| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201112091050.84991-1-alexandru.ardelean@analog.com>
Date: Thu, 12 Nov 2020 11:10:50 +0200
From: Alexandru Ardelean <alexandru.ardelean@...log.com>
To: <linux-iio@...r.kernel.org>, <linux-kernel@...r.kernel.org>
CC: <alexandru.ardelean@...log.com>, <lars@...afoo.de>,
<jic23@...nel.org>
Subject: [PATCH] iio: ad_sigma_delta: Don't put SPI transfer buffer on the stack
From: Lars-Peter Clausen <lars@...afoo.de>
Use a heap allocated memory for the SPI transfer buffer. Using stack memory
can corrupt stack memory when using DMA on some systems.
This change adds 4 bytes at the end of the current DMA buffer, which will
be used by the trigger handler.
This is required because the first 4 bytes are reserved for register data.
Fixes: af3008485ea03 ("iio:adc: Add common code for ADI Sigma Delta devices")
Signed-off-by: Lars-Peter Clausen <lars@...afoo.de>
Signed-off-by: Alexandru Ardelean <alexandru.ardelean@...log.com>
---
drivers/iio/adc/ad_sigma_delta.c | 4 ++--
include/linux/iio/adc/ad_sigma_delta.h | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/iio/adc/ad_sigma_delta.c b/drivers/iio/adc/ad_sigma_delta.c
index 86039e9ecaca..33297f26508a 100644
--- a/drivers/iio/adc/ad_sigma_delta.c
+++ b/drivers/iio/adc/ad_sigma_delta.c
@@ -395,11 +395,11 @@ static irqreturn_t ad_sd_trigger_handler(int irq, void *p)
struct iio_poll_func *pf = p;
struct iio_dev *indio_dev = pf->indio_dev;
struct ad_sigma_delta *sigma_delta = iio_device_get_drvdata(indio_dev);
+ uint8_t *data = &sigma_delta->data[4];
unsigned int reg_size;
unsigned int data_reg;
- uint8_t data[16];
- memset(data, 0x00, 16);
+ memset(data, 0x00, 4);
reg_size = indio_dev->channels[0].scan_type.realbits +
indio_dev->channels[0].scan_type.shift;
diff --git a/include/linux/iio/adc/ad_sigma_delta.h b/include/linux/iio/adc/ad_sigma_delta.h
index a3a838dcf8e4..ac4ac4752c62 100644
--- a/include/linux/iio/adc/ad_sigma_delta.h
+++ b/include/linux/iio/adc/ad_sigma_delta.h
@@ -80,7 +80,7 @@ struct ad_sigma_delta {
* DMA (thus cache coherency maintenance) requires the
* transfer buffers to live in their own cache lines.
*/
- uint8_t data[4] ____cacheline_aligned;
+ uint8_t data[8] ____cacheline_aligned;
};
static inline int ad_sigma_delta_set_channel(struct ad_sigma_delta *sd,
--
2.17.1
Powered by blists - more mailing lists