From patchwork Fri Feb 9 13:02:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 198853 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:50ea:b0:106:860b:bbdd with SMTP id r10csp833367dyd; Fri, 9 Feb 2024 05:02:57 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVvrUQYZnXJGPWwJq/qW6vEXKh6UrZfvdzqQwbLlXeGSzbbXpvtzdoxI9yk/GZEaIuxuXMLJNE0vm2KZCA1HAjHIqUZOA== X-Google-Smtp-Source: AGHT+IHkxRujrXH9KPVhScv0FawFhrQTXhOAhCXKQXW1zseevV9UBiuvddnLVf/0fYw9in7qtWpU X-Received: by 2002:a05:6a21:3482:b0:19e:a565:7dc6 with SMTP id yo2-20020a056a21348200b0019ea5657dc6mr1417801pzb.15.1707483777018; Fri, 09 Feb 2024 05:02:57 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707483776; cv=pass; d=google.com; s=arc-20160816; b=WUypCUimuhZpASVv5SbOpDMhYXpDoYzU2Iw4PlOzpjTBRBEK5EY6lXw+snJbSmW0qX 31cugIhqDX4Mhg3vrngsx2wXBazjivcbIGdMgrpah5PLOhrapW0bwiWbMU662xAfeA4W i3mpFgIXsCYU57D2+gttgBhs9nPHh9OEhcIpQ5x2/Sa47WGfTwylLV+w+7D2T9f7wRUY FOze+2mz84slq1yUpjEXnlKmwoXwiFrzbKkgV13LoKPxr3ZDvddczd0iepDyllAiG1Xw f2eBzA8eH/3VHvhEMrxDJGV4b6ZlqxsVLT15aRqvcJiZ1QLjKi/i5O5y751ivU6laqnu pa3g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-disposition:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:message-id:subject:cc:to:from:date :dkim-signature; bh=NUKtKA5PQgc2ohgTX2ul6KjbHH8/opO9tMZEq5ncFHI=; fh=WrHLPPSy2CAy123II8WQ+aj3deLkCXAZYDVOPEMkv+E=; b=Flni8ZreUTVPl3xqLbb2KYCIHkhI7oqV/TbUrKGYTf+KvkWImZrYau9IgIYH4FKJCp BKMWbPjrGRFhZE9ksCYArSBkXmJvJmHGYv6BgUlXkHJ6ijHWdVKw/QNKAlCSKZirQIYR oU+mWLmaEjH0thXmI86iDSx7q67PX3R00GY0isURtFgZWrX6FwA451Lb9LCaA3QBUpjx 69Ofz778w3o06AwDURF0HiAAAlXgD4+D2nv+YIxI7h1USSlGnquvSzr2cwwCYtSX7Yhn 4Rr2CimGtTQRSvFM9DGrj1RZ4nm0gpGIffEA33T4yo2kEIz/+kp8HVaTezt1Ia74qOcj WP/g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=w1zxl2Da; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org X-Forwarded-Encrypted: i=2; AJvYcCXnQ+0G5gOsulErw4Uc2nfYkBL1rGCzCqHtdljZuVUO/lCQ1RDa4Go4zGEFfFM1MtnjHnJvk0r4FVLrxK6D/kN+PvYWFg== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id h24-20020a633858000000b005cf5bf8e7a5si1599927pgn.430.2024.02.09.05.02.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Feb 2024 05:02:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=w1zxl2Da; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-59332-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id C5C3628828B for ; Fri, 9 Feb 2024 13:02:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6D7B438DFC; Fri, 9 Feb 2024 13:02:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="w1zxl2Da" Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 923BC376F3 for ; Fri, 9 Feb 2024 