From patchwork Tue Dec 3 23:55:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Javier Carrasco X-Patchwork-Id: 13893094 Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7186920A5F5; Tue, 3 Dec 2024 23:55:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733270152; cv=none; b=NXcOBasmgaJPVGU+lcAWwH/BUsM0hAmE42islSrOno+d9vjBmgvMBQ1Ben3VjxzSeZ7eyfL2crVvlyUIeYTVHxlKMKpD67Iz/4l20db9GEHcZP0s07TKBjd2uKxk572UIngljjA7hP+Hv966DJ5rJIALr98BGFM9G92t1W12yBQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733270152; c=relaxed/simple; bh=cyBeaQMPDUmjguYiw+l5uyptd3ou1PYxJOynjAFQjc8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XohSoxGt2vrRIZX2RQDq5jOqD9EdilCsO+cmtvVWaAaZnmnXuMWlFGCwFdPPbjLh1ZHgQKTvM7sZCuQRRXoSYm9YjLh+NOQlO1GMosWNaVMxWqd994a9wuo8RulpGvVVmHls2Rxq+/uq6YKLTX/MGvlaXtPbYUPsTikdGYVQ798= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=jARTwjEf; arc=none smtp.client-ip=209.85.128.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jARTwjEf" Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-434a8b94fb5so1896405e9.0; Tue, 03 Dec 2024 15:55:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733270149; x=1733874949; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=ADRD2BHODBZiky8Gh1dqilnT9fbY5WGuqoJtO3/r8Kc=; b=jARTwjEfVEjS6G+7BAXwrJeUpxY+rVzNo+vm2QL9Hd7OmGNZamVdcZmJhEjlwSgmgA PqIjic/Oe3O+Uls48qiY3zYMvfoTT4cT/dF6khHJEd+mQ13h7vZWH0xIg76SSgWVzEYE mtgzdFIeIxPp4FnEcLa9aKtK4kP8R7s+BTJBcQJZGvKGMvpiUXWFAdxBDDQJLjuwOOMO uIEQSI0lFQfcBBU38MVreSMJwWeNIfwSvQ87cgwTSRj7OQGqgiiDC4oUEryoO1TXWO9A 6qXZCbaNeGUZYzROp70qzGHX7gOxLHyWmTCrcgGbbjlOZNorb/Y8lmS4kueKpDjEAQ7Y n/HQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733270149; x=1733874949; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ADRD2BHODBZiky8Gh1dqilnT9fbY5WGuqoJtO3/r8Kc=; b=oJYBuPDEJGZIEfNLeTq0GdqaROWpwP9z1L5LOq7LmfVSIRp0Ww8aikdpDg8C/vSLBr tJyWhHeKEFKGisiPiojLwt4C9EN03biWciFUjmqD4/3mz7fdd8jr3sy/5CgiE82mfjMa Qjnqw3V7BFuNfQZIfo+jaPQkjrm+aje680wjC/KkubNrJo9g95cvOrhFH0x5UNd3uqxj Mb3a3Cm2HStaXxPickcOFcgXq5If3Dh0c/+Xu03wpZRFkl0++UPyKCGZgMe/5mLLC6tl B7D3godIwkzplHqwsPBW8bIeQb41Lk0qX0qhXZyC36572T15E1T3M/OmnOVmT3LzgSQ5 8dPw== X-Forwarded-Encrypted: i=1; AJvYcCUfBoXsnoRFAdlAP9SPUPo38LmD1rSFzrQf9muxac1vdpcE5wT/79IdzgnNCisTPuU81nSMR6teyNQ=@vger.kernel.org, AJvYcCVfBigFv/bR8UmBog/CJHZTqxzBTmwE3Wa8ejM+da6jAHLrJi9lXUUTpnN1NXYmMZLZia0Zj1zZ@vger.kernel.org, AJvYcCWoDAJ1ipU3FuVP+puN0LxaUmUXDSTKw4RKqn/GdIvogB7YKgHim5MGZrC0efziyUTDfm2+SEc/m8zDHNGt@vger.kernel.org X-Gm-Message-State: AOJu0YyMmTMrv5PqNNxcXRu2f06gCEfslQUsTMLcszVN3WBVDZOIOEW3 rP3r4lhycXhxFOhgp26MABstLcYcS3Lo6jEXZmlj8Ij2Z+Ov3GK7K0DO7A== X-Gm-Gg: ASbGncv5XPHkiqvwn/QwSr/iKIx3usU06YdDxoAxY91akbu0K82XGFIPBP4NtZalgDy yoEZjh+7avWmY9bO/LtgcYDtdPRF69S/DxPMso7lPQ3TCLSixn5oTBU9ZW5tFXNGZr9sEyr3Clo U06Ubs9/1IOZdv2kg//XA3dGj4jOBX25o4Jmhr1pouvGg4pQ5WtSpll+KyZSLGzWIdhP3MTdnam o3Bw2maslegouzONGdTr/4A1HH8PzVqNiqnKzYB/bh5ZsUVxR4x31uKOdENLOf1mdoIdli7wKt2 n8cj5mu13wAD0SwZU8/+6318vtq6lP0wNNTUxxQQtnitkSswN06og8CLDh/eHw8piGjq7fz2 X-Google-Smtp-Source: AGHT+IFU39qknHn01rcDVQAYlVtkPZT77XX0Jfij9OIsdSSF3rWVtaAzVi5nCJCpMx4tWYoIJwiJEg== X-Received: by 2002:a05:600c:6c8a:b0:434:8e8a:d4ec with SMTP id 5b1f17b1804b1-434afc3b6e1mr228606085e9.13.1733270148440; Tue, 03 Dec 2024 15:55:48 -0800 (PST) Received: from [127.0.1.1] (2a02-8389-41cf-e200-5e3a-77ab-7b2b-a993.cable.dynamic.v6.surfer.at. [2a02:8389:41cf:e200:5e3a:77ab:7b2b:a993]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-434d527e287sm3871025e9.12.2024.12.03.15.55.