From: "Pandruvada, Srinivas" <srinivas.pandruvada-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
To: "linux-input-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-input-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"Song,
Hongyan" <hongyan.song-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
"linux-iio-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-iio-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"jic23-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org"
<jic23-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: "jikos-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org"
<jikos-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Subject: Re: [PATCH v2] hid: hid-sensor-hub: clear memory to avoid random data
Date: Sun, 13 Nov 2016 14:45:09 +0000 [thread overview]
Message-ID: <1479048126.13439.8.camel@intel.com> (raw)
In-Reply-To: <e64c6b31-739c-a6ab-cd1e-6637809feae4-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
On Sat, 2016-11-12 at 14:43 +0000, Jonathan Cameron wrote:
> On 11/11/16 00:58, Song Hongyan wrote:
> >
> > Initialize user buffer with 0s. This will avoid random data in the
> > buffer,
> > when the user buffer size is bigger than the actual report size.
> >
> > Signed-off-by: Song Hongyan <hongyan.song@intel.com>
> Please describe the result of this bug in the description.
> Why does it matter?
Hongyan,
Please resubmit.
The issue is:
When user tried to read some fields like hysteresis from IIO sysfs on
some systems, it fails. The reason is that this field is a byte field
and caller of sensor_hub_get_feature() passes a buffer of 4 bytes. Here
the function sensor_hub_get_feature() copies the single byte from the
report to the caller buffer and returns "1" as the number of bytes
copied. So caller can use the return value.
But this is done by multiple callers, so if we just change the
sensor_hub_get_feature so that caller buffer is initialized with 0s
then we don't to change all functions.
>
> Without that info, it's hard to judge what path this should take
> into mainline or whether the fix needs to be marked for stable.
IMO this is not an urgent fix and queued for next kernel release.
> Thanks,
>
> Jonathan
> >
> > ---
> > Changes in v2:
> > -clear memory in get_feature() instead of set_feature()
s/get_feature()/sensor_hub_get_feature()
Thanks,
Srinivas
> >
> > drivers/hid/hid-sensor-hub.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-
> > hub.c
> > index 658a607..b74d954 100644
> > --- a/drivers/hid/hid-sensor-hub.c
> > +++ b/drivers/hid/hid-sensor-hub.c
> > @@ -252,6 +252,7 @@ int sensor_hub_get_feature(struct
> > hid_sensor_hub_device *hsdev, u32 report_id,
> > int report_size;
> > int ret = 0;
> >
> > + memset(buffer, 0, buffer_size);
> > mutex_lock(&data->mutex);
> > report = sensor_hub_report(report_id, hsdev->hdev,
> > HID_FEATURE_REPORT);
> > if (!report || (field_index >= report->maxfield) ||
> >
WARNING: multiple messages have this Message-ID (diff)
From: "Pandruvada, Srinivas" <srinivas.pandruvada@intel.com>
To: "linux-input@vger.kernel.org" <linux-input@vger.kernel.org>,
"Song, Hongyan" <hongyan.song@intel.com>,
"linux-iio@vger.kernel.org" <linux-iio@vger.kernel.org>,
"jic23@kernel.org" <jic23@kernel.org>
Cc: "jikos@kernel.org" <jikos@kernel.org>
Subject: Re: [PATCH v2] hid: hid-sensor-hub: clear memory to avoid random data
Date: Sun, 13 Nov 2016 14:45:09 +0000 [thread overview]
Message-ID: <1479048126.13439.8.camel@intel.com> (raw)
In-Reply-To: <e64c6b31-739c-a6ab-cd1e-6637809feae4@kernel.org>
T24gU2F0LCAyMDE2LTExLTEyIGF0IDE0OjQzICswMDAwLCBKb25hdGhhbiBDYW1lcm9uIHdyb3Rl
Og0KPiBPbiAxMS8xMS8xNiAwMDo1OCwgU29uZyBIb25neWFuIHdyb3RlOg0KPiA+IA0KPiA+IElu
aXRpYWxpemUgdXNlciBidWZmZXIgd2l0aCAwcy4gVGhpcyB3aWxsIGF2b2lkIHJhbmRvbSBkYXRh
