From patchwork Mon Jul 20 15:35:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 237287 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2094610ilg; Mon, 20 Jul 2020 08:46:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxUTbypmtSbJVbcf9KKqF+os1t5Sxqxvvzm4Ql6slMDZzkvN9tn7dgliB52KH0U8FdZ63xh X-Received: by 2002:a17:907:42d0:: with SMTP id nz24mr22202884ejb.135.1595259977593; Mon, 20 Jul 2020 08:46:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595259977; cv=none; d=google.com; s=arc-20160816; b=TuMtUzqgSo392ZUnediU6t7fW/+Dr1bnnT/PCm1Fb0vnoE+xmOT5tQtRajk2JkMIsL fdQyhmCPL5mng0v97uIpu+cICmTxL+R/lRm91O7lIgElBbybBwufGtwfmD/hIYnjrtG/ +PRo0GGrLvmcwL2SOpjJVRnUATcRRYLpmx65D12Af/j/mgKP0AOmA9b0PR61jJVU+C73 pz9XxX/F8cW+rF16dezp5w5Of8stsC3KhTXYdLs2J3V59PmbuAkVtSRRv5rIOFpM9rLF LeFoWBBWAXaYkrwh6FcEYKaqZ9UTiT3D3Yvr9vU5UMFSz+QKrsjnZYl28fDrzTOQP5Vu oFPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Xc4YjGQpAl2xM7mLI+AwkXPXzcYNBtozffER+d70Zi8=; b=bz+KRLEDIteaSO8RMabPGi/swJDjTDTv6UtWol7+0ZJGra1cbxAyirHLmMYkXxxBAk przFzTpO3vaHtJrVJ6ylEFfLCFG2lHWT+pCimMpH5f2o/nsMOfjqpZ7GYM5DhiXbbjz6 w/lE43EOA7ihQPchCSBrT5qWBa6pK8wLQV2tqlkEUu1gkxoe7fDJuczDSnkgcSeMz+V/ WhkXUdC+ulpNlsR2HEZsSjjXiduc+58Pz6hoeHgzXm3ancChzuJbunESs8H0NUQH7Ob9 ItPtSItRkK+gtddQIIMbxsbWCTUh6UMDhQBoAwDxnPNLEGXKM8mXYr4DUS7M+9yNxtYU U7zQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BbPt6BRB; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q18si10805156edr.440.2020.07.20.08.46.17; Mon, 20 Jul 2020 08:46:17 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BbPt6BRB; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730638AbgGTPqQ (ORCPT + 15 others); Mon, 20 Jul 2020 11:46:16 -0400 Received: from mail.kernel.org ([198.145.29.99]:40888 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730004AbgGTPqP (ORCPT ); Mon, 20 Jul 2020 11:46:15 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6D08822CB3; Mon, 20 Jul 2020 15:46:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259975; bh=JnzwTOSD0dOZ6oJQzFQMgryNk5uoLCeCyw24xgv3p0A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BbPt6BRB4YPuzCY02tClw/lyEqKGUJUyQBJDvxYB3TbrRTNt6Wl4FivsZw9Q2ZBUj FoyGvxkc3iuzF3nlmWFurZ4DqPp2DZsQ+iBUWeZg54Khg/sR6r12RfCb4/WzN9ympw UrkKXTdIZfXm3J27RkAZlJiHcVXeY33hPlc7jk7s= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Srinivas Kandagatla , Charles Keepax , Vinod Koul , Takashi Iwai , Sasha Levin Subject: [PATCH 4.14 020/125] ALSA: compress: fix partial_drain completion state Date: Mon, 20 Jul 2020 17:35:59 +0200 Message-Id: <20200720152803.961487729@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152802.929969555@linuxfoundation.org> References: <20200720152802.929969555@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Vinod Koul [ Upstream commit f79a732a8325dfbd570d87f1435019d7e5501c6d ] On partial_drain completion we should be in SNDRV_PCM_STATE_RUNNING state, so set that for partially draining streams in snd_compr_drain_notify() and use a flag for partially draining streams While at it, add locks for stream state change in snd_compr_drain_notify() as well. Fixes: f44f2a5417b2 ("ALSA: compress: fix drain calls blocking other compress functions (v6)") Reviewed-by: Srinivas Kandagatla Tested-by: Srinivas Kandagatla Reviewed-by: Charles Keepax Tested-by: Charles Keepax Signed-off-by: Vinod Koul Link: https://lore.kernel.org/r/20200629134737.105993-4-vkoul@kernel.org Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin --- include/sound/compress_driver.h | 10 +++++++++- sound/core/compress_offload.c | 4 ++++ 2 files changed, 13 insertions(+), 1 deletion(-) -- 2.25.1 diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h index 33a07c3badf01..f58b8edf0371b 100644 --- a/include/sound/compress_driver.h +++ b/include/sound/compress_driver.h @@ -72,6 +72,7 @@ struct snd_compr_runtime { * @direction: stream direction, playback/recording * @metadata_set: metadata set flag, true when set * @next_track: has userspace signal next track transition, true when set + * @partial_drain: undergoing partial_drain for stream, true when set * @private_data: pointer to DSP private data */ struct snd_compr_stream { @@ -83,6 +84,7 @@ struct snd_compr_stream { enum snd_compr_direction direction; bool metadata_set; bool next_track; + bool partial_drain; void *private_data; }; @@ -186,7 +188,13 @@ static inline void snd_compr_drain_notify(struct snd_compr_stream *stream) if (snd_BUG_ON(!stream)) return; - stream->runtime->state = SNDRV_PCM_STATE_SETUP; + /* for partial_drain case we are back to running state on success */ + if (stream->partial_drain) { + stream->runtime->state = SNDRV_PCM_STATE_RUNNING; + stream->partial_drain = false; /* clear this flag as well */ + } else { + stream->runtime->state = SNDRV_PCM_STATE_SETUP; + } wake_up(&stream->runtime->sleep); } diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index 7ae8e24dc1e61..81624f6e3f330 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -723,6 +723,9 @@ static int snd_compr_stop(struct snd_compr_stream *stream) retval = stream->ops->trigger(stream, SNDRV_PCM_TRIGGER_STOP); if (!retval) { + /* clear flags and stop any drain wait */ + stream->partial_drain = false; + stream->metadata_set = false; snd_compr_drain_notify(stream); stream->runtime->total_bytes_available = 0; stream->runtime->total_bytes_transferred = 0; @@ -880,6 +883,7 @@ static int snd_compr_partial_drain(struct snd_compr_stream *stream) if (stream->next_track == false) return -EPERM; + stream->partial_drain = true; retval = stream->ops->trigger(stream, SND_COMPR_TRIGGER_PARTIAL_DRAIN); if (retval) { pr_debug("Partial drain returned failure\n"); From patchwork Mon Jul 20 15:36:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 237292 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2095723ilg; Mon, 20 Jul 2020 08:47:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyfe831BsKerMOwUePKk/Nxhmvk3aMXjkJpxLA/vWXj9PWO+gmPhl6N/V5jVuATHXRe1HZU X-Received: by 2002:a05:6402:1ac4:: with SMTP id ba4mr21202038edb.60.1595260065308; Mon, 20 Jul 2020 08:47:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595260065; cv=none; d=google.com; s=arc-20160816; b=KN4DE65tg4mTPPQnRV71EGlGybxFZaUwWpFDcjL8yq+ODehwUlqFZNg79SScKyra2F VYlWT3Agm7zfPoR2c8jSWk1xEtxUMzxPoY5lY4SZVsdFUQGnaidpkpVF1LrYKLLw0lSm WUU2lRUrWMy58zV5NelJX0VpzhT9VgDP60ndu2KtP4hNUkI1y/JhyrSrJ3MtCTIRGdq4 ssWKtl3q2gtYv20XuSNmisPyKi2Sd/wZv+tI0+/LxQfPdc5CGf5QOCxQUVTeZV/cxffo mAy7sVqrrUkcL64SRZ7GP2nuju6BRpYElW2qFzcgwCG1pcnRtWg013Z5DuWr63nQQcCC 5kYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=eQtVbe6znlR9R7VfItITVGcijKYjgJKGnecMY/Ga6Yo=; b=vB5MpNOevgr4nxQ/5rQP9VOPTaaNTRkpwi2VRlMYAykchoXerS5GPzF6qObhaN8lzl qZkQVI2vpfxWtJzc46wS3S8SL77T6sapYmcCi+/nxyEfNapfabjQPj5M6sudJK9hECKH N/h/nqEhYS6J+PFKWCW6eNUhu3q2eG0YZ8OBk0Muc2MQTJXEbTaPH2/Wcs87p8WANYxG HuWRjwwTLHJDFacxzJn4uW88T1Pfe230qojBNA8QT20X0+8ty9LQ7w5WvnApLCs8/3wQ BIgmpDvw8I35Xa3rLyYthG7ZD9+WyRCgG9Ucny8RMlzmpqgo3dLA8lXmtzrQ4xDPqypP VSAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fyBPHYfB; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a3si10839917eju.177.2020.07.20.08.47.45; Mon, 20 Jul 2020 08:47:45 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fyBPHYfB; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729387AbgGTPrm (ORCPT + 15 others); Mon, 20 Jul 2020 11:47:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:42968 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730780AbgGTPrm (ORCPT ); Mon, 20 Jul 2020 11:47:42 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C3E342065E; Mon, 20 Jul 2020 15:47:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595260061; bh=CxX0AJT363wpSILQqMtjxZO6oSEWTDFfl6+P8HsqE2E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fyBPHYfB/NYnPrnRBeusP3l9AV4uPs2A+9iAa9xoUZ+rLsEe7VyIkNnyuP60RoScX XekkOhWWxnk1kHO3IeUBo6cRZV2xtdFWmMlQFeYOHvYcpSR/E3KIiW8/u95q8DLzl6 XkPcn9qtEgVMm3byGM/C/JgdU1RfP+wJbkvZ4Cg4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lars-Peter Clausen , Linus Walleij , Jonathan Cameron , Stable@vger.kernel.org Subject: [PATCH 4.14 062/125] iio:magnetometer:ak8974: Fix alignment and data leak issues Date: Mon, 20 Jul 2020 17:36:41 +0200 Message-Id: <20200720152806.033894436@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152802.929969555@linuxfoundation.org> References: <20200720152802.929969555@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jonathan Cameron commit 838e00b13bfd4cac8b24df25bfc58e2eb99bcc70 upstream. One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses an array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data. This data is allocated with kzalloc so no data can leak appart from previous readings. Fixes: 7c94a8b2ee8cf ("iio: magn: add a driver for AK8974") Reported-by: Lars-Peter Clausen Reviewed-by: Linus Walleij Signed-off-by: Jonathan Cameron Cc: Signed-off-by: Greg Kroah-Hartman --- drivers/iio/magnetometer/ak8974.