| Message ID | 5593d147-058c-4de3-a6f5-540ecb96f6f8@moroto.mountain |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7300:50ea:b0:106:860b:bbdd with SMTP id r10csp833367dyd;
Fri, 9 Feb 2024 05:02:57 -0800 (PST)
X-Forwarded-Encrypted: i=3;
AJvYcCVvrUQYZnXJGPWwJq/qW6vEXKh6UrZfvdzqQwbLlXeGSzbbXpvtzdoxI9yk/GZEaIuxuXMLJNE0vm2KZCA1HAjHIqUZOA==
X-Google-Smtp-Source:
AGHT+IHkxRujrXH9KPVhScv0FawFhrQTXhOAhCXKQXW1zseevV9UBiuvddnLVf/0fYw9in7qtWpU
X-Received: by 2002:a05:6a21:3482:b0:19e:a565:7dc6 with SMTP id
yo2-20020a056a21348200b0019ea5657dc6mr1417801pzb.15.1707483777018;
Fri, 09 Feb 2024 05:02:57 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1707483776; cv=pass;
d=google.com; s=arc-20160816;
b=WUypCUimuhZpASVv5SbOpDMhYXpDoYzU2Iw4PlOzpjTBRBEK5EY6lXw+snJbSmW0qX
31cugIhqDX4Mhg3vrngsx2wXBazjivcbIGdMgrpah5PLOhrapW0bwiWbMU662xAfeA4W
i3mpFgIXsCYU57D2+gttgBhs9nPHh9OEhcIpQ5x2/Sa47WGfTwylLV+w+7D2T9f7wRUY
FOze+2mz84slq1yUpjEXnlKmwoXwiFrzbKkgV13LoKPxr3ZDvddczd0iepDyllAiG1Xw
f2eBzA8eH/3VHvhEMrxDJGV4b6ZlqxsVLT15aRqvcJiZ1QLjKi/i5O5y751ivU6laqnu
pa3g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-disposition:mime-version:list-unsubscribe:list-subscribe
:list-id:precedence:message-id:subject:cc:to:from:date
:dkim-signature;
bh=NUKtKA5PQgc2ohgTX2ul6KjbHH8/opO9tMZEq5ncFHI=;
fh=WrHLPPSy2CAy123II8WQ+aj3deLkCXAZYDVOPEMkv+E=;
b=Flni8ZreUTVPl3xqLbb2KYCIHkhI7oqV/TbUrKGYTf+KvkWImZrYau9IgIYH4FKJCp
BKMWbPjrGRFhZE9ksCYArSBkXmJvJmHGYv6BgUlXkHJ6ijHWdVKw/QNKAlCSKZirQIYR
oU+mWLmaEjH0thXmI86iDSx7q67PX3R00GY0isURtFgZWrX6FwA451Lb9LCaA3QBUpjx
69Ofz778w3o06AwDURF0HiAAAlXgD4+D2nv+YIxI7h1USSlGnquvSzr2cwwCYtSX7Yhn
4Rr2CimGtTQRSvFM9DGrj1RZ4nm0gpGIffEA33T4yo2kEIz/+kp8HVaTezt1Ia74qOcj
WP/g==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@linaro.org header.s=google header.b=w1zxl2Da;
arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass
dkdomain=linaro.org dmarc=pass fromdomain=linaro.org);
spf=pass (google.com: domain of
linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org designates
139.178.88.99 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
X-Forwarded-Encrypted: i=2;
AJvYcCXnQ+0G5gOsulErw4Uc2nfYkBL1rGCzCqHtdljZuVUO/lCQ1RDa4Go4zGEFfFM1MtnjHnJvk0r4FVLrxK6D/kN+PvYWFg==
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
by mx.google.com with ESMTPS id
h24-20020a633858000000b005cf5bf8e7a5si1599927pgn.430.2024.02.09.05.02.56
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 09 Feb 2024 05:02:56 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org designates
139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
dkim=pass header.i=@linaro.org header.s=google header.b=w1zxl2Da;
arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass
dkdomain=linaro.org dmarc=pass fromdomain=linaro.org);
spf=pass (google.com: domain of
linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org designates
139.178.88.99 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by sv.mirrors.kernel.org (Postfix) with ESMTPS id C5C3628828B
for <ouuuleilei@gmail.com>; Fri, 9 Feb 2024 13:02:56 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 6D7B438DFC;
Fri, 9 Feb 2024 13:02:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org
header.b="w1zxl2Da"
Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com
