Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2713262pxv; Sun, 11 Jul 2021 23:32:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz1nBSg3hJx0CQEd/OeigExss5xGGjHNqrL8qUGHtDNcg8vVfsYQ8w9FHvuLSpQhKibSOR0 X-Received: by 2002:a92:a00e:: with SMTP id e14mr36708405ili.126.1626071575759; Sun, 11 Jul 2021 23:32:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626071575; cv=none; d=google.com; s=arc-20160816; b=k31f5z3T+dl3mJFsmHJhBcElt7rb2G0DFd8UEUxCB7PtFmAgUOQKEbRW+35Pg4jNSX oepFT5jiLKmeq6So8lPlwX34E7CbzSpOxAB7WaOPztbtjfsgfYEGKvMJDMD2+gD+yGAL 4aQEZ1LEeJtn030ex8R+yoBNEX3N7l0LTwUGEksRayo82uBdSRYvemVeJhRaRoy7pVw0 4tgSYZ2mrn5ijEEVWgri5tdcC6V4cCt8bGB0TPYd8v+NS5hy++H8WxEdnTyc/WJty9or Hv12WFYHKiRtIyACsXaf5l0U5bqqdcP0AojZFGGEpXzGmUaLnvf5Syg8my10SxLY8XNu 5fYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=iWaBBbUH9TAkaqL9YjhZEHrKEFQ3JCZCiaAxavRcQ8I=; b=uyzZ8r+Leqoe2niadPBwfOwhI/oCnY13VsoQQY68tWMf5ozv4IGKZORpSLYaIbRhLP BMjGYB+Lg/euvtq4m7In4vdLggJO/UGmK+kyvZzErlm+4QhDjZF6jzckZQ8m+palHA1n umEzji8z/DiZG34QZH6z+sIVtpbc5ecegxZsCrCGjPSaVEy/h25euhmZNFLDqPPnB5Te 4Uyuby36i+0p+h9Xcm9aTOVKbMkoLSp8mnX1VQoswE8Ln5GkDWU4d4yaPP74qkyYOSHl EzE7C7ZPwPOf8SmU3tMedRdmLf5/raet0u9eXO59dtFV1p6SOZ0rW4g/2OoRwTUJBloY gERg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=1i+zkRd4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v15si5699475jas.5.2021.07.11.23.32.44; Sun, 11 Jul 2021 23:32:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=1i+zkRd4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237739AbhGLGet (ORCPT + 99 others); Mon, 12 Jul 2021 02:34:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:46224 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235157AbhGLG2Z (ORCPT ); Mon, 12 Jul 2021 02:28:25 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3299561004; Mon, 12 Jul 2021 06:24:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626071076; bh=iOCJ63eUXxFDlQ8FN5hBdPSYIDOOypkaYhYrxvoP5e8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1i+zkRd4Cx4+0IVXlFODJP4Bvqsyfk4Jb5Pa/zI4yjvPTdpXeITcZtMDIXKT7SX08 FYAa2CCUgEUH4WdEbvnE6gxlUSt6tbRSHiMZKURAK1xLJ4ftshz9w3gbXLlAF/RsQG jPy1TrlC2AexUNatHssYxF9ZDQt9jpWtw1A1C1Fw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jonathan Cameron , Andy Shevchenko , Sasha Levin Subject: [PATCH 5.4 265/348] iio: accel: mxc4005: Fix overread of data and alignment issue. Date: Mon, 12 Jul 2021 08:10:49 +0200 Message-Id: <20210712060738.532620700@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060659.886176320@linuxfoundation.org> References: <20210712060659.886176320@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jonathan Cameron [ Upstream commit f65802284a3a337510d7f8f916c97d66c74f2e71 ] The bulk read size is based on the size of an array that also has space for the timestamp alongside the channels. Fix that and also fix alignment of the buffer passed to iio_push_to_buffers_with_timestamp. Found during an audit of all calls to this function. Fixes: 1ce0eda0f757 ("iio: mxc4005: add triggered buffer mode for mxc4005") Signed-off-by: Jonathan Cameron Reviewed-by: Andy Shevchenko Link: https://lore.kernel.org/r/20210501170121.512209-6-jic23@kernel.org Signed-off-by: Sasha Levin --- drivers/iio/accel/mxc4005.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 9d07642c0de1..d81b02642a0b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -56,7 +56,11 @@ struct mxc4005_data { struct mutex mutex; struct regmap *regmap; struct iio_trigger *dready_trig; - __be16 buffer[8]; + /* Ensure timestamp is naturally aligned */ + struct { + __be16 chans[3]; + s64 timestamp __aligned(8); + } scan; bool trigger_enabled; }; @@ -135,7 +139,7 @@ static int mxc4005_read_xyz(struct mxc4005_data *data) int ret; ret = regmap_bulk_read(data->regmap, MXC4005_REG_XOUT_UPPER, - data->buffer, sizeof(data->buffer)); + data->scan.chans, sizeof(data->scan.chans)); if (ret < 0) { dev_err(data->dev, "failed to read axes\n"); return ret; @@ -301,7 +305,7 @@ static irqreturn_t mxc4005_trigger_handler(int irq, void *private) if (ret < 0) goto err; - iio_push_to_buffers_with_timestamp(indio_dev, data->buffer, + iio_push_to_buffers_with_timestamp(indio_dev, &data->scan, pf->timestamp); err: -- 2.30.2