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/drivers/iio/magnetometer/ak8974.c +++ b/drivers/iio/magnetometer/ak8974.c @@ -184,6 +184,11 @@ struct ak8974 { bool drdy_irq; struct completion drdy_complete; bool drdy_active_low; + /* Ensure timestamp is naturally aligned */ + struct { + __le16 channels[3]; + s64 ts __aligned(8); + } scan; }; static const char ak8974_reg_avdd[] = "avdd"; @@ -580,7 +585,6 @@ static void ak8974_fill_buffer(struct ii { struct ak8974 *ak8974 = iio_priv(indio_dev); int ret; - __le16 hw_values[8]; /* Three axes + 64bit padding */ pm_runtime_get_sync(&ak8974->i2c->dev); mutex_lock(&ak8974->lock); @@ -590,13 +594,13 @@ static void ak8974_fill_buffer(struct ii dev_err(&ak8974->i2c->dev, "error triggering measure\n"); goto out_unlock; } - ret = ak8974_getresult(ak8974, hw_values); + ret = ak8974_getresult(ak8974, ak8974->scan.channels); if (ret) { dev_err(&ak8974->i2c->dev, "error getting measures\n"); goto out_unlock; } - iio_push_to_buffers_with_timestamp(indio_dev, hw_values, + iio_push_to_buffers_with_timestamp(indio_dev, &ak8974->scan, iio_get_time_ns(indio_dev)); out_unlock: From patchwork Mon Jul 20 15:36:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 237557 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2140419ilg; Mon, 20 Jul 2020 09:41:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwW9/iezl4RDWuiHC2eC1mb7Yi1rOla/Qts7bZy9stJzNonlxy6VlGyGk7pQ6UI4fIFlkM1 X-Received: by 2002:a50:d8c2:: with SMTP id y2mr21944020edj.114.1595263261834; Mon, 20 Jul 2020 09:41:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595263261; cv=none; d=google.com; s=arc-20160816; b=d7ARQiAqqUKXQ1gij33rjMz07HMTBS4w+vs+XBtP5BrsUDM4ZUH4bdw1DcwUDY/al9 3+9n+QpE7lzXk9yKb5/CZH5JnwnIuxfCFitNU7n0dJwe8USuf9xEjyCOHNmk/3OmMF9V NjuBoEi69RxOj6fG/KXppJqI4HEKXmn1bAEgwHTxkz0r5B763NjYs4iNpkkVeTYKb9Bj aWSJPK4EN6mxw0frLFX/e3rRiFY+chSPm6t7qC1sanJ4ZsZIKGAHl521sBKkM/XyYKj/ heaTYqbIzmaFRXilEYsYKMSK0KzgGenKo6GmWOigiz3Hfm5+RVrGwh1IawnmRla3fVJe JAXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=AJIvosN+mpjLbmIKpWq4RuIC3rSQYHklZTDxq8EXSq4=; b=IwC1Z1q96YFvvbsvAk9Nj8aP9KLvFbLatGaBWwm5NTTKT+TyHFmG1Z7bQHocgWMwEH jggJqPGrHlzyRxSF4IToDQ5+vXxtq6/tODz/8sFGWqYayv3hpi2XdsW2JACvPMAqIwGs Ye0FxOj/zNmgMJAWE05MlJajvjE2yfUttgSP9yU8JYnKReNASEfsrpPx3sIAtRltvFMF cLnxtefYFy5G9mrTkgmQ0pi9rOez9jFWqeic/Np1zUkhBHyHw/ehbMCzZ/w3B3n/ReVO 04u+SZboW0L5N2okB3iLX4P3dD+geHwYAKd7kPUM36S6X7aJlzIutwckbpUNnnzuhhqz iP8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sfSONZa7; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a19si10672506edy.575.2020.07.20.09.41.01; Mon, 20 Jul 2020 09:41:01 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sfSONZa7; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730134AbgGTPqX (ORCPT + 15 others); Mon, 20 Jul 2020 11:46:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:41008 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730004AbgGTPqV (ORCPT ); Mon, 20 Jul 2020 11:46:21 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3110A22BF3; Mon, 20 Jul 2020 15:46:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259980; bh=fmeWhdhvaGBZT1EJ8XDeUQppJvMJz/VxtSuhIKoeQ58=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sfSONZa7+XLw/+6YLh7Txo39qeyDkF0JXEHwG6r1HaIzMGvyun+t8NzSzy2EgTCPp 2UctzHYC24EvDar41nsw1VP6F44tufkhEmWyhaKYqttieE2gvOTgiipZw4o35/b4WM VE3r1jnTQ2nC57YDMOR6n/EPTq4J8kxnHml6jaU4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lars-Peter Clausen , Matt Ranostay , Alison Schofield , Jonathan Cameron , Stable@vger.kernel.org Subject: [PATCH 4.14 063/125] iio:humidity:hdc100x Fix alignment and data leak issues Date: Mon, 20 Jul 2020 17:36:42 +0200 Message-Id: <20200720152806.068859819@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152802.929969555@linuxfoundation.org> References: <20200720152802.929969555@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jonathan Cameron commit ea5e7a7bb6205d24371373cd80325db1bc15eded upstream. One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses an array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data. This data is allocated with kzalloc so no data can leak apart from previous readings. Fixes: 16bf793f86b2 ("iio: humidity: hdc100x: add triggered buffer support for HDC100X") Reported-by: Lars-Peter Clausen Acked-by: Matt Ranostay Cc: Alison Schofield Signed-off-by: Jonathan Cameron Cc: Signed-off-by: Greg Kroah-Hartman --- drivers/iio/humidity/hdc100x.