[209.85.218.46])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 923BC376F3
for <linux-kernel@vger.kernel.org>; Fri, 9 Feb 2024 13:02:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=209.85.218.46
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1707483744; cv=none;
b=iC5KtqY5wqeTHbOaa8+zMdF+9LDhgO/ysJ5WyH7i5Mo4JT7v7ouqHMZEKN3ozcAhIltm2eDa9KR+tk67i+Eo1jrBAX3Oi62EOzR1l6qZZKAM29mxHcmKqT9LJLF10xIqx7kwtxW+NsdO4cNi0J0lrB8S9WGI7jbD+AICc3Mo1ng=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1707483744; c=relaxed/simple;
bh=f7GZuFfz/b9JhqGQIt1IzzcdKqz5xKX7YwzzJ1JOQlI=;
h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type:
Content-Disposition;
b=CE56WspSaEh4CRLqogCP9p+1VBnxofz7I1oTzRM1Gi4fOoPqPel0Wkyp0gk2Ptstw5A0ld6UXWB2pkTODDmKDIL06jrETX1MhVzFrYO8Ly8BNcN7fOUwGbUhu5vTSgbVBOtpF8Eohi+VIcL3Snnnx2SPnAqhyxA3soviuR0hpDs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=linaro.org;
spf=pass smtp.mailfrom=linaro.org;
dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org
header.b=w1zxl2Da; arc=none smtp.client-ip=209.85.218.46
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=linaro.org
Received: by mail-ej1-f46.google.com with SMTP id
a640c23a62f3a-a3566c0309fso107910366b.1
for <linux-kernel@vger.kernel.org>;
Fri, 09 Feb 2024 05:02:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=linaro.org; s=google; t=1707483740; x=1708088540;
darn=vger.kernel.org;
h=content-disposition:mime-version:message-id:subject:cc:to:from:date
:from:to:cc:subject:date:message-id:reply-to;
bh=NUKtKA5PQgc2ohgTX2ul6KjbHH8/opO9tMZEq5ncFHI=;
b=w1zxl2Daeu+MVSdys/IkYIh3vl7eRT+PN9CSZURPiRHCoGdzfHVgUWzAEOo6c2bMRP
sWV0WI6FOzDkgt9WFYgB5iizAjP1LOft4GHoCIYqoCz+JpeA5F3KdJu8UgZwwtujj0Ol
gHGDoknYAHTgpCvd2QJDAjKj03PY4zoVpm7w0Au5KZ739tWj3cXFQSVLlMkmccuOmM0D
HJRpoNlb6/DGvDeLGaofritegYHypwWRBEq1ksVMEhiQ6T72ps2mCVan1BqXbbrWI6u2
oA8UWxgJgJYSDPC945WgJ0PRIu+uL91s9Yvd7il7f4PqqiCgHznBwji/WxakpOVvi9Hg
YRyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1707483740; x=1708088540;
h=content-disposition:mime-version:message-id:subject:cc:to:from:date
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=NUKtKA5PQgc2ohgTX2ul6KjbHH8/opO9tMZEq5ncFHI=;
b=E3KDmjSS9hI+kqdIYMDKM6OQ2Msu1K6FM89mR+vtrpo8KEcUgrYeBgHCE4ubX2zlp2
h0rIVnOWvx8TtA8PqQ9Y76jI0wC+ns5BFyEnvuIpU7SDsyJUq9U361iz15OXz5/t218x
tr9fuQu9Mu3khMfy9aK+c21psvYp07m32v5IpEBR41k7iU4EosNKmr5DJsioZmQY3VrF
4tJ9j6d7ksjspE8hOo6HW7LGD7TjaXOq4k1dFVS39g2Vj1PosWSMsXdCveeDAB0xL4cK
BqwTHx/+xZBWuLdD6b6Dk2zVxNOQoj6QFGdA5S0/uv+O5W1OOErFT8F6T+sZNW3qv9zc
+yIA==
X-Forwarded-Encrypted: i=1;
AJvYcCWNitRwhPC3nRBit1oIJQ0JyeApm1nLjdx9s56PdKoEh77Bql+quxYe9k9pPg3yA85xTOy84zSyUQaItQrkEIGw1wwuwlEXl5fCqOji
X-Gm-Message-State: AOJu0YwYSjJImLp1HYDwYvI3Rw4w7idMoePytFDMxB5cZgp8IqyR4xC6
driuRwoMTwhlAJb0BdD+Ojr7tNezmOyX6JuApAf2bBYkUmhC6kQKOMpEEGsBvrQ=
X-Received: by 2002:a17:906:c28f:b0:a38:3ec3:9379 with SMTP id
r15-20020a170906c28f00b00a383ec39379mr1033826ejz.44.1707483739784;
Fri, 09 Feb 2024 05:02:19 -0800 (PST)
X-Forwarded-Encrypted: i=1;