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 15:55:48 -0800 (PST) From: Javier Carrasco Date: Wed, 04 Dec 2024 00:55:31 +0100 Subject: [PATCH v2 1/2] iio: temperature: tmp006: fix information leak in triggered buffer Precedence: bulk X-Mailing-List: linux-iio@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241204-iio_memset_scan_holes-v2-1-3f941592a76d@gmail.com> References: <20241204-iio_memset_scan_holes-v2-0-3f941592a76d@gmail.com> In-Reply-To: <20241204-iio_memset_scan_holes-v2-0-3f941592a76d@gmail.com> To: Jonathan Cameron , Lars-Peter Clausen , Antoni Pokusinski , Francesco Dolcini , =?utf-8?q?Jo=C3=A3o_Paulo_Gon?= =?utf-8?q?=C3=A7alves?= , Christian Eggers Cc: Jonathan Cameron , linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org, =?utf-8?q?Jo?= =?utf-8?q?=C3=A3o_Paulo_Gon=C3=A7alves?= , Francesco Dolcini , Javier Carrasco , stable@vger.kernel.org X-Mailer: b4 0.14-dev X-Developer-Signature: v=1; a=ed25519-sha256; t=1733270145; l=1016; i=javier.carrasco.cruz@gmail.com; s=20240312; h=from:subject:message-id; bh=cyBeaQMPDUmjguYiw+l5uyptd3ou1PYxJOynjAFQjc8=; b=GBhemKYOcWyRnKqstLEI96tDGi0Fushqy/PxeqkgN+El+4LbqkMb8Ss6ObyHLfh7MoV2Nb7ZU WU+5PmQOnIXDZN3FhEiKGLhFQKdb/oyETby3CmyNEr8FE9lpj3dNLlK X-Developer-Key: i=javier.carrasco.cruz@gmail.com; a=ed25519; pk=lzSIvIzMz0JhJrzLXI0HAdPwsNPSSmEn6RbS+PTS9aQ= The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the two 16-bit data channels and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. Cc: stable@vger.kernel.org Fixes: 91f75ccf9f03 ("iio: temperature: tmp006: add triggered buffer support") Signed-off-by: Javier Carrasco --- drivers/iio/temperature/tmp006.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/temperature/tmp006.c b/drivers/iio/temperature/tmp006.c index 0c844137d7aa..02b27f471baa 100644 --- a/drivers/iio/temperature/tmp006.c +++ b/drivers/iio/temperature/tmp006.c @@ -252,6 +252,8 @@ static irqreturn_t tmp006_trigger_handler(int irq, void *p) } scan; s32 ret; + memset(&scan, 0, sizeof(scan)); + ret = i2c_smbus_read_word_data(data->client, TMP006_VOBJECT); if (ret < 0) goto err; From patchwork Tue Dec 3 23:55:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Javier Carrasco X-Patchwork-Id: 13893095 Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFAC720B7ED; Tue, 3 Dec 2024 23:55:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733270154; cv=none; b=Se1hzcw3ddZ9+ZclNjp0Mv+heizMNIm22/KBGCn+MI8sr4uCJ4+h7vMEuP3rqZBVJC+F66lWY1K7DypSMRhIE8Fwr4nNF056YoSNXt6ZgVYFlaIBvsaaKZBQmTptAvvbYYB8UV52xWVBgXAsgpbA3TaUGbyB9uyWGAox66GV1uw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733270154; c=relaxed/simple; bh=ZJy+O9wAN5psXY5U1XwM4rfLbaZm+Ldb/OiSmxBOm5Q=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=l1hwkLX5nPF8GjdXxf1yR6KowcWJIOIsJPzq3rzS21EQKPuFNWuhNIb/i81kHXJDYYu7yb7HRl4M6iX4uQEluWtUA3uUvyA0kALWQTLgCg5vHnDY3VP/CTVgI1PisWqfPYjdNAOqUWgbFCIR3GTmsWdIkNjf2RikPAk+98F9KV8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MAJ2wTuX; arc=none smtp.client-ip=209.85.128.