iio_core.h iio: buffer: rename 'read_first_n' callback to 'read' 2019-12-29 15:20:09 +00:00
industrialio-buffer.c iio: buffer: split buffer sysfs creation to take buffer as primary arg 2020-09-17 18:56:10 +01:00
industrialio-configfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
industrialio-core.c iio:core: Tidy up kernel-doc. 2020-09-21 18:54:18 +01:00
industrialio-event.c iio: core: move event interface on the opaque struct 2020-07-07 20:24:07 +01:00
industrialio-sw-device.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
industrialio-sw-trigger.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
industrialio-trigger.c iio: Add __printf() attributes to various allocation functions 2020-09-21 18:54:18 +01:00
industrialio-triggered-event.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
inkern.c iio: inkern: drop devm_iio_channel_release{_all} API calls 2020-04-19 16:56:37 +01:00
Kconfig iio: position: Add support for Azoteq IQS624/625 angle sensors 2020-03-27 08:25:59 +00:00
Makefile iio: position: Add support for Azoteq IQS624/625 angle sensors 2020-03-27 08:25:59 +00:00
TODO iio: add a TODO 2020-03-08 17:28:53 +00:00