From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Miroslav Lichvar <mlichvar@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Rodolfo Giometti <giometti@enneenne.com>,
Greg KH <greg@kroah.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.4 19/23] drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
Date: Fri, 26 Jul 2019 09:45:18 -0400 [thread overview]
Message-ID: <20190726134522.13308-19-sashal@kernel.org> (raw)
In-Reply-To: <20190726134522.13308-1-sashal@kernel.org>
From: Miroslav Lichvar <mlichvar@redhat.com>
[ Upstream commit 5515e9a6273b8c02034466bcbd717ac9f53dab99 ]
The PPS assert/clear offset corrections are set by the PPS_SETPARAMS
ioctl in the pps_ktime structs, which also contain flags. The flags are
not initialized by applications (using the timepps.h header) and they
are not used by the kernel for anything except returning them back in
the PPS_GETPARAMS ioctl.
Set the flags to zero to make it clear they are unused and avoid leaking
uninitialized data of the PPS_SETPARAMS caller to other applications
that have a read access to the PPS device.
Link: http://lkml.kernel.org/r/20190702092251.24303-1-mlichvar@redhat.com
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Rodolfo Giometti <giometti@enneenne.com>
Cc: Greg KH <greg@kroah.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pps/pps.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 2f07cd615665..76ae38450aea 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -129,6 +129,14 @@ static long pps_cdev_ioctl(struct file *file,
pps->params.mode |= PPS_CANWAIT;
pps->params.api_version = PPS_API_VERS;
+ /*
+ * Clear unused fields of pps_kparams to avoid leaking
+ * uninitialized data of the PPS_SETPARAMS caller via
+ * PPS_GETPARAMS
+ */
+ pps->params.assert_off_tu.flags = 0;
+ pps->params.clear_off_tu.flags = 0;
+
spin_unlock_irq(&pps->lock);
break;
--
2.20.1
next prev parent reply other threads:[~2019-07-26 13:47 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-26 13:45 [PATCH AUTOSEL 4.4 01/23] ARM: riscpc: fix DMA Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 02/23] ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 03/23] kernel/module.c: Only return -EEXIST for modules that have finished loading Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 04/23] MIPS: lantiq: Fix bitfield masking Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 05/23] dmaengine: rcar-dmac: Reject zero-length slave DMA requests Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 06/23] fs/adfs: super: fix use-after-free bug Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 07/23] btrfs: fix minimum number of chunk errors for DUP Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 08/23] ceph: fix improper use of smp_mb__before_atomic() Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 09/23] scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 10/23] ACPI: fix false-positive -Wuninitialized warning Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 11/23] ISDN: hfcsusb: checking idx of ep configuration Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 12/23] be2net: Signal that the device cannot transmit during reconfiguration Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 13/23] x86/apic: Silence -Wtype-limits compiler warnings Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 14/23] x86: math-emu: Hide clang warnings for 16-bit overflow Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 15/23] mm/cma.c: fail if fixed declaration can't be honored Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 16/23] coda: add error handling for fget Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 17/23] coda: fix build using bare-metal toolchain Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 18/23] uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers Sasha Levin
2019-07-26 13:45 ` Sasha Levin [this message]
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 20/23] ipc/mqueue.c: only perform resource calculation if user valid Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 21/23] floppy: fix div-by-zero in setup_format_params Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 22/23] floppy: fix out-of-bounds read in copy_buffer Sasha Levin
2019-07-26 13:45 ` [PATCH AUTOSEL 4.4 23/23] x86/kvm: Don't call kvm_spurious_fault() from .fixup Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190726134522.13308-19-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=dan.carpenter@oracle.com \
--cc=giometti@enneenne.com \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mlichvar@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).