AJvYcCVfmM9ZYYYYAhCtOvAd02GyyM2a5rau2KzAaKyzbK+sHeXX4dGwyEmZGCbR3tEQdYmFuiJKImr+m84uY2IGqSwC2XdPT4tGDRj/UiG8xPfRBr3qSmi9t8EkeelvN5WeXcrlIhHutkJe2GSCNntNuEhlaRTmN+nUTe2F1GJFhAPIgUejYLaRwVa6YEIfS++0/T18Z91kebqOE+xPvU9TaZz6dNp31q+u7DTbfDPDDnTAdkykemR3wqxJvrsbZe2AWQR23+TU1jrGNzdQwVeTOyxG00xSRDF9iIRC46PWTexGNYn1Aj0fulduoMjBphpjFxXE/+qKVvy+ASWixuzyB6OrjnEGri3gkUj0F+PWXOP/9OITnkMGWkeN3oH33XwV1VvoAH7giyC63uLZkhUJzbqL10g0GA2gPczDwntPVPKVCsLBcXVLSUf6AItX875IBKnwSTZnjhwz5GmbrKXCGpFPmp7AGNEDGurKfB4nbdAf2Lcf5PIxOfXeM4F1o4JNCt0i5TNcnMXaSYDE7JTuKELTebYZg668FA==
Received: from localhost ([102.222.70.76])
by smtp.gmail.com with ESMTPSA id
un8-20020a170907cb8800b00a37669280d1sm740179ejc.141.2024.02.09.05.02.18
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 09 Feb 2024 05:02:19 -0800 (PST)
Date: Fri, 9 Feb 2024 16:02:16 +0300
From: Dan Carpenter <dan.carpenter@linaro.org>
To: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Cc: Liam Girdwood <lgirdwood@gmail.com>,
Peter Ujfalusi <peter.ujfalusi@linux.intel.com>,
Bard Liao <yung-chuan.liao@linux.intel.com>,
Ranjani Sridharan <ranjani.sridharan@linux.intel.com>,
Daniel Baluta <daniel.baluta@nxp.com>,
Kai Vehmanen <kai.vehmanen@linux.intel.com>,
Mark Brown <broonie@kernel.org>, Jaroslav Kysela <perex@perex.cz>,
Takashi Iwai <tiwai@suse.com>, sound-open-firmware@alsa-project.org,
linux-sound@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: [PATCH] ASoC: SOF: Add some bounds checking to firmware data
Message-ID: <5593d147-058c-4de3-a6f5-540ecb96f6f8@moroto.mountain>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Mailer: git-send-email haha only kidding
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1790426508510243490
X-GMAIL-MSGID: 1790426508510243490
|
| Series |
ASoC: SOF: Add some bounds checking to firmware data
|
|
Commit Message
Dan Carpenter
Feb. 9, 2024, 1:02 p.m. UTC
Smatch complains about "head->full_size - head->header_size" can
underflow. To some extent, we're always going to have to trust the
firmware a bit. However, it's easy enough to add a check for negatives,
and let's add a upper bounds check as well.
Fixes: d2458baa799f ("ASoC: SOF: ipc3-loader: Implement firmware parsing and loading")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
sound/soc/sof/ipc3-loader.c | 2 ++
1 file changed, 2 insertions(+)
Comments
On Fri, 09 Feb 2024 16:02:16 +0300, Dan Carpenter wrote: > Smatch complains about "head->full_size - head->header_size" can > underflow. To some extent, we're always going to have to trust the > firmware a bit. However, it's easy enough to add a check for negatives, > and let's add a upper bounds check as well. > > Applied to https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next Thanks! [1/1] ASoC: SOF: Add some bounds checking to firmware data commit: 98f681b0f84cfc3a1d83287b77697679e0398306 All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark
diff --git a/sound/soc/sof/ipc3-loader.c b/sound/soc/sof/ipc3-loader.c index 28218766d211..6e3ef0672110 100644 --- a/sound/soc/sof/ipc3-loader.c +++ b/sound/soc/sof/ipc3-loader.c @@ -148,6 +148,8 @@ static size_t sof_ipc3_fw_parse_ext_man(struct snd_sof_dev *sdev) head = (struct sof_ext_man_header *)fw->data; remaining = head->full_size - head->header_size; + if (remaining < 0 || remaining > sdev->basefw.fw->size) + return -EINVAL; ext_man_size = ipc3_fw_ext_man_size(sdev, fw); /* Assert firmware starts with extended manifest */