Commit aea30895 authored by Javier Carrasco's avatar Javier Carrasco Committed by Wen Zhiwei
Browse files

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer 

stable inclusion
from stable-v6.6.72
commit 74058395b2c63c8a438cf199d09094b640f8c7f4
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IBQN9L

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=74058395b2c63c8a438cf199d09094b640f8c7f4



--------------------------------

commit 333be433ee908a53f283beb95585dfc14c8ffb46 upstream.

The 'data' array is allocated via kmalloc() and it is used to push data
to user space from a triggered buffer, but it does not set values for
inactive channels, as it only uses iio_for_each_active_channel()
to assign new values.

Use kzalloc for the memory allocation to avoid pushing uninitialized
information to userspace.

Cc: stable@vger.kernel.org
Fixes: 415f7924 ("iio: Move IIO Dummy Driver out of staging")
Signed-off-by: default avatarJavier Carrasco <javier.carrasco.cruz@gmail.com>
Link: https://patch.msgid.link/20241125-iio_memset_scan_holes-v1-9-0cb6e98d895c@gmail.com


Signed-off-by: default avatarJonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarWen Zhiwei <wenzhiwei@kylinos.cn>
parent fcc9e979

drivers/iio/dummy/iio_simple_dummy_buffer.c

+1 −1
Original line number Diff line number Diff line
@@ -48,7 +48,7 @@ static irqreturn_t iio_simple_dummy_trigger_h(int irq, void *p) 
	int i = 0, j;

	u16 *data;



	data = kmalloc(indio_dev->scan_bytes, GFP_KERNEL);

	data = kzalloc(indio_dev->scan_bytes, GFP_KERNEL);

	if (!data)

		goto done;