IGluIHRoZQ0KPiA+IGJ1ZmZlciwNCj4gPiB3aGVuIHRoZSB1c2VyIGJ1ZmZlciBzaXplIGlzIGJp
Z2dlciB0aGFuIHRoZSBhY3R1YWwgcmVwb3J0IHNpemUuDQo+ID4gDQo+ID4gU2lnbmVkLW9mZi1i
eTogU29uZyBIb25neWFuIDxob25neWFuLnNvbmdAaW50ZWwuY29tPg0KPiBQbGVhc2UgZGVzY3Jp
YmUgdGhlIHJlc3VsdCBvZiB0aGlzIGJ1ZyBpbiB0aGUgZGVzY3JpcHRpb24uDQo+IFdoeSBkb2Vz
IGl0IG1hdHRlcj8NCkhvbmd5YW4sDQoNClBsZWFzZSByZXN1Ym1pdC4NCg0KDQoNClRoZSBpc3N1
ZSBpczoNCg0KV2hlbiB1c2VyIHRyaWVkIHRvIHJlYWQgc29tZSBmaWVsZHMgbGlrZSBoeXN0ZXJl
c2lzIGZyb20gSUlPIHN5c2ZzIG9uDQpzb21lIHN5c3RlbXMsIGl0IGZhaWxzLiBUaGUgcmVhc29u
IGlzIHRoYXQgdGhpcyBmaWVsZCBpcyBhIGJ5dGUgZmllbGQNCmFuZCBjYWxsZXIgb2Ygc2Vuc29y
X2h1Yl9nZXRfZmVhdHVyZSgpIHBhc3NlcyBhIGJ1ZmZlciBvZiA0IGJ5dGVzLiBIZXJlDQp0aGUg
ZnVuY3Rpb24gc2Vuc29yX2h1Yl9nZXRfZmVhdHVyZSgpIGNvcGllcyB0aGUgc2luZ2xlIGJ5dGUg
ZnJvbSB0aGUNCnJlcG9ydCB0byB0aGUgY2FsbGVyIGJ1ZmZlciBhbmQgcmV0dXJucyAiMSIgYXMg
dGhlIG51bWJlciBvZiBieXRlcw0KY29waWVkLiBTbyBjYWxsZXIgY2FuIHVzZSB0aGUgcmV0dXJu
IHZhbHVlLg0KDQpCdXQgdGhpcyBpcyBkb25lIGJ5IG11bHRpcGxlIGNhbGxlcnMsIHNvIGlmIHdl
IGp1c3QgY2hhbmdlIHRoZQ0Kc2Vuc29yX2h1Yl9nZXRfZmVhdHVyZSBzbyB0aGF0IGNhbGxlciBi
dWZmZXIgaXMgaW5pdGlhbGl6ZWQgd2l0aCAwcw0KdGhlbiB3ZSBkb24ndCB0byBjaGFuZ2UgYWxs
IGZ1bmN0aW9ucy7CoA0KDQoNCg0KPiANCj4gV2l0aG91dCB0aGF0IGluZm8sIGl0J3MgaGFyZCB0
byBqdWRnZSB3aGF0IHBhdGggdGhpcyBzaG91bGQgdGFrZQ0KPiBpbnRvIG1haW5saW5lIG9yIHdo
ZXRoZXIgdGhlIGZpeCBuZWVkcyB0byBiZSBtYXJrZWQgZm9yIHN0YWJsZS4NCklNTyB0aGlzIGlz
IG5vdCBhbiB1cmdlbnQgZml4IGFuZCBxdWV1ZWQgZm9yIG5leHQga2VybmVsIHJlbGVhc2UuDQoN
Cg0KPiBUaGFua3MsDQo+IA0KPiBKb25hdGhhbg0KPiA+IA0KPiA+IC0tLQ0KPiA+IENoYW5nZXMg
aW4gdjI6DQo+ID4gwqDCoMKgwqAtY2xlYXIgbWVtb3J5IGluIGdldF9mZWF0dXJlKCkgaW5zdGVh
ZCBvZiBzZXRfZmVhdHVyZSgpDQpzL2dldF9mZWF0dXJlKCkvc2Vuc29yX2h1Yl9nZXRfZmVhdHVy
ZSgpDQoNCg0KVGhhbmtzLA0KU3Jpbml2YXMNCg0KPiA+IA0KPiA+IMKgZHJpdmVycy9oaWQvaGlk
LXNlbnNvci1odWIuYyB8IDEgKw0KPiA+IMKgMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCsp
DQo+ID4gDQo+ID4gZGlmZiAtLWdpdCBhL2RyaXZlcnMvaGlkL2hpZC1zZW5zb3ItaHViLmMgYi9k
cml2ZXJzL2hpZC9oaWQtc2Vuc29yLQ0KPiA+IGh1Yi5jDQo+ID4gaW5kZXggNjU4YTYwNy4uYjc0
ZDk1NCAxMDA2NDQNCj4gPiAtLS0gYS9kcml2ZXJzL2hpZC9oaWQtc2Vuc29yLWh1Yi5jDQo+ID4g
KysrIGIvZHJpdmVycy9oaWQvaGlkLXNlbnNvci1odWIuYw0KPiA+IEBAIC0yNTIsNiArMjUyLDcg
QEAgaW50IHNlbnNvcl9odWJfZ2V0X2ZlYXR1cmUoc3RydWN0DQo+ID4gaGlkX3NlbnNvcl9odWJf
ZGV2aWNlICpoc2RldiwgdTMyIHJlcG9ydF9pZCwNCj4gPiDCoAlpbnQgcmVwb3J0X3NpemU7DQo+
ID4gwqAJaW50IHJldCA9IDA7DQo+ID4gwqANCj4gPiArCW1lbXNldChidWZmZXIsIDAsIGJ1ZmZl
cl9zaXplKTsNCj4gPiDCoAltdXRleF9sb2NrKCZkYXRhLT5tdXRleCk7DQo+ID4gwqAJcmVwb3J0
ID0gc2Vuc29yX2h1Yl9yZXBvcnQocmVwb3J0X2lkLCBoc2Rldi0+aGRldiwNCj4gPiBISURfRkVB
VFVSRV9SRVBPUlQpOw0KPiA+IMKgCWlmICghcmVwb3J0IHx8IChmaWVsZF9pbmRleCA+PSByZXBv
cnQtPm1heGZpZWxkKSB8fA0KPiA+IA==
next prev parent reply other threads:[~2016-11-13 14:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-11 0:58 [PATCH v2] hid: hid-sensor-hub: clear memory to avoid random data Song Hongyan
2016-11-11 0:58 ` Song Hongyan
[not found] ` <1478825923-12153-1-git-send-email-hongyan.song-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-11-12 14:43 ` Jonathan Cameron
2016-11-12 14:43 ` Jonathan Cameron
[not found] ` <e64c6b31-739c-a6ab-cd1e-6637809feae4-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2016-11-13 14:45 ` Pandruvada, Srinivas [this message]
2016-11-13 14:45 ` Pandruvada, Srinivas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1479048126.13439.8.camel@intel.com \
--to=srinivas.pandruvada-ral2jqcrhueavxtiumwx3w@public.gmane.org \
--cc=hongyan.song-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=jic23-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=jikos-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=linux-iio-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-input-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.