Commit b65dacb3 authored by Kent Gibson's avatar Kent Gibson Committed by Luo Gengkun
Browse files

gpiolib: cdev: fix uninitialised kfifo 

mainline inclusion
from mainline-v6.9
commit ee0166b637a5e376118e9659e5b4148080f1d27e
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9U7YV
CVE: CVE-2024-36898

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee0166b637a5e376118e9659e5b4148080f1d27e



--------------------------------

If a line is requested with debounce, and that results in debouncing
in software, and the line is subsequently reconfigured to enable edge
detection then the allocation of the kfifo to contain edge events is
overlooked.  This results in events being written to and read from an
uninitialised kfifo.  Read events are returned to userspace.

Initialise the kfifo in the case where the software debounce is
already active.

Fixes: 65cff704 ("gpiolib: cdev: support setting debounce")
Signed-off-by: default avatarKent Gibson <warthog618@gmail.com>
Link: https://lore.kernel.org/r/20240510065342.36191-1-warthog618@gmail.com


Signed-off-by: default avatarBartosz Golaszewski <bartosz.golaszewski@linaro.org>

Conflicts:
	drivers/gpio/gpiolib-cdev.c
[The original patch defines eflags instead of errflags, but eflags is already
a parameter of the function, so rename to errflags.]
Signed-off-by: default avatarLuo Gengkun <luogengkun2@huawei.com>
parent ff7390bf

drivers/gpio/gpiolib-cdev.c

+14 −0
Original line number Diff line number Diff line
@@ -816,6 +816,8 @@ static int edge_detector_update(struct line *line, 
				unsigned int line_idx,

				u64 eflags, bool polarity_change)

{

	u64 errflags;

	int ret;

	unsigned int debounce_period_us =

		gpio_v2_line_config_debounce_period(lc, line_idx);
@@ -827,6 +829,18 @@ static int edge_detector_update(struct line *line, 
	if (debounce_period_us && READ_ONCE(line->sw_debounced)) {

		line->eflags = eflags;

		WRITE_ONCE(line->desc->debounce_period_us, debounce_period_us);

		/*

		 * ensure event fifo is initialised if edge detection

		 * is now enabled.

		 */

		errflags = eflags & GPIO_V2_LINE_EDGE_FLAGS;

		if (errflags && !kfifo_initialized(&line->req->events)) {

			ret = kfifo_alloc(&line->req->events,

					  line->req->event_buffer_size,

					  GFP_KERNEL);

			if (ret)

				return ret;

		}

		return 0;

	}