diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2026-04-09 15:40:48 +0200 |
|---|---|---|
| committer | Jonathan Cameron <jic23@kernel.org> | 2026-05-15 12:01:38 +0100 |
| commit | c9d8e9adaa63150ef7e833480b799d0bab83a276 (patch) | |
| tree | a668cd75c6fbf90ce7a2fe9147a1abae42ede57b /scripts/objdiff | |
| parent | 387c86b582e0782ab332e7bfcd4e6e3f93922961 (diff) | |
iio: imu: st_lsm6dsx: fix stack leak in tagged FIFO buffer
The tagged FIFO path declares iio_buff on the stack with __aligned(8)
but no initializer, but there is a hole in the structure, which will
then leak to userspace as ST_LSM6DSX_SAMPLE_SIZE bytes (6) will be
copied, but the space between that and the timestamp are not
initialized.
Commit c14edb4d0bdc ("iio:imu:st_lsm6dsx Fix alignment and data leak
issues") moved the untagged FIFO path to a kzalloc'd buffer in hw->scan,
but for the tagged path it only added the alignment qualifier and not
the initializer :(
Fix this by just zero-initializing the structure on the stack.
Cc: Lorenzo Bianconi <lorenzo@kernel.org>
Cc: Jonathan Cameron <jic23@kernel.org>
Cc: David Lechner <dlechner@baylibre.com>
Cc: "Nuno Sá" <nuno.sa@analog.com>
Cc: Andy Shevchenko <andy@kernel.org>
Fixes: c14edb4d0bdc ("iio:imu:st_lsm6dsx Fix alignment and data leak issues")
Cc: stable <stable@kernel.org>
Assisted-by: gregkh_clanker_t1000
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: David Lechner <dlechner@baylibre.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Diffstat (limited to 'scripts/objdiff')
0 files changed, 0 insertions, 0 deletions