From patchwork Mon Jan 22 12:21:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 125407 Delivered-To: patch@linaro.org Received: by 10.46.66.141 with SMTP id h13csp1125994ljf; Mon, 22 Jan 2018 04:21:54 -0800 (PST) X-Google-Smtp-Source: AH8x22730ORkrKiU4d/FjV413MPghiuXWNgiIjx9qAp/FQub3feGcogbjmNM42nrkhqPNZtAiFfK X-Received: by 2002:a17:902:4c88:: with SMTP id b8-v6mr1578590ple.233.1516623714204; Mon, 22 Jan 2018 04:21:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516623714; cv=none; d=google.com; s=arc-20160816; b=JBeEWVXyPn82GFbiGLONJwFjWWCDVP16JPGKNyM/Zpi7JI4/WwopAjHbrlDo4wczcg QUQ8Y4aaFsts2EgDwB6MIx00OAwh3a2adqls+WWJFpMO6s8qiqB6SIdr8+SyMXrHs2ne ZhS2Ruz9p0lIjBbbDtsVk+BbbhHeRxcSBw4FjQL67QXG7zmOW3LT1SaYHzm8iR2oCgm9 AevOBxIB8jGp16o4Ubx8ILHjA8XWuCXmc0pKj+vhuV4xokYKobqF+QTTIcnAwIQROqRY 9t3oRFtVMeccjzddzig7Db/j+FtQgyEJcnMONp0znFo7fbaI9x/uE11EEuz7/76y7uqC mvMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=53d2RG6ortw77flz+E1zYJa9xu8niGk68+eiups51xE=; b=tcwnrK1uMsMf99kDCTNIp58sRnyzx3RVwfxcJjF67rezC2FIMLP/0KBCPCTouopvTF 0C0pu29EL0RRusGyih6T2lumng9aHTjhZt2xzm/N0oWg7WpnGsN65rhl1ORlA+pZ8pLw agcqHm1tj4BNJV951Vmm6aIFXnOR1zy48wHLMcgtclxW/MYjT47pwJoI4N2vusjsY+j8 RT31h66beUYl/ZDgOmenS+xOdtkl9ZeMYFQJxNAxmEpSniIfxG3rh1kA7ahEaNucUN7z CVXlj/HWWD2Lbsx6C5VWgl650fFkbskoPzUuIoRKJJiJepFNQd9VJjhOBZ1LokO3lKHv Uwvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=ASc19UgP; spf=pass (google.com: best guess record for domain of linux-gpio-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-gpio-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b4-v6si3437140plm.499.2018.01.22.04.21.53; Mon, 22 Jan 2018 04:21:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-gpio-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=ASc19UgP; spf=pass (google.com: best guess record for domain of linux-gpio-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-gpio-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751140AbeAVMVx (ORCPT + 6 others); Mon, 22 Jan 2018 07:21:53 -0500 Received: from mail-lf0-f68.google.com ([209.85.215.68]:33582 "EHLO mail-lf0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751057AbeAVMVw (ORCPT ); Mon, 22 Jan 2018 07:21:52 -0500 Received: by mail-lf0-f68.google.com with SMTP id t139so10336827lff.0 for ; Mon, 22 Jan 2018 04:21:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=jFAEz1Jal9WgF7R+ZCGmRVauHO8EkRHTSkNnyMohkN0=; b=ASc19UgPnCYqdlqIR0g/1kOErj3+uzgu7GFPvu8oMPJNz8foWoA+7Yvk06BnPUzXXB 5YQmWjAWEdHN3ZW/InJ7cnjbW7+jcXQefNk9LLaQlk1wuTtWN2Zagu7weYhel6F2usK8 xS9D4MpStGeQWPQVVidN4BgfMeWjq6mcXpgCk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=jFAEz1Jal9WgF7R+ZCGmRVauHO8EkRHTSkNnyMohkN0=; b=K52rxoXLXG9ntUwy/C/FKqXUa8H9yRBSp6QK71GqRZmSxxJOjYGoeTTmxdTAEc2TNx W71r7BdtDv8lyqYplKZQ0tOzCZGxPyT5KKmOFzQ6cXDHgO9z2AIzwq2cfklXr/YkAxaJ fM/zfjF8eoKJ9Deg6K7J+/NcegYJEEGASXF2OmLvVWTHvp/xOcoghNbW1R42BOLbUvuI x/dQkTo0jfqfRot6yHPkJdQtRMo7iI/Npj7YYsm5ulRPOa0+r3BYZcxjXx/txAJclLQc 7vkNQdC8KBbv9YdUxmN/e4ryYugav9oASNqkvJqsNePa2lyJHsA7okG9jrNt1VvDrawf OMMA== X-Gm-Message-State: AKwxytfM5nlAR8SK7uNaJMCawooFs0paTyTgpKps8ed3GZRWNG8k+GlN tGlh1PI//qzBVXtGUCGLhVnTjYByi4w= X-Received: by 10.46.33.204 with SMTP id h73mr2611344lji.20.1516623710739; Mon, 22 Jan 2018 04:21:50 -0800 (PST) Received: from genomnajs.ideon.se ([85.235.10.227]) by smtp.gmail.com with ESMTPSA id g81sm2762072ljb.74.2018.01.22.04.21.49 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 22 Jan 2018 04:21:50 -0800 (PST) From: Linus Walleij To: linux-gpio@vger.kernel.org Cc: Linus Walleij , stable@vger.kernel.org, Bartosz Golaszewski , Arnd Bergmann Subject: [PATCH] gpio: Fix kernel stack leak to userspace Date: Mon, 22 Jan 2018 13:21:46 +0100 Message-Id: <20180122122146.25689-1-linus.walleij@linaro.org> X-Mailer: git-send-email 2.14.3 Sender: linux-gpio-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-gpio@vger.kernel.org The GPIO event descriptor was leaking kernel stack to userspace because we don't zero the variable before use. Ooops. Fix this. Cc: stable@vger.kernel.org Cc: Bartosz Golaszewski Cc: Arnd Bergmann Reported-by: Arnd Bergmann Signed-off-by: Linus Walleij --- drivers/gpio/gpiolib.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.14.3 -- To unsubscribe from this list: send the line "unsubscribe linux-gpio" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Reviewed-by: Bartosz Golaszewski Reviewed-by: Arnd Bergmann diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 37e31ba82ca0..754836e4ca0e 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -744,6 +744,9 @@ static irqreturn_t lineevent_irq_thread(int irq, void *p) struct gpioevent_data ge; int ret, level; + /* Do not leak kernel stack to userspace */ + memset(&ge, 0, sizeof(ge)); + ge.timestamp = ktime_get_real_ns(); level = gpiod_get_value_cansleep(le->desc);