diff options
author | Kent Gibson <warthog618@gmail.com> | 2019-09-09 03:22:18 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-09-19 09:08:03 +0200 |
commit | ca73cdcaead3a64250c5323c296b87acceaf1ac6 (patch) | |
tree | 0a28e9505bf36cf4b3f166a9e2c59f85ee529732 /drivers/gpio | |
parent | 8b09f44b80e6a42007bafa8725a2a816b9dff266 (diff) |
gpio: fix line flag validation in linehandle_create
commit e95fbc130a162ba9ad956311b95aa0da269eea48 upstream.
linehandle_create should not allow both GPIOHANDLE_REQUEST_INPUT
and GPIOHANDLE_REQUEST_OUTPUT to be set.
Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Kent Gibson <warthog618@gmail.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/gpio')
-rw-r--r-- | drivers/gpio/gpiolib.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 562e90bf73c9..f0b6ca9896af 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -444,12 +444,23 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) struct linehandle_state *lh; struct file *file; int fd, i, count = 0, ret; + u32 lflags; if (copy_from_user(&handlereq, ip, sizeof(handlereq))) return -EFAULT; if ((handlereq.lines == 0) || (handlereq.lines > GPIOHANDLES_MAX)) return -EINVAL; + lflags = handlereq.flags; + + /* + * Do not allow both INPUT & OUTPUT flags to be set as they are + * contradictory. + */ + if ((lflags & GPIOHANDLE_REQUEST_INPUT) && + (lflags & GPIOHANDLE_REQUEST_OUTPUT)) + return -EINVAL; + lh = kzalloc(sizeof(*lh), GFP_KERNEL); if (!lh) return -ENOMEM; @@ -470,7 +481,6 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) /* Request each GPIO */ for (i = 0; i < handlereq.lines; i++) { u32 offset = handlereq.lineoffsets[i]; - u32 lflags = handlereq.flags; struct gpio_desc *desc; if (offset >= gdev->ngpio) { |