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MAJ2wTuX" Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-434a8640763so51453245e9.1; Tue, 03 Dec 2024 15:55:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733270151; x=1733874951; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=M4mvtSDDIU4b4TfX3DZsirgFj9Aga5ZvWdRIoTLMLpA=; b=MAJ2wTuX9Bw4ZCUOT08S9CfjFvI7jy0y6TORDj/JeCosfZdzeYPhC1n4a1JN+W9rhg GejE7D4/408c62DaBopqEjOnLy2C5F04RH8b+0zL3v1nUB+Zpa8RtzG7W0vlfM4UgTCs C+x/6X23rB2RH1wLkxlK1QC1CJlkC5AScpodb7/v5/5B0JaDk9n92eoNh8RInbBP+ynF 5M8RdB3wkQVgev2kF5RIxU0kJHW6s2ZgyA8PKCbdp5/+d5ndiD1sRCU2//RVfDYP2wyW 0+4dfyLN6UNLFN+nluL+mbjEyc65ImSJx4WF3c9GWjFabV8gls5Ak/H+Uc323XgnYH7H mggg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733270151; x=1733874951; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=M4mvtSDDIU4b4TfX3DZsirgFj9Aga5ZvWdRIoTLMLpA=; b=osAw37iFHhHEDuGNMxek5cUnX8n0MrJwXtmsQ7UcspNw9HAPlZ0JzzznbJGHVtKQm9 UFargjDq5gn41Qjj4c5sxpfrfjDj/UZZIbADXEdEwb/3PQAloT8aimhCZK0rjIZiIUhd wVrGpkWKnZhVV8eZJuvBDx3z+QkuZhq0KlHAXBjiiYCuztpjcn4xRRGMvYixkOeKjOqM vtGMvXyNI9kOg0U4ZV4nyqvt+lZGirGFvRO6KTFETqyrOiOGC5t8U54qrq9RT9giJ8s2 mMeq5SkRPNieangNV4NeAc74M7RT7H92kUgb9xuAgnfILCOL+wt6T8tljAaOX7mN0LgZ eg9g== X-Forwarded-Encrypted: i=1; AJvYcCUgjnjC7EGTO8CNP6cPANtfEwxCZAq/6DNCpRzHMhSlx4lLiF+s1p/m7ljUtAmAPp3zwQVMZWVMG/QEACSg@vger.kernel.org, AJvYcCVwulWuslu1zfu3GjZTcP0Kud+i7koQ4NeUwCZvatPWX+hfaPywDv0Gvs+Qr2OpgyMMJmtU3DtH@vger.kernel.org, AJvYcCW8nbOTU9PQ0Sok+jLlyI1re/mEYdCiPZZnZZMMBhn0df69laja5xkpZISyn4s1tQ/3XxHUO2fVuxo=@vger.kernel.org X-Gm-Message-State: AOJu0YzorrX5pPzu75ERvbwP/mrKs3cBIOpXG6RZ2oC1f6SCp6byTpOA 01FHAP+65yJed+hmLzjazpyhOWMIPW0VRHczuq22/RWfW8ZOy3oi X-Gm-Gg: ASbGncuCtfbQhUzUTkynjOu1HPrIAiYP7t2TAFzBux7Jwe3XboVNG9ABHKzoplmIjZ2 FiWFjMXKjfqCIyzjms79ZuMcwTx0qRf6tSU6hltBY8nEHVKwvLKEliEgZnyU0RLwH8IVhBkYES0 oBcqNgbsM4Rpa/u0lH6TUyUBX1cd97W9iGI1kMxbwet2MVGbnnrEfjPtQeAL4sBoPgmNgbd8C7n oOIWvlrDtBEOoqqECbQY0Mcnf+xMVUBubJWjXM+I4LKkebfdGxMT4fh77HibYYI4vDGdqTMUP27 x/ndrcmcJZfOrNRY8mKiH9AT+AgkybggMXNCHZpu7Ei9zVQUGox5KSCFM5PFjgbIeMzlKIBP X-Google-Smtp-Source: AGHT+IH1PEiLlez5u7cIOYP8lz3vPaYwfOqcP2PsVBS+elkdoDcUfrfRJh98/H8DHZijEK/fHVThVA== X-Received: by 2002:a05:600c:19c8:b0:431:5d89:646e with SMTP id 5b1f17b1804b1-434d2268fb8mr28531065e9.32.1733270151033; Tue, 03 Dec 2024 15:55:51 -0800 (PST) Received: from [127.0.1.1] (2a02-8389-41cf-e200-5e3a-77ab-7b2b-a993.cable.dynamic.v6.surfer.at. [2a02:8389:41cf:e200:5e3a:77ab:7b2b:a993]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-434d527e287sm3871025e9.12.2024.12.03.15.55.