Commit fb08f346 authored Feb 19, 2025 by Javier Carrasco Committed by Cui GaoSheng Feb 19, 2025

iio: adc: rockchip_saradc: fix information leak in triggered buffer

stable inclusion
from stable-v6.6.72
commit 5a95fbbecec7a34bbad5dcc3156700b8711d53c4
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBIQWT
CVE: CVE-2024-57907

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5a95fbbecec7a34bbad5dcc3156700b8711d53c4



--------------------------------

commit 38724591364e1e3b278b4053f102b49ea06ee17c upstream.

The 'data' local struct is used to push data to user space from a
triggered buffer, but it does not set values for inactive channels, as
it only uses iio_for_each_active_channel() to assign new values.

Initialize the struct to zero before using it to avoid pushing
uninitialized information to userspace.

Cc: stable@vger.kernel.org
Fixes: 4e130dc7 ("iio: adc: rockchip_saradc: Add support iio buffers")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Link: https://patch.msgid.link/20241125-iio_memset_scan_holes-v1-4-0cb6e98d895c@gmail.com


Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Cui GaoSheng <cuigaosheng1@huawei.com>

parent 1167f85d

drivers/iio/adc/rockchip_saradc.c

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -368,6 +368,8 @@ static irqreturn_t rockchip_saradc_trigger_handler(int irq, void *p)
	int ret;		int ret;
	int i, j = 0;		int i, j = 0;

			memset(&data, 0, sizeof(data));

	mutex_lock(&info->lock);		mutex_lock(&info->lock);

	for_each_set_bit(i, i_dev->active_scan_mask, i_dev->masklength) {		for_each_set_bit(i, i_dev->active_scan_mask, i_dev->masklength) {