Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp43435ybh; Mon, 20 Jul 2020 09:52:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwA1sw4TS3nsWdumknljI8bOQ7KWYrDFcpjJlxOcCpU3LjVrKD/4a0UKi2vUm/lh4Msm9bl X-Received: by 2002:a17:906:1414:: with SMTP id p20mr21249602ejc.247.1595263952423; Mon, 20 Jul 2020 09:52:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595263952; cv=none; d=google.com; s=arc-20160816; b=eaWp8j03CD/NM1PUGZwa9IxpCKD/6blxInvK98JHRL6UtEAuUKF5RSLmXhLYaCAkaL 4xiy3PEDNq3cty9TGJH8R8XCOnXTfnMv70xxeRJms6b+ZhLqVCba2jSC0J+QNv5xN19k eT4By2SpFrxPYMvkKkVWj+sfEaJPw0UdYt3IoJJ2Ivw6XZGFXnmjfYdeX14xST6mNaV+ kDFtoDyE4KVWRKS88ShfUzgdPha/7t+3IearoR9L2tPeTvjl0VATeWzE0E4ODPsu4k+M llYsgqJ1l1cOeVK7SvVClv0N6TgbV13IpOT+ZREgR2RR8QEvCqW6KjVbL215JTyk2w0u OcGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=WGfIbRwySoiGcVeZQP6G42kjOrv829ddUVqTXa//qWI=; b=XG/2ZYXE7cllyjvUOcYhzfww2otYK4hOFjqjFxgUJBYSDMfaX+c1ZoF4v8WuL/h2o5 xeHY8plHLcl1u+9Kz5hySmiiSVwRKmjqe6Q+s/bAd53IqArzEVRqvqewzggfNYGu2qAW 4YJ8pDDC2Ge2MglHMJ7e0HMb/Ykg+jSYAggJzh/4I/6xvL5dvypjWP2QkLGxMZJy2Zrw 6/OOevJudyTub194Y3kVLJPcfaS7Na8rBDILHkuGbIVQuB0RlTrgTLWxH4GE1v/Pizhx m8TOzWTZTKmuGNZKNONFpZqSn/ErEd5+zA+NkhKcoOR0QAwPLLxF0FWJYGTKw00WeVZ7 aBzA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n26si10277707ejs.214.2020.07.20.09.52.08; Mon, 20 Jul 2020 09:52:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730169AbgGTQub (ORCPT + 99 others); Mon, 20 Jul 2020 12:50:31 -0400 Received: from smtprelay0083.hostedemail.com ([216.40.44.83]:44054 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728495AbgGTQub (ORCPT ); Mon, 20 Jul 2020 12:50:31 -0400 Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay06.hostedemail.com (Postfix) with ESMTP id C62BE1802DA32; Mon, 20 Jul 2020 16:50:29 +0000 (UTC) X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,,RULES_HIT:41:355:379:599:800:960:973:988:989:1260:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1541:1593:1594:1711:1730:1747:1777:1792:2393:2559:2562:2828:2903:2911:3138:3139:3140:3141:3142:3352:3622:3865:3866:3867:3868:3870:3871:3874:4321:4425:5007:6119:7576:7903:8603:10004:10400:11026:11232:11658:11914:12043:12114:12297:12438:12555:12740:12760:12895:12986:13069:13161:13229:13311:13357:13439:14181:14659:14721:21080:21451:21627:30054:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:1,LUA_SUMMARY:none X-HE-Tag: tree55_401562926f26 X-Filterd-Recvd-Size: 2217 Received: from XPS-9350.home (unknown [47.151.133.149]) (Authenticated sender: joe@perches.com) by omf16.hostedemail.com (Postfix) with ESMTPA; Mon, 20 Jul 2020 16:50:28 +0000 (UTC) Message-ID: <613577badc9937049d40ff14d11646f64b3dac36.camel@perches.com> Subject: Re: [PATCH 5.4 047/215] iio:humidity:hdc100x Fix alignment and data leak issues From: Joe Perches To: Greg Kroah-Hartman , linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org, Lars-Peter Clausen , Matt Ranostay , Alison Schofield , Jonathan Cameron Date: Mon, 20 Jul 2020 09:50:26 -0700 In-Reply-To: <20200720152822.437100100@linuxfoundation.org> References: <20200720152820.122442056@linuxfoundation.org> <20200720152822.437100100@linuxfoundation.org> Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.36.3-0ubuntu1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2020-07-20 at 17:35 +0200, Greg Kroah-Hartman wrote: > From: Jonathan Cameron > > commit ea5e7a7bb6205d24371373cd80325db1bc15eded upstream. > > One of a class of bugs pointed out by Lars in a recent review. > iio_push_to_buffers_with_timestamp assumes the buffer used is aligned > to the size of the timestamp (8 bytes). This is not guaranteed in > this driver which uses an array of smaller elements on the stack. > As Lars also noted this anti pattern can involve a leak of data to > userspace and that indeed can happen here. We close both issues by > moving to a suitable structure in the iio_priv() data. > This data is allocated with kzalloc so no data can leak apart > from previous readings. [] > +++ b/drivers/iio/humidity/hdc100x.c > @@ -38,6 +38,11 @@ struct hdc100x_data { > > /* integration time of the sensor */ > int adc_int_us[2]; > + /* Ensure natural alignment of timestamp */ > + struct { > + __be16 channels[2]; > + s64 ts __aligned(8); Why does an s64 need __aligned(8) ? This seems needlessly redundant. Isn't this naturally aligned by the compiler? The struct isn't packed.