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 15:55:50 -0800 (PST) From: Javier Carrasco Date: Wed, 04 Dec 2024 00:55:32 +0100 Subject: [PATCH v2 2/2] iio: light: as73211: fix channel handling in only-color triggered buffer Precedence: bulk X-Mailing-List: linux-iio@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241204-iio_memset_scan_holes-v2-2-3f941592a76d@gmail.com> References: <20241204-iio_memset_scan_holes-v2-0-3f941592a76d@gmail.com> In-Reply-To: <20241204-iio_memset_scan_holes-v2-0-3f941592a76d@gmail.com> To: Jonathan Cameron , Lars-Peter Clausen , Antoni Pokusinski , Francesco Dolcini , =?utf-8?q?Jo=C3=A3o_Paulo_Gon?= =?utf-8?q?=C3=A7alves?= , Christian Eggers Cc: Jonathan Cameron , linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org, =?utf-8?q?Jo?= =?utf-8?q?=C3=A3o_Paulo_Gon=C3=A7alves?= , Francesco Dolcini , Javier Carrasco , stable@vger.kernel.org X-Mailer: b4 0.14-dev X-Developer-Signature: v=1; a=ed25519-sha256; t=1733270145; l=1997; i=javier.carrasco.cruz@gmail.com; s=20240312; h=from:subject:message-id; bh=ZJy+O9wAN5psXY5U1XwM4rfLbaZm+Ldb/OiSmxBOm5Q=; b=uFVC5j35izd0O5MfAM25DtBA7BXdzdXbkXuLcJnrugXPOUgrTNuZVmd3u6QAMlKiLCbJqnyWp mqIZfQ9qRSXB3rqy22JPT8RcpKTKvrJb6G7lAlO45SboLHuuJLxea9G X-Developer-Key: i=javier.carrasco.cruz@gmail.com; a=ed25519; pk=lzSIvIzMz0JhJrzLXI0HAdPwsNPSSmEn6RbS+PTS9aQ= The channel index is off by one unit if AS73211_SCAN_MASK_ALL is not set (optimized path for color channel readings), and it must be shifted instead of leaving an empty channel for the temperature when it is off. Once the channel index is fixed, the uninitialized channel must be set to zero to avoid pushing uninitialized data. Cc: stable@vger.kernel.org Fixes: 403e5586b52e ("iio: light: as73211: New driver") Signed-off-by: Javier Carrasco Tested-by: Christian Eggers --- drivers/iio/light/as73211.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c index be0068081ebb..2d45dfeda406 100644 --- a/drivers/iio/light/as73211.c +++ b/drivers/iio/light/as73211.c @@ -672,9 +672,12 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p) /* AS73211 starts reading at address 2 */ ret = i2c_master_recv(data->client, - (char *)&scan.chan[1], 3 * sizeof(scan.chan[1])); + (char *)&scan.chan[0], 3 * sizeof(scan.chan[0])); if (ret < 0) goto done; + + /* Avoid pushing uninitialized data */ + scan.chan[3] = 0; } if (data_result) { @@ -682,9 +685,15 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p) * Saturate all channels (in case of overflows). Temperature channel * is not affected by overflows. */ - scan.chan[1] = cpu_to_le16(U16_MAX); - scan.chan[2] = cpu_to_le16(U16_MAX); - scan.chan[3] = cpu_to_le16(U16_MAX); + if (*indio_dev->active_scan_mask == AS73211_SCAN_MASK_ALL) { + scan.chan[1] = cpu_to_le16(U16_MAX); + scan.chan[2] = cpu_to_le16(U16_MAX); + scan.chan[3] = cpu_to_le16(U16_MAX); + } else { + scan.chan[0] = cpu_to_le16(U16_MAX); + scan.chan[1] = cpu_to_le16(U16_MAX); + scan.chan[2] = cpu_to_le16(U16_MAX); + } } iio_push_to_buffers_with_timestamp(indio_dev, &scan, iio_get_time_ns(indio_dev));