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/drivers/iio/humidity/hdc100x.c +++ b/drivers/iio/humidity/hdc100x.c @@ -46,6 +46,11 @@ struct hdc100x_data { /* integration time of the sensor */ int adc_int_us[2]; + /* Ensure natural alignment of timestamp */ + struct { + __be16 channels[2]; + s64 ts __aligned(8); + } scan; }; /* integration time in us */ @@ -327,7 +332,6 @@ static irqreturn_t hdc100x_trigger_handl struct i2c_client *client = data->client; int delay = data->adc_int_us[0] + data->adc_int_us[1]; int ret; - s16 buf[8]; /* 2x s16 + padding + 8 byte timestamp */ /* dual read starts at temp register */ mutex_lock(&data->lock); @@ -338,13 +342,13 @@ static irqreturn_t hdc100x_trigger_handl } usleep_range(delay, delay + 1000); - ret = i2c_master_recv(client, (u8 *)buf, 4); + ret = i2c_master_recv(client, (u8 *)data->scan.channels, 4); if (ret < 0) { dev_err(&client->dev, "cannot read sensor data\n"); goto err; } - iio_push_to_buffers_with_timestamp(indio_dev, buf, + iio_push_to_buffers_with_timestamp(indio_dev, &data->scan, iio_get_time_ns(indio_dev)); err: mutex_unlock(&data->lock); From patchwork Mon Jul 20 15:36:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 237289 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2094845ilg; Mon, 20 Jul 2020 08:46:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJywI1eulGjBX6N2Sluv8RiSXmkAZhYcIHvHf3cyEhyr4uzNL7HGjLAiKT6aqMT7AH9c/few X-Received: by 2002:a17:906:3446:: with SMTP id d6mr20641115ejb.323.1595259994622; Mon, 20 Jul 2020 08:46:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595259994; cv=none; d=google.com; s=arc-20160816; b=lix4S0JZMrH5s+MWX888R4OaKlyACls4cSXt9OKb4CRlyJwIK0uFU0RFHTS69zPxqE srZR5oFUXyblEIHH9tpdEqZca1tlUIMa4nUX6FA04rFsZ0zS+LRtlN9so28YHfSL7gSy kppGKS78+5vuR9ZgdMQMwjlsYrFsrJHFq/6sGgB7/hTMTHYLBTOR5TBkNDbQfUS+PG77 9aJZ78lqcB1VEOzQF0xziIbhO4T1VtI8bOJ7XSGWBcOUbL1TGxBw/wBsqkc+8xx45IXE nk9FT4y6Tk40gaxebK4HeWYJpV/w4xlRiinPJuiV/4BKsuUJl/aZTyVoM+8lvAxEVvlX ROzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=FyEfiEanleHIkCwrmFojBZ2sZnDFFvemdHTFLx31pNg=; b=pI5FPZu7DTkfOjtrgq6HcB1Ao6lOOJAzwXVAaCN5xjUlqeO4rEzwYdODofOtHU31/Z o4Jzor7oCH49+TAMpFgL/7jNYr5GjF/49cE4JDfHGUfb/z9cl7zc3b1KCwuRiJEdrmBn NC71+4UyNoe3yFzOAoj+SJ9LDSRQ7Rf4TAVVG6lVKXe6mA1tXSVzB5cC3O5nqSQkJkun LpWOoqCYBS863vVJh1NRw9XiRukzpXbqWkjThKAqLuvKNabnjsNCA1V0HLhtLHDswHYT 8m3BQsHAA4IeGA1oqClE09ogXWFjrZX32ECc+z+TOUKL263MLcJEi911OMFNzvEX0Q+g fSGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ftgO3Vl4; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dv20si10688886ejb.582.2020.07.20.08.46.34; Mon, 20 Jul 2020 08:46:34 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ftgO3Vl4; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730205AbgGTPqd (ORCPT + 15 others); Mon, 20 Jul 2020 11:46:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:41222 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730193AbgGTPqc (ORCPT ); Mon, 20 Jul 2020 11:46:32 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DCBE122CBB; Mon, 20 Jul 2020 15:46:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259991; bh=eVx2whG+iEhdi/wNAA8mHJvtFWijfFiSbn2YqjBTA2Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ftgO3Vl4nFvcUaWz2or1HQzGYwARTZDrDY0Y+cCYuAZS1s4xPQlrzn2kGRTXS8fvl Wi8fPLSmAimXowoWgITIpwtDJKmu0dEVnhegOV4nR0sBOVFdDjtQ+qtfdNKOp80tMc LYbzLrLfRoSEdDTszfZhL2wK+MW529NGspHNHyiU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lars-Peter Clausen , Jonathan Cameron , Tomasz Duszynski , Stable@vger.kernel.org Subject: [PATCH 4.14 067/125] iio:pressure:ms5611 Fix buffer element alignment Date: Mon, 20 Jul 2020 17:36:46 +0200 Message-Id: <20200720152806.254762720@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152802.929969555@linuxfoundation.org> References: <20200720152802.929969555@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jonathan Cameron commit 8db4afe163bbdd93dca6fcefbb831ef12ecc6b4d upstream. One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses an array of smaller elements on the stack. Here there is no data leak possibility so use an explicit structure on the stack to ensure alignment and nice readable fashion. The forced alignment of ts isn't strictly necessary in this driver as the padding will be correct anyway (there isn't any). However it is probably less fragile to have it there and it acts as documentation of the requirement. Fixes: 713bbb4efb9dc ("iio: pressure: ms5611: Add triggered buffer support") Reported-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron Acked-by: Tomasz Duszynski Cc: Signed-off-by: Greg Kroah-Hartman --- drivers/iio/pressure/ms5611_core.