From patchwork Mon Jan 22 12:21:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 864245 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=linux-gpio-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ASc19UgP"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zQ9Xf34yJz9s7s for ; Mon, 22 Jan 2018 23:21:54 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751140AbeAVMVx (ORCPT ); Mon, 22 Jan 2018 07:21:53 -0500 Received: from mail-lf0-f68.google.com ([209.85.215.68]:33582 "EHLO mail-lf0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751057AbeAVMVw (ORCPT ); Mon, 22 Jan 2018 07:21:52 -0500 Received: by mail-lf0-f68.google.com with SMTP id t139so10336827lff.0 for ; Mon, 22 Jan 2018 04:21:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=jFAEz1Jal9WgF7R+ZCGmRVauHO8EkRHTSkNnyMohkN0=; b=ASc19UgPnCYqdlqIR0g/1kOErj3+uzgu7GFPvu8oMPJNz8foWoA+7Yvk06BnPUzXXB 5YQmWjAWEdHN3ZW/InJ7cnjbW7+jcXQefNk9LLaQlk1wuTtWN2Zagu7weYhel6F2usK8 xS9D4MpStGeQWPQVVidN4BgfMeWjq6mcXpgCk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=jFAEz1Jal9WgF7R+ZCGmRVauHO8EkRHTSkNnyMohkN0=; b=K52rxoXLXG9ntUwy/C/FKqXUa8H9yRBSp6QK71GqRZmSxxJOjYGoeTTmxdTAEc2TNx W71r7BdtDv8lyqYplKZQ0tOzCZGxPyT5KKmOFzQ6cXDHgO9z2AIzwq2cfklXr/YkAxaJ fM/zfjF8eoKJ9Deg6K7J+/NcegYJEEGASXF2OmLvVWTHvp/xOcoghNbW1R42BOLbUvuI x/dQkTo0jfqfRot6yHPkJdQtRMo7iI/Npj7YYsm5ulRPOa0+r3BYZcxjXx/txAJclLQc 7vkNQdC8KBbv9YdUxmN/e4ryYugav9oASNqkvJqsNePa2lyJHsA7okG9jrNt1VvDrawf OMMA== X-Gm-Message-State: AKwxytfM5nlAR8SK7uNaJMCawooFs0paTyTgpKps8ed3GZRWNG8k+GlN tGlh1PI//qzBVXtGUCGLhVnTjYByi4w= X-Google-Smtp-Source: AH8x227+Xq+vdAvBiRsPOTyDjCdQJMTTniBetFb9knF0rgmomxttBYL34PKNYmI28zf9cmb/+6TxRg== X-Received: by 10.46.33.204 with SMTP id h73mr2611344lji.20.1516623710739; Mon, 22 Jan 2018 04:21:50 -0800 (PST) Received: from genomnajs.ideon.se ([85.235.10.227]) by smtp.gmail.com with ESMTPSA id g81sm2762072ljb.74.2018.01.22.04.21.49 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 22 Jan 2018 04:21:50 -0800 (PST) From: Linus Walleij To: linux-gpio@vger.kernel.org Cc: Linus Walleij , stable@vger.kernel.org, Bartosz Golaszewski , Arnd Bergmann Subject: [PATCH] gpio: Fix kernel stack leak to userspace Date: Mon, 22 Jan 2018 13:21:46 +0100 Message-Id: <20180122122146.25689-1-linus.walleij@linaro.org> X-Mailer: git-send-email 2.14.3 Sender: linux-gpio-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-gpio@vger.kernel.org The GPIO event descriptor was leaking kernel stack to userspace because we don't zero the variable before use. Ooops. Fix this. Cc: stable@vger.kernel.org Cc: Bartosz Golaszewski Cc: Arnd Bergmann Reported-by: Arnd Bergmann Signed-off-by: Linus Walleij Reviewed-by: Bartosz Golaszewski Reviewed-by: Arnd Bergmann --- drivers/gpio/gpiolib.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 37e31ba82ca0..754836e4ca0e 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -744,6 +744,9 @@ static irqreturn_t lineevent_irq_thread(int irq, void *p) struct gpioevent_data ge; int ret, level; + /* Do not leak kernel stack to userspace */ + memset(&ge, 0, sizeof(ge)); + ge.timestamp = ktime_get_real_ns(); level = gpiod_get_value_cansleep(le->desc);