git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Muchun Song <smuchun@gmail.com>
	Thu, 1 Nov 2018 13:12:50 +0000 (21:12 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 12 Feb 2019 19:02:04 +0000 (20:02 +0100)
commit	4672971c827e043c0d0b3ffc955309370487621f
tree	9296e12881b752d5657b4311f2fa05dd2e01877d	tree \| snapshot
parent	83e25ef2b847796f8e1d0ec1d2a7cd3f3ba7285d	commit \| diff

gpiolib: Fix possible use after free on label

[ Upstream commit 18534df419041e6c1f4b41af56ee7d41f757815c ]

gpiod_request_commit() copies the pointer to the label passed as
an argument only to be used later. But there's a chance the caller
could immediately free the passed string(e.g., local variable).
This could trigger a use after free when we use gpio label(e.g.,
gpiochip_unlock_as_irq(), gpiochip_is_requested()).

To be on the safe side: duplicate the string with kstrdup_const()
so that if an unaware user passes an address to a stack-allocated
buffer, we won't get the arbitrary label.

Also fix gpiod_set_consumer_name().

Signed-off-by: Muchun Song <smuchun@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/gpio/gpiolib.c		diff \| blob \| blame \| history
include/linux/gpio/consumer.h		diff \| blob \| blame \| history