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) --- a/drivers/iio/pressure/ms5611_core.c +++ b/drivers/iio/pressure/ms5611_core.c @@ -215,16 +215,21 @@ static irqreturn_t ms5611_trigger_handle struct iio_poll_func *pf = p; struct iio_dev *indio_dev = pf->indio_dev; struct ms5611_state *st = iio_priv(indio_dev); - s32 buf[4]; /* s32 (pressure) + s32 (temp) + 2 * s32 (timestamp) */ + /* Ensure buffer elements are naturally aligned */ + struct { + s32 channels[2]; + s64 ts __aligned(8); + } scan; int ret; mutex_lock(&st->lock); - ret = ms5611_read_temp_and_pressure(indio_dev, &buf[1], &buf[0]); + ret = ms5611_read_temp_and_pressure(indio_dev, &scan.channels[1], + &scan.channels[0]); mutex_unlock(&st->lock); if (ret < 0) goto err; - iio_push_to_buffers_with_timestamp(indio_dev, buf, + iio_push_to_buffers_with_timestamp(indio_dev, &scan, iio_get_time_ns(indio_dev)); err: From patchwork Mon Jul 20 15:36:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 237556 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2140364ilg; Mon, 20 Jul 2020 09:40:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyoBE6hNXnlXCOQngkAY9mLNaYbOMeqjosd8G3/FIB3e3Nh/S0MApFhSYR3g3FNk+14j0di X-Received: by 2002:a50:f384:: with SMTP id g4mr21603149edm.205.1595263258828; Mon, 20 Jul 2020 09:40:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595263258; cv=none; d=google.com; s=arc-20160816; b=crW8kXixQk4o7xzqGtVcsDC8QX72826zdDr/T36Gsh32QuXtewo+M/0oa25JdhUyDR ctVEWnyXawdPVPguo0LnGkhkvZ0Zn8gGWlRpKoVo5Eysx6pHN4C51KwXQBPo3QjWhAXp mYwxTVepR4fr2DnBcRVOJ2i6yyEEVvN7WWbsHdVTCvhKMqitGbNrrahS2lcp+a0IsCYI OPfF7amZWbs3TGphiMvRPJztYhTlYFql+qFIRZ9CAyIN9WPv2PMl151O73wK+ijUAS4D kLu0jvdJeWt2Oto5m6yukWPNd4/pJGNC5xEnz7BYLUmg+ZqHYEfOCL5sv9cJnVXs24Ku Ox+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=20vWbjOJ05tbSMiEIiKIUuL4OiAgRpiEN/NcDmMoUOM=; b=dKnXZfOFqF7TdKSFV0wQWNhSspCpPin72cB1AVI9BQTeZFmxXen9DDSGjVieHVIVRr vllp4QFah5zLwM/FeCYgHX3NVpRYLRx5kAqgGzcCp7M/sY8yzXFht3aQcRzphXnlUJab ANzNRHsVjlnVBEy1fI8OzT8haoZ/ajhQFuoBrTAtee5hep2jGEstmEwer2iWeW7kzT6l Wah0B5emvssoGMJTS02IHM7s6Suvsrp+kk1Ass1hiOKnszDZy//ba/TivX1ar3on64Dz inZEWjZeiMabacdOYofsppPfw4lqZA56v+z+EUz29KHB5T3UXgwhpG/TV5JiR4rtK+gs JDBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ec+9gGWS; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a19si10672506edy.575.2020.07.20.09.40.58; Mon, 20 Jul 2020 09:40:58 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ec+9gGWS; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730671AbgGTQkx (ORCPT + 15 others); Mon, 20 Jul 2020 12:40:53 -0400 Received: from mail.kernel.org ([198.145.29.99]:41298 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730192AbgGTPqf (ORCPT ); Mon, 20 Jul 2020 11:46:35 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AEFFE22CBE; Mon, 20 Jul 2020 15:46:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259994; bh=6TvSZAHBNwIOER1p9mZeazrQSDICKsX8iOf9RBznyvI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ec+9gGWSF5fwRqh2SrpMmgniyz+uZOie8s5k+43CRD3bDRp51a/2cOHSowRfqgsN9 hcYbbRZLZ9k34zrKtes7O2dACl5H6fBe3W+Kdpus43bo+5u2/6aNHzR0bxjXUuCFp5 AQCexQTYC9wt0rF3ulHoW02GlyH4EJpCTGKu7Mi0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lars-Peter Clausen , Jonathan Cameron , "Andrew F. Davis" , Stable@vger.kernel.org Subject: [PATCH 4.14 068/125] iio:health:afe4403 Fix timestamp alignment and prevent data leak. Date: Mon, 20 Jul 2020 17:36:47 +0200 Message-Id: <20200720152806.301444420@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152802.929969555@linuxfoundation.org> References: <20200720152802.929969555@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jonathan Cameron commit 3f9c6d38797e9903937b007a341dad0c251765d6 upstream. One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses a 32 byte array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data with alignment explicitly requested. This data is allocated with kzalloc so no data can leak appart from previous readings. Fixes: eec96d1e2d31 ("iio: health: Add driver for the TI AFE4403 heart monitor") Reported-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron Acked-by: Andrew F. Davis Cc: Signed-off-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman --- drivers/iio/health/afe4403.