13:02:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707483744; cv=none; b=iC5KtqY5wqeTHbOaa8+zMdF+9LDhgO/ysJ5WyH7i5Mo4JT7v7ouqHMZEKN3ozcAhIltm2eDa9KR+tk67i+Eo1jrBAX3Oi62EOzR1l6qZZKAM29mxHcmKqT9LJLF10xIqx7kwtxW+NsdO4cNi0J0lrB8S9WGI7jbD+AICc3Mo1ng= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707483744; c=relaxed/simple; bh=f7GZuFfz/b9JhqGQIt1IzzcdKqz5xKX7YwzzJ1JOQlI=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=CE56WspSaEh4CRLqogCP9p+1VBnxofz7I1oTzRM1Gi4fOoPqPel0Wkyp0gk2Ptstw5A0ld6UXWB2pkTODDmKDIL06jrETX1MhVzFrYO8Ly8BNcN7fOUwGbUhu5vTSgbVBOtpF8Eohi+VIcL3Snnnx2SPnAqhyxA3soviuR0hpDs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=w1zxl2Da; arc=none smtp.client-ip=209.85.218.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-ej1-f46.google.com with SMTP id a640c23a62f3a-a3566c0309fso107910366b.1 for ; Fri, 09 Feb 2024 05:02:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1707483740; x=1708088540; darn=vger.kernel.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=NUKtKA5PQgc2ohgTX2ul6KjbHH8/opO9tMZEq5ncFHI=; b=w1zxl2Daeu+MVSdys/IkYIh3vl7eRT+PN9CSZURPiRHCoGdzfHVgUWzAEOo6c2bMRP sWV0WI6FOzDkgt9WFYgB5iizAjP1LOft4GHoCIYqoCz+JpeA5F3KdJu8UgZwwtujj0Ol gHGDoknYAHTgpCvd2QJDAjKj03PY4zoVpm7w0Au5KZ739tWj3cXFQSVLlMkmccuOmM0D HJRpoNlb6/DGvDeLGaofritegYHypwWRBEq1ksVMEhiQ6T72ps2mCVan1BqXbbrWI6u2 oA8UWxgJgJYSDPC945WgJ0PRIu+uL91s9Yvd7il7f4PqqiCgHznBwji/WxakpOVvi9Hg YRyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707483740; x=1708088540; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NUKtKA5PQgc2ohgTX2ul6KjbHH8/opO9tMZEq5ncFHI=; b=E3KDmjSS9hI+kqdIYMDKM6OQ2Msu1K6FM89mR+vtrpo8KEcUgrYeBgHCE4ubX2zlp2 h0rIVnOWvx8TtA8PqQ9Y76jI0wC+ns5BFyEnvuIpU7SDsyJUq9U361iz15OXz5/t218x tr9fuQu9Mu3khMfy9aK+c21psvYp07m32v5IpEBR41k7iU4EosNKmr5DJsioZmQY3VrF 4tJ9j6d7ksjspE8hOo6HW7LGD7TjaXOq4k1dFVS39g2Vj1PosWSMsXdCveeDAB0xL4cK BqwTHx/+xZBWuLdD6b6Dk2zVxNOQoj6QFGdA5S0/uv+O5W1OOErFT8F6T+sZNW3qv9zc +yIA== X-Forwarded-Encrypted: i=1; AJvYcCWNitRwhPC3nRBit1oIJQ0JyeApm1nLjdx9s56PdKoEh77Bql+quxYe9k9pPg3yA85xTOy84zSyUQaItQrkEIGw1wwuwlEXl5fCqOji X-Gm-Message-State: AOJu0YwYSjJImLp1HYDwYvI3Rw4w7idMoePytFDMxB5cZgp8IqyR4xC6 driuRwoMTwhlAJb0BdD+Ojr7tNezmOyX6JuApAf2bBYkUmhC6kQKOMpEEGsBvrQ= X-Received: by 2002:a17:906:c28f:b0:a38:3ec3:9379 with SMTP id r15-20020a170906c28f00b00a383ec39379mr1033826ejz.44.1707483739784; Fri, 09 Feb 2024 05:02:19 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCVfmM9ZYYYYAhCtOvAd02GyyM2a5rau2KzAaKyzbK+sHeXX4dGwyEmZGCbR3tEQdYmFuiJKImr+m84uY2IGqSwC2XdPT4tGDRj/UiG8xPfRBr3qSmi9t8EkeelvN5WeXcrlIhHutkJe2GSCNntNuEhlaRTmN+nUTe2F1GJFhAPIgUejYLaRwVa6YEIfS++0/T18Z91kebqOE+xPvU9TaZz6dNp31q+u7DTbfDPDDnTAdkykemR3wqxJvrsbZe2AWQR23+TU1jrGNzdQwVeTOyxG00xSRDