From patchwork Thu Jun 16 09:02:41 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 636287 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3rVcnH4g4bz9t0f for ; Thu, 16 Jun 2016 19:01:22 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753826AbcFPJBU (ORCPT ); Thu, 16 Jun 2016 05:01:20 -0400 Received: from mout.kundenserver.de ([212.227.126.187]:58959 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752587AbcFPJBS (ORCPT ); Thu, 16 Jun 2016 05:01:18 -0400 Received: from wuerfel.lan. ([78.42.132.4]) by mrelayeu.kundenserver.de (mreue001) with ESMTPA (Nemesis) id 0MazIw-1axROP0Y38-00KQvs; Thu, 16 Jun 2016 11:01:11 +0200 From: Arnd Bergmann To: Linus Walleij , Alexandre Courbot Cc: Arnd Bergmann , linux-gpio@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] gpiolib: avoid uninitialized data in gpio kfifo Date: Thu, 16 Jun 2016 11:02:41 +0200 Message-Id: <20160616090254.964288-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:vhQiUVUijeBg70UbMFsA3/FXsFSCpN0x+FK+FJloMhdfpDkcgHZ kjmncoYknF/DHSIovrVbUyrwATUmi8d+jRlo5vcPZ5zPkg6PfDePHn8dFdNdytoi0/jfJlE R6haxewPczJs1/eGHiupQhWCnpfzeMEYChpOFrublbhMK8XtIm+8J1+y1Ymg8iudBJLPWdT dlYdEmceAD9p3BNOKFPRA== X-UI-Out-Filterresults: notjunk:1; V01:K0:ip+6e9ZuZt8=:rbe3jF4wMb17TNHz2ocoSP OOPF8cGZUPLQp4WyaYhJzGY3Nyog03DVKl4ePjr00qe4pjcOeJ6oikiC+qHhFg05uHblGP5qF bntY860fj0aWw3w6RbVSP97Y9Os1ZuLS6ZLIBkpXXOPmZYBxc7wjJTNvFBmetnhMdPAIoA59x Mqj1HeVANNMMXblshRUF7Oe1616Wxf2AMm4tRVTzoLFBYFEEtlDiwzRiB6cWKBoM7RLjEbqeO YNFQt+Xk114LdulKJJPY7F7N62hp56rmAMOvAUULE9njMWAph3rz9tJHpJ+g1BxeMSXaoTHC4 xDcqD6kEXZXYOs7fPmdJZdidpB5/j32jZEVTP6AW7RHA8RdXx7P18Ig0A/k9b6HcaykBQTHMj 3ujnXohCTOZdwxokJNybBSMhpxOBu8QBS9a4+ukwSnQaRmB+bniocrSp+/N/7WRtrRrvFKWnQ Pes2fKBpvAKJBkHlLGFMKfk1YiFw1VnjQKr5kJ1tkE9aj0mEBs8DprUY0nNQBPt3w6rXNee5L 87JQ+Pw3WBSHSK6g8w/jNglrpcTl6s+UoEDMP806RjVaTmGeEB+y6Y1E+caevyJvhvpzMVGNT BJQ5w4fO0/p2ikLPfWdtGSbsbbreAkwAOFHnVoPVNCby3pk4/vaMYG0CnHrdv0kqf0O2gj3DN gaJqe852NJhW/adjXq2kum6+YS//IKF9o/7urvfkF+7KSfm7Ah+OBNv4rZGm40XjMQbw= Sender: linux-gpio-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-gpio@vger.kernel.org gcc reports a theoretical case for returning uninitialized data in the kfifo when a GPIO interrupt happens and neither GPIOEVENT_REQUEST_RISING_EDGE nor GPIOEVENT_REQUEST_FALLING_EDGE are set: drivers/gpio/gpiolib.c: In function 'lineevent_irq_thread': drivers/gpio/gpiolib.c:683:87: error: 'ge.id' may be used uninitialized in this function [-Werror=maybe-uninitialized] This case should not happen, but to be on the safe side, let's return from the irq handler without adding data to the FIFO to ensure we can never leak stack data to user space. Signed-off-by: Arnd Bergmann Fixes: 61f922db7221 ("gpio: userspace ABI for reading GPIO line events") --- drivers/gpio/gpiolib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 8b3db593f356..3466e6198351 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -674,6 +674,8 @@ irqreturn_t lineevent_irq_thread(int irq, void *p) } else if (le->eflags & GPIOEVENT_REQUEST_FALLING_EDGE) { /* Emit high-to-low event */ ge.id = GPIOEVENT_EVENT_FALLING_EDGE; + } else { + return IRQ_NONE; } ret = kfifo_put(&le->events, ge);