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/drivers/iio/health/afe4403.c +++ b/drivers/iio/health/afe4403.c @@ -71,6 +71,7 @@ static const struct reg_field afe4403_re * @regulator: Pointer to the regulator for the IC * @trig: IIO trigger for this device * @irq: ADC_RDY line interrupt number + * @buffer: Used to construct data layout to push into IIO buffer. */ struct afe4403_data { struct device *dev; @@ -80,6 +81,8 @@ struct afe4403_data { struct regulator *regulator; struct iio_trigger *trig; int irq; + /* Ensure suitable alignment for timestamp */ + s32 buffer[8] __aligned(8); }; enum afe4403_chan_id { @@ -318,7 +321,6 @@ static irqreturn_t afe4403_trigger_handl struct iio_dev *indio_dev = pf->indio_dev; struct afe4403_data *afe = iio_priv(indio_dev); int ret, bit, i = 0; - s32 buffer[8]; u8 tx[4] = {AFE440X_CONTROL0, 0x0, 0x0, AFE440X_CONTROL0_READ}; u8 rx[3]; @@ -335,9 +337,9 @@ static irqreturn_t afe4403_trigger_handl if (ret) goto err; - buffer[i++] = (rx[0] << 16) | - (rx[1] << 8) | - (rx[2]); + afe->buffer[i++] = (rx[0] << 16) | + (rx[1] << 8) | + (rx[2]); } /* Disable reading from the device */ @@ -346,7 +348,8 @@ static irqreturn_t afe4403_trigger_handl if (ret) goto err; - iio_push_to_buffers_with_timestamp(indio_dev, buffer, pf->timestamp); + iio_push_to_buffers_with_timestamp(indio_dev, afe->buffer, + pf->timestamp); err: iio_trigger_notify_done(indio_dev->trig); From patchwork Mon Jul 20 15:36:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 237291 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2095337ilg; Mon, 20 Jul 2020 08:47:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyeLMnaDJ5PjLOBI3PtHT26+QNscDUJtkoyCTmWB8U3DChLvxiI6ycc1eE2Df892Tzk0WsH X-Received: by 2002:a17:906:b143:: with SMTP id bt3mr22493480ejb.134.1595260032497; Mon, 20 Jul 2020 08:47:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595260032; cv=none; d=google.com; s=arc-20160816; b=zBJycSzs+JnDjsIy+2wrxSlpiM03S8M3h9DG22AeQrqOHJteBx1g21aHYyHJ/yLNNG v27Jj8gkFNKH7KH5+hnI1wn2lB1XLgk1srDAO6eFab/9QSjjs9blr6eDZTzVmCxU87yO grZwMywDIa4fZvM0ceu80xa24Da5EQYeLpWLcKwckm40hgBJhpoumJK28zTikXhiR6+5 ofvsXYfsJHOg1Eh7XXbPci7XWO4m7aTjP1hZx5+3l2b//HB9G4TSJltJCWgcU7AdKicp PFsTDmsossE7LCcKhj6D+29VVatPkfXS2OQLdICd8dJULhlV2ufum89rKa2Ymrn0mgXH zIbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=hGo9GqHig13cOHFQE/I/wW8r51252vcwioXKpk9Qa4g=; b=QjRT6G4C67JaBe3h6DuJ2BKiVlHFAJAzCeVXVp3QIwJEmILFyuAaAynx+sxw8mKCDd 3OaSphd7XXjTySrI6yLoujpdfDR5ykToUR/iBFWZuAIg3hcF7sWkU7zvyy3brXJw3YBH IwXlY094JL5J71N/GrSl+W69wgI4Zj4RF2A5M5XnbPSzkFLUjPNgucOuTeSV4HehhDxw HOEB8FpT3DayABK02ug2Vdg3Gz7DYqq/6NAp/kquO4CF4toHY/Burdj1c227cDfv7s9c N823iLFTU4p4R6ptLrbIMDFQAugX33XOy5/cXbnx3ewywOS/HQzQnRPYcmfchqcKGtCf 6R5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="JrOTbe/b"; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r22si10811510edq.411.2020.07.20.08.47.12; Mon, 20 Jul 2020 08:47:12 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="JrOTbe/b"; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730742AbgGTPrJ (ORCPT + 15 others); Mon, 20 Jul 2020 11:47:09 -0400 Received: from mail.kernel.org ([198.145.29.99]:42166 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730386AbgGTPrI (ORCPT ); Mon, 20 Jul 2020 11:47:08 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 97655206E9; Mon, 20 Jul 2020 15:47:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595260028; bh=Vk7IagyqnoRmnENC1u/iaiaXIz648HETL5Ky4FZuhwo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JrOTbe/bTWtPsCwiqmhBWBtm3r6EvTq31LOF4ClAOUFI6Mx5EH5KbwYxmiLuq+zln ypAZJL1VwKFcIx3T8s0IKHp3iJe1OxkWxAAGat1duffhADxspO9u/qMMwVYxDyXqIx poPFcsASKcACrNifCIzyNeaddLNFX8hgGd09yQ3c= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lars-Peter Clausen , Jonathan Cameron , "Andrew F. Davis" , Sasha Levin Subject: [PATCH 4.14 080/125] iio:health:afe4404 Fix timestamp alignment and prevent data leak. Date: Mon, 20 Jul 2020 17:36:59 +0200 Message-Id: <20200720152806.883617444@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152802.929969555@linuxfoundation.org> References: <20200720152802.929969555@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jonathan Cameron [ Upstream commit f88ecccac4be348bbcc6d056bdbc622a8955c04d ] One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses a 40 byte array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data with alignment explicitly requested. This data is allocated with kzalloc so no data can leak appart from previous readings. Fixes: 87aec56e27ef ("iio: health: Add driver for the TI AFE4404 heart monitor") Reported-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron Acked-by: Andrew F. Davis Signed-off-by: Jonathan Cameron Signed-off-by: Sasha Levin --- drivers/iio/health/afe4404.