Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2830900pxv; Mon, 12 Jul 2021 03:01:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyEUTtpVh8iNLDzzSAbST827rG2YaFeI4/U5z7hv+IXcWuJyfSaw+/GWfm9ZcT5TNzP/g1x X-Received: by 2002:a6b:4f10:: with SMTP id d16mr35293904iob.58.1626084104886; Mon, 12 Jul 2021 03:01:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626084104; cv=none; d=google.com; s=arc-20160816; b=yh6x/VWJs1SoVyUwslFwl0/5x445MFV+0WjBi3BtaKPDF86jLa8FI+atuk1VUGAMUS 8JfN+v2FBTeo+OGkDMyX/IQZiA4xdHN/xCD8PzCfrqP6uaus7a1uf0APAMrFq1YEJQ10 dp/wbTv5FGzSPb5OD5bQ9llMTRE+dc3W34uUSL/ZPJSzB6yDCh0gmvtH45rH85T/0TqP IM7Ypv4jB1VJnwbgj3Io8tL5jci8UcPxIOIXJpG37BAFs38SgqoWFXym2fmGsG3aVjCB EANSMiuqKFUUc8qsnUTX3zeUP1SX6FfIvmfVrMTEvT1SfPAlNomEKVi6/8KHq8kojSkx owwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=sCWVUsDi1+9OtkcudNVDp5kVFHyGQ6OrfYYRMk4Uro0=; b=k9RZugShFczvSg7LBJelLypJ1NLESezYOv/pakCCGxuc4FuhAvDs1c3YlS3Io59Ncs xywDYMNQb0Enbp2P0sdC4bZ6IPFuqXe7fiVveJhg9V0S8Mgk/tCoACbdeCOTop6R0blx Ld7LHR82ANown8hRD38NQDhte0L0TdSTsBpPy/bhuCjoLELeHUWkYR+s3Jho7iCk3YF+ l9MoZT/OIPEPvtMGr6tvvGSWG8XsGpvj0OQuRrKGSB1S0EJYovx6b/DDvwOeZUCj4LN8 R0oj52kJseqlFRYKT9VtJCJA3r1v2TVa17udpQzpNmNQIEqeJpZVoefUf0zStH/DsKoo IE9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=wd04eDgJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n2si18599276jaj.36.2021.07.12.03.01.27; Mon, 12 Jul 2021 03:01:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=wd04eDgJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244652AbhGLHLD (ORCPT + 99 others); Mon, 12 Jul 2021 03:11:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:44282 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238924AbhGLGtV (ORCPT ); Mon, 12 Jul 2021 02:49:21 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6D0026121E; Mon, 12 Jul 2021 06:45:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626072323; bh=bGvSRzuuP7sYaANfuvBJajzDaCwYoyxCmgraZru8dyk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wd04eDgJgUqqz9cC8tyd42v5VEFLZS5IruTNUPM+yV+l2oIHQ8saOyVftpSuUvAxK cL46A1vW9UImcPWJeAN4IH+vGnkTeEZ5nXyfqTB1355iBStPza/TUsbRnqSI78z+7y KgpmTNreY8ADJreSfhl19AfV4jzyLCmJ8188iKg4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jonathan Cameron , Andy Shevchenko , Sasha Levin Subject: [PATCH 5.10 449/593] iio: accel: mxc4005: Fix overread of data and alignment issue. Date: Mon, 12 Jul 2021 08:10:09 +0200 Message-Id: <20210712060938.594284901@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060843.180606720@linuxfoundation.org> References: <20210712060843.180606720@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jonathan Cameron [ Upstream commit f65802284a3a337510d7f8f916c97d66c74f2e71 ] The bulk read size is based on the size of an array that also has space for the timestamp alongside the channels. Fix that and also fix alignment of the buffer passed to iio_push_to_buffers_with_timestamp. Found during an audit of all calls to this function. Fixes: 1ce0eda0f757 ("iio: mxc4005: add triggered buffer mode for mxc4005") Signed-off-by: Jonathan Cameron Reviewed-by: Andy Shevchenko Link: https://lore.kernel.org/r/20210501170121.512209-6-jic23@kernel.org Signed-off-by: Sasha Levin --- drivers/iio/accel/mxc4005.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index f877263dc6ef..5a2b0ffbb145 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -56,7 +56,11 @@ struct mxc4005_data { struct mutex mutex; struct regmap *regmap; struct iio_trigger *dready_trig; - __be16 buffer[8]; + /* Ensure timestamp is naturally aligned */ + struct { + __be16 chans[3]; + s64 timestamp __aligned(8); + } scan; bool trigger_enabled; }; @@ -135,7 +139,7 @@ static int mxc4005_read_xyz(struct mxc4005_data *data) int ret; ret = regmap_bulk_read(data->regmap, MXC4005_REG_XOUT_UPPER, - data->buffer, sizeof(data->buffer)); + data->scan.chans, sizeof(data->scan.chans)); if (ret < 0) { dev_err(data->dev, "failed to read axes\n"); return ret; @@ -301,7 +305,7 @@ static irqreturn_t mxc4005_trigger_handler(int irq, void *private) if (ret < 0) goto err; - iio_push_to_buffers_with_timestamp(indio_dev, data->buffer, + iio_push_to_buffers_with_timestamp(indio_dev, &data->scan, pf->timestamp); err: -- 2.30.2