projects / cascardo / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7d06436)
iio: proximity: as3935: fix buffer stack trashing
authorMatt Ranostay <mranostay@gmail.com>
Sun, 22 May 2016 03:01:03 +0000 (20:01 -0700)
committerJonathan Cameron <jic23@kernel.org>
Sun, 22 May 2016 19:54:15 +0000 (20:54 +0100)
Buffer wasn't of a valid size to allow the timestamp, and correct padding.
This patchset also moves the buffer off the stack, and onto the heap.

Cc: george.mccollister@gmail.com
Signed-off-by: Matt Ranostay <mranostay@gmail.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
drivers/iio/proximity/as3935.c patch | blob | history

diff --git a/drivers/iio/proximity/as3935.c b/drivers/iio/proximity/as3935.c
index 6aed024..e2f926c 100644 (file)
--- a/drivers/iio/proximity/as3935.c
+++ b/drivers/iio/proximity/as3935.c
@@ -64,6 +64,7 @@ struct as3935_state {
        struct delayed_work work;
 
        u32 tune_cap;
+       u8 buffer[16]; /* 8-bit data + 56-bit padding + 64-bit timestamp */
        u8 buf[2] ____cacheline_aligned;
 };
 
@@ -212,9 +213,10 @@ static irqreturn_t as3935_trigger_handler(int irq, void *private)
        ret = as3935_read(st, AS3935_DATA, &val);
        if (ret)
                goto err_read;
-       val &= AS3935_DATA_MASK;
 
-       iio_push_to_buffers_with_timestamp(indio_dev, &val, pf->timestamp);
+       st->buffer[0] = val & AS3935_DATA_MASK;
+       iio_push_to_buffers_with_timestamp(indio_dev, &st->buffer,
+                                          pf->timestamp);
 err_read:
        iio_trigger_notify_done(indio_dev->trig);
 
Unnamed repository; edit this file 'description' to name the repository.