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) -- 2.25.1 diff --git a/drivers/iio/health/afe4404.c b/drivers/iio/health/afe4404.c index 964f5231a831c..5e256b11ac877 100644 --- a/drivers/iio/health/afe4404.c +++ b/drivers/iio/health/afe4404.c @@ -91,6 +91,7 @@ static const struct reg_field afe4404_reg_fields[] = { * @regulator: Pointer to the regulator for the IC * @trig: IIO trigger for this device * @irq: ADC_RDY line interrupt number + * @buffer: Used to construct a scan to push to the iio buffer. */ struct afe4404_data { struct device *dev; @@ -99,6 +100,7 @@ struct afe4404_data { struct regulator *regulator; struct iio_trigger *trig; int irq; + s32 buffer[10] __aligned(8); }; enum afe4404_chan_id { @@ -337,17 +339,17 @@ static irqreturn_t afe4404_trigger_handler(int irq, void *private) struct iio_dev *indio_dev = pf->indio_dev; struct afe4404_data *afe = iio_priv(indio_dev); int ret, bit, i = 0; - s32 buffer[10]; for_each_set_bit(bit, indio_dev->active_scan_mask, indio_dev->masklength) { ret = regmap_read(afe->regmap, afe4404_channel_values[bit], - &buffer[i++]); + &afe->buffer[i++]); if (ret) goto err; } - iio_push_to_buffers_with_timestamp(indio_dev, buffer, pf->timestamp); + iio_push_to_buffers_with_timestamp(indio_dev, afe->buffer, + pf->timestamp); err: iio_trigger_notify_done(indio_dev->trig); From patchwork Mon Jul 20 15:37:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 237555 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2140117ilg; Mon, 20 Jul 2020 09:40:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwcnh3MxGQ0g0Yq9jmgv9+BHWMDpizUVWhurcTI66FjfM+NpVOw7mIuySLYavR6nB0Zjddh X-Received: by 2002:a17:906:35d2:: with SMTP id p18mr22401880ejb.393.1595263233668; Mon, 20 Jul 2020 09:40:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595263233; cv=none; d=google.com; s=arc-20160816; b=vODMFzdl6vW3cMxm/Re2c8qzbkZ/bUQMB8moq8cUziccRDLUyW+xmReS4W7o7uZqFG 80/GXiRzRjeNOk79HevNOfyyEu9EckpdD/auMzm8nJAkz1vlghtI7kQFH8jKHBJqdC5b 95puebwd4ny7ug2+hkkNUewC/PM63B0v316fzwGQzq4eFkQXLaER7GHVa5Mw56G86VJX 0kbFV3iLVNch/1+PhAxrTwguIEBExZ6RpnV9AyWBA+/ghihdGyNplfasZ8UFvf9du/b4 BI8KemUlIqCZl6NCHwFFIs91Xk3U+3z4lk6Z9uBq6dt9oFEI7X6ZhF2T0QvdCeMym0cT USVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=3ASgkCe1I9y+PdzmsFsbxVXvU4rBPHhM+Zx4YWzDPrM=; b=abTkIWs/YozME6TZH01OeAU/JfWXrd7gfntVBqu/qFrwm90/KVv3fizT7Cpxvyf8x4 DXpGj17mzyySrVODJNhAJzNhfP5zaxXg5g7TUzYB/7a+2fERAdLtgr3qKnQOfZL0Xfgr Y5PYeI/x/uHBub1pAMbQr5y+MNwG6Q+h1Xyvqy0BZby5Ea832+x0xTjmJEwEMiH54XhP LHglMT/netbV1FplLBGn8CgqEmZaAfUwHGU8hn2k06jCOwfbMbbQH3lki/Ohc9SZKDRe D4ZIVx4FwWHjTSpwTd5ev6gb+MncyV54LZuSlPw2yJ4EZDfduBF6N1Z04Dcp8uWm+dGo u+/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=otAkzqO5; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bt10si10911434edb.146.2020.07.20.09.40.33; Mon, 20 Jul 2020 09:40:33 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=otAkzqO5; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730743AbgGTPrO (ORCPT + 15 others); Mon, 20 Jul 2020 11:47:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:42318 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730738AbgGTPrO (ORCPT ); Mon, 20 Jul 2020 11:47:14 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2624C22BF3; Mon, 20 Jul 2020 15:47:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595260033; bh=OoESAnnsNphandLeCs8CakH27dQGYZJjXEuVriqzIbM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=otAkzqO5f8ZonqpyuJ0rxYRaOHDVW9nRn5pdgU0Shl1x308uEtY62wrKd76g6NzEi ru5dOCAOBpY3M1RVWbxTLBx80OQuzpaVKyjJQn4Xnbx+CMvlCF7D45c9YTNB5AGkJA Rob8jM2EEGmCb4+27hiHqp5eusRWjPijhfXJ7RfA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jerome Brunet , Kevin Hilman , Neil Armstrong , Sasha Levin Subject: [PATCH 4.14 082/125] arm64: dts: meson: add missing gxl rng clock Date: Mon, 20 Jul 2020 17:37:01 +0200 Message-Id: <20200720152806.979464857@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152802.929969555@linuxfoundation.org> References: <20200720152802.929969555@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jerome Brunet [ Upstream commit 95ca6f06dd4827ff63be5154120c7a8511cd9a41 ] The peripheral clock of the RNG is missing for gxl while it is present for gxbb. Fixes: 1b3f6d148692 ("ARM64: dts: meson-gx: add clock CLKID_RNG0 to hwrng node") Signed-off-by: Jerome Brunet Signed-off-by: Kevin Hilman Reviewed-by: Neil Armstrong Link: https://lore.kernel.org/r/20200617125346.1163527-1-jbrunet@baylibre.com Signed-off-by: Sasha Levin --- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 5 +++++ 1 file changed, 5 insertions(+) -- 2.25.1 diff --git a/arch/arm64/boot/dts/amlogic/meson-gxl.dtsi b/arch/arm64/boot/dts/amlogic/meson-gxl.dtsi index 3c30579449608..3ee6c4bae08f6 100644 --- a/arch/arm64/boot/dts/amlogic/meson-gxl.dtsi +++ b/arch/arm64/boot/dts/amlogic/meson-gxl.dtsi @@ -245,6 +245,11 @@ clkc: clock-controller@0 { }; }; +&hwrng { + clocks = <&clkc CLKID_RNG0>; + clock-names = "core"; +}; + &i2c_A { clocks = <&clkc CLKID_I2C>; }; From patchwork Mon Jul 20 15:37:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 237293 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2097171ilg; Mon, 20 Jul 2020 08:49:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz+W69VETqqe5isUGco/T/tpakIrK4LnE6ZIzo5jJG7m2OF29Ue2Ga253s9WA3MDyMKf610 X-Received: by 2002:a17:906:38da:: with SMTP id r26mr20615104ejd.120.1595260168467; Mon, 20 Jul 2020 08:49:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595260168; cv=none; d=google.com; s=arc-20160816; b=MlW9TuTZtmDFrHfF04qaQeF7tjmoXLbQa+6BNej/rLNmeP1a8Y4wenPRTcdGtC8Bxt Z44b7MQrLRI27HNrvXeuGAMZJgQIGwQm2XKt3bXe7PzDd9v6ARMdaGqLmBHtZUQ+cDg0 gmUGNfsiFad/S/cOOV6T0yeDx7T2aHRTd33W36N38xB8lGnV3ZNZ7hIC3OgMJOYZNBd4 Y9XFA/Ldl2mzPqyOJD4e6XfRPLAJQ+7MpP1Gr26NUauJWdcqEVIlBW0Z6nku1NcEdZ3N LkPnWyCPrKROVlo13YgoUpN3Ui+idkhIFHd6QuMrAixTJxrdBIUkSTjXGNPrbJ232Suj 4gQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KW+jUqSyekTIOa6vY2UETIc+4EOdeedFMMYRM3C0j+U=; b=PElhhl0d6NgGRiVEyCAnnDrJWtszIFeAVKjsUoJ8krJ+V90tzNj899rtoAt2CZEVH/ vDu0XqqdaW6AlllF0++eDShFdkEOvy7uRs5gLENOKXFetJw190ErT9OmiMxuFpW2JORN TnZluknvMhBoQtOPTu//F/8zI1z5mIJZfZZOvhnDnxOQKJj7iMv9y3JLbIVAzyJ0jSzv j/3wsMY7vtNxpf4TUCugsVrQjS0Js3aLoprJFzrpHPeF3XpnbwIAU7Gsakbn11uYZs+G mj9V/NrebhNN+SPLM8QDeDPwX2vYyEICP2spZyFNmfrEv3pNCduH3dMk8KUw48CKH4/2 J7vg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XmhV11th; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bl24si10244275ejb.602.2020.07.20.08.49.28; Mon, 20 Jul 2020 08:49:28 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XmhV11th; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731014AbgGTPtZ (ORCPT + 15 others); Mon, 20 Jul 2020 11:49:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:45486 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731011AbgGTPtY (ORCPT ); Mon, 20 Jul 2020 11:49:24 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 30DC3206E9; Mon, 20 Jul 2020 15:49:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595260163; bh=xisV9O1MQFO//s+dF/qHJwRuCjGNODsK2gNeBFmefYk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XmhV11thPE9hK7YfIYZzDTvfCTP3nqw9USsvLMtkOwhJJnXxNklzcIpfIbIHeUqET vkaOnsfHTmXz1VmpCVAHDZ1Kut6z0AjtR/jSEbNFNKGzhnUeo/akUfDTofU56x2vbU 9qiX70xQq747eccwVvCQhGGkt2FoVmzGtGtcvfxQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Vincent Guittot , "Peter Zijlstra (Intel)" , Valentin Schneider , Dietmar Eggemann Subject: [PATCH 4.14 122/125] sched/fair: handle case of task_h_load() returning 0 Date: Mon, 20 Jul 2020 17:37:41 +0200 Message-Id: <20200720152808.948148629@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152802.929969555@linuxfoundation.org> References: <20200720152802.929969555@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Vincent Guittot commit 01cfcde9c26d8555f0e6e9aea9d6049f87683998 upstream. task_h_load() can return 0 in some situations like running stress-ng mmapfork, which forks thousands of threads, in a sched group on a 224 cores system. The load balance doesn't handle this correctly because env->imbalance never decreases and it will stop pulling tasks only after reaching loop_max, which can be equal to the number of running tasks of the cfs. Make sure that imbalance will be decreased by at least 1. misfit task is the other feature that doesn't handle correctly such situation although it's probably more difficult to face the problem because of the smaller number of CPUs and running tasks on heterogenous system. We can't simply ensure that task_h_load() returns at least one because it would imply to handle underflow in other places. Signed-off-by: Vincent Guittot Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Valentin Schneider Reviewed-by: Dietmar Eggemann Tested-by: Dietmar Eggemann Cc: # v4.4+ Link: https://lkml.kernel.org/r/20200710152426.16981-1-vincent.guittot@linaro.org Signed-off-by: Greg Kroah-Hartman --- kernel/sched/fair.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -6871,7 +6871,15 @@ static int detach_tasks(struct lb_env *e if (!can_migrate_task(p, env)) goto next; - load = task_h_load(p); + /* + * Depending of the number of CPUs and tasks and the + * cgroup hierarchy, task_h_load() can return a null + * value. Make sure that env->imbalance decreases + * otherwise detach_tasks() will stop only after + * detaching up to loop_max tasks. + */ + load = max_t(unsigned long, task_h_load(p), 1); + if (sched_feat(LB_MIN) && load < 16 && !env->sd->nr_balance_failed) goto next;