1. Patchew
  2. linux
  3. View series

[PATCH] iio: bmp280: zero-init buffer

David Lechner posted 1 patch 9 months, 1 week ago 
drivers/iio/pressure/bmp280-core.c | 3 +++
1 file changed, 3 insertions(+)
[PATCH] iio: bmp280: zero-init buffer
Posted by David Lechner 9 months, 1 week ago 
Zero-initialize the buffer used with iio_push_to_buffers_with_ts(). The
struct used for the buffer has holes in it, so we need to make sure that
the holes are zeroed out rather than containing uninitialized data from
the stack.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/linux-iio/aBoBR5D1UMjsSUfZ@stanley.mountain/
Fixes: 4e6c3c4801a6 ("iio: pressure: bmp280: drop sensor_data array")
Signed-off-by: David Lechner <dlechner@baylibre.com>
---
The patch this fixes is currently in iio/togreg, so no need for stable
backport, etc.
---
 drivers/iio/pressure/bmp280-core.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c
index 5728cc18cced223284a2c41dc6dec6f47169c797..f37f20776c89173b0b2a8e28be0ef9aa30ceea53 100644
--- a/drivers/iio/pressure/bmp280-core.c
+++ b/drivers/iio/pressure/bmp280-core.c
@@ -1237,6 +1237,9 @@ static irqreturn_t bme280_trigger_handler(int irq, void *p)
 	} buffer;
 	int ret;
 
+	/* Don't leak uninitialized stack to userspace. */
+	memset(&buffer, 0, sizeof(buffer));
+
 	guard(mutex)(&data->lock);
 
 	/* Burst read data registers */

---
base-commit: 7a175d9667b21b2495913ec7496a6c20aa7a4a89
change-id: 20250506-iio-pressure-bmp280-zero-init-buffer-942dd4f48719

Best regards,
-- 
David Lechner <dlechner@baylibre.com>
Re: [PATCH] iio: bmp280: zero-init buffer
Posted by Nuno Sá 9 months, 1 week ago 
On Tue, 2025-05-06 at 13:49 -0500, David Lechner wrote:
> Zero-initialize the buffer used with iio_push_to_buffers_with_ts(). The
> struct used for the buffer has holes in it, so we need to make sure that
> the holes are zeroed out rather than containing uninitialized data from
> the stack.
> 
> Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> Closes: https://lore.kernel.org/linux-iio/aBoBR5D1UMjsSUfZ@stanley.mountain/
> Fixes: 4e6c3c4801a6 ("iio: pressure: bmp280: drop sensor_data array")
> Signed-off-by: David Lechner <dlechner@baylibre.com>
> ---
> The patch this fixes is currently in iio/togreg, so no need for stable
> backport, etc.
> ---

Reviewed-by: Nuno Sá <nuno.sa@analog.com>

>  drivers/iio/pressure/bmp280-core.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-
> core.c
> index
> 5728cc18cced223284a2c41dc6dec6f47169c797..f37f20776c89173b0b2a8e28be0ef9aa30ceea53
> 100644
> --- a/drivers/iio/pressure/bmp280-core.c
> +++ b/drivers/iio/pressure/bmp280-core.c
> @@ -1237,6 +1237,9 @@ static irqreturn_t bme280_trigger_handler(int irq, void *p)
>  	} buffer;
>  	int ret;
>  
> +	/* Don't leak uninitialized stack to userspace. */
> +	memset(&buffer, 0, sizeof(buffer));
> +
>  	guard(mutex)(&data->lock);
>  
>  	/* Burst read data registers */
> 
> ---
> base-commit: 7a175d9667b21b2495913ec7496a6c20aa7a4a89
> change-id: 20250506-iio-pressure-bmp280-zero-init-buffer-942dd4f48719
> 
> Best regards,
Re: [PATCH] iio: bmp280: zero-init buffer
Posted by Jonathan Cameron 9 months ago 
On Wed, 07 May 2025 07:24:52 +0100
Nuno Sá <noname.nuno@gmail.com> wrote:

> On Tue, 2025-05-06 at 13:49 -0500, David Lechner wrote:
> > Zero-initialize the buffer used with iio_push_to_buffers_with_ts(). The
> > struct used for the buffer has holes in it, so we need to make sure that
> > the holes are zeroed out rather than containing uninitialized data from
> > the stack.
> > 
> > Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> > Closes: https://lore.kernel.org/linux-iio/aBoBR5D1UMjsSUfZ@stanley.mountain/
> > Fixes: 4e6c3c4801a6 ("iio: pressure: bmp280: drop sensor_data array")
> > Signed-off-by: David Lechner <dlechner@baylibre.com>
> > ---
> > The patch this fixes is currently in iio/togreg, so no need for stable
> > backport, etc.
> > ---  
> 
> Reviewed-by: Nuno Sá <nuno.sa@analog.com>
Applied to the togreg branch of iio.git etc etc.

Thanks
> 
> >  drivers/iio/pressure/bmp280-core.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-
> > core.c
> > index
> > 5728cc18cced223284a2c41dc6dec6f47169c797..f37f20776c89173b0b2a8e28be0ef9aa30ceea53
> > 100644
> > --- a/drivers/iio/pressure/bmp280-core.c
> > +++ b/drivers/iio/pressure/bmp280-core.c
> > @@ -1237,6 +1237,9 @@ static irqreturn_t bme280_trigger_handler(int irq, void *p)
> >  	} buffer;
> >  	int ret;
> >  
> > +	/* Don't leak uninitialized stack to userspace. */
> > +	memset(&buffer, 0, sizeof(buffer));
> > +
> >  	guard(mutex)(&data->lock);
> >  
> >  	/* Burst read data registers */
> > 
> > ---
> > base-commit: 7a175d9667b21b2495913ec7496a6c20aa7a4a89
> > change-id: 20250506-iio-pressure-bmp280-zero-init-buffer-942dd4f48719
> > 
> > Best regards,  
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.