leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a1e44d6ac5
linux/drivers/staging/iio
History
Lars-Peter Clausen a1e44d6ac5 staging:iio: Fix sw_ring memory corruption 
The sw_ring does not properly handle the case where the write pointer already
has wrapped around, the read pointer has not and the remaining buffer space at
the end is enough to fill the read buffer:

  +-----------------------------------+
  |     |              |##data##|     |
  +-----------------------------------+
     write_p        read_p

In this case the current code will copy all available data to the buffer and
as a result will write beyond the bounds of the buffer and cause a memory
corruption.

To address this issue this patch adds code to calculate the available buffer
space and makes sure that the number of bytes to copy does not exceed this
number. This allows the code which copies the data around to be simplified as
it only has to consider two cases: Read wraps around and read does not wrap
around.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Acked-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-12-08 12:16:34 -08:00
..
accel staging:iio:accel:lis3l02dq scrap reading from buffer for sysfs access. 2011-12-08 12:11:09 -08:00
adc staging:iio:adc:max1363 stop reading from buffer for sysfs access 2011-12-08 12:11:12 -08:00
addac staging:iio: Remove redundant spi driver bus initialization 2011-12-08 11:33:19 -08:00
cdc staging:iio:treewide only use shared to decide on interfaces 2011-11-26 16:35:04 -08:00
dac staging:iio: Remove redundant spi driver bus initialization 2011-12-08 11:33:19 -08:00
dds staging:iio: Remove redundant spi driver bus initialization 2011-12-08 11:33:19 -08:00
Documentation staging:iio:generic_buffer example - handle endian differences 2011-12-08 11:32:35 -08:00
gyro staging:iio:buffer remove unused owner field from struct iio_buffer 2011-12-08 12:11:09 -08:00
impedance-analyzer staging:iio: scrap scan_count and ensure all drivers use active_scan_mask 2011-12-08 12:11:08 -08:00
imu staging:iio:buffer remove unused owner field from struct iio_buffer 2011-12-08 12:11:09 -08:00
light iio: light sensor: Improve granularity of tsl2583 lux values. 2011-12-08 11:30:24 -08:00
magnetometer staging:iio: Add missing MODULE_DEVICE_TABLE and MODULE_ALIAS 2011-11-26 16:48:04 -08:00
meter staging:iio:buffer remove unused owner field from struct iio_buffer 2011-12-08 12:11:09 -08:00
resolver staging:iio: Add missing MODULE_DEVICE_TABLE and MODULE_ALIAS 2011-11-26 16:48:04 -08:00
trigger staging:iio:trigger:bfin-timer: Fix compile error 2011-10-23 10:15:02 +02:00
buffer.h staging:iio:buffer remove unused owner field from struct iio_buffer 2011-12-08 12:11:09 -08:00
events.h staging:iio: IIO_EVENT_CODE: Clamp channel numbers 2011-11-26 16:39:58 -08:00
iio_core_trigger.h staging:iio:triggers Remove unecessary existence checks and return val 2011-11-26 16:30:30 -08:00
iio_core.h staging:iio: core. Allow for event chrdev obtaining ioctl if no buffer present. 2011-11-26 16:30:31 -08:00
iio_dummy_evgen.c iio: Don't OOPS if dummy evgen failed init 2011-11-26 16:52:44 -08:00
iio_dummy_evgen.h staging:iio:dummy Add event support + fake event generator 2011-10-17 15:36:30 -07:00
iio_simple_dummy_buffer.c staging:iio:buffer remove unused owner field from struct iio_buffer 2011-12-08 12:11:09 -08:00
iio_simple_dummy_events.c staging:iio: header reorganization 2011-11-26 16:35:04 -08:00
iio_simple_dummy.c staging: iio: Use kcalloc instead of kzalloc to allocate array 2011-11-30 19:37:33 +09:00
iio_simple_dummy.h staging:iio:dummy Add buffered reading support 2011-10-17 15:36:30 -07:00
iio.h staging:iio:buffer move setup ops from buffer instance to iio_dev 2011-12-08 12:11:08 -08:00
industrialio-buffer.c staging:iio: scrap scan_count and ensure all drivers use active_scan_mask 2011-12-08 12:11:08 -08:00
industrialio-core.c staging:iio:find iio channel from scan index util function 2011-12-08 11:36:10 -08:00
industrialio-trigger.c staging:iio: trigger fixes for repeat request of same trigger and allocation failure 2011-11-26 16:30:30 -08:00
Kconfig staging: iio: drop "select IIO_SIMPLE_DUMMY_EVGEN" 2011-11-26 16:43:38 -08:00
kfifo_buf.c staging:iio: remove userspace access to bytes per datum. 2011-12-08 12:08:29 -08:00
kfifo_buf.h staging:iio: header reorganization 2011-11-26 16:35:04 -08:00
Makefile iio: adc: Relocate Capacitance to Digital Converters (CDC) into own subdir 2011-10-19 13:55:43 -07:00
ring_hw.h staging:iio: replacing term ring with buffer in the IIO core. 2011-09-26 17:31:53 -07:00
ring_sw.c staging:iio: Fix sw_ring memory corruption 2011-12-08 12:16:34 -08:00
ring_sw.h staging:iio: header reorganization 2011-11-26 16:35:04 -08:00
sysfs.h staging:iio: header reorganization 2011-11-26 16:35:04 -08:00
TODO staging: iio: add ADI info to TODO 2010-11-09 15:46:32 -08:00
trigger_consumer.h staging:iio: treewide rename iio_triggered_ring_* to iio_triggered_buffer_* 2011-09-26 17:31:52 -07:00
trigger.h treewide: use __printf not __attribute__((format(printf,...))) 2011-10-31 17:30:54 -07:00
types.h staging:iio: Fix typo 2011-12-08 12:15:44 -08:00