lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20221016121441.5e792a52@jic23-huawei>
Date:   Sun, 16 Oct 2022 12:14:41 +0100
From:   Jonathan Cameron <jic23@...nel.org>
To:     <Claudiu.Beznea@...rochip.com>
Cc:     <mazziesaccount@...il.com>, <matti.vaittinen@...rohmeurope.com>,
        <Eugen.Hristev@...rochip.com>, <lars@...afoo.de>,
        <Nicolas.Ferre@...rochip.com>, <alexandre.belloni@...tlin.com>,
        <alexandru.ardelean@...log.com>, <linux-iio@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 04/10] iio: at91-sama5d2_adc: Fix unsafe buffer
 attributes

On Thu, 6 Oct 2022 08:34:17 +0000
<Claudiu.Beznea@...rochip.com> wrote:

> On 03.10.2022 11:11, Matti Vaittinen wrote:
> > The iio_triggered_buffer_setup_ext() was changed by
> > commit 15097c7a1adc ("iio: buffer: wrap all buffer attributes into iio_dev_attr")
> > to silently expect that all attributes given in buffer_attrs array are
> > device-attributes. This expectation was not forced by the API - and some
> > drivers did register attributes created by IIO_CONST_ATTR().
> > 
> > The added attribute "wrapping" does not copy the pointer to stored
> > string constant and when the sysfs file is read the kernel will access
> > to invalid location.
> > 
> > Change the IIO_CONST_ATTRs from the driver to IIO_DEVICE_ATTR in order
> > to prevent the invalid memory access.
> > 
> > Signed-off-by: Matti Vaittinen <mazziesaccount@...il.com>
> > Fixes: 15097c7a1adc ("iio: buffer: wrap all buffer attributes into iio_dev_attr")  
> 
> Tested-by: Claudiu Beznea <claudiu.beznea@...rochip.com>
> 
> on SAMA5D2
> 
Applied to the fixes-togreg branch of iio.git and marked for stable.

For the reset of the series I'll need to wait for these first 4 patches to make their
way to upstream of the togreg branch then queue the rest up on top of that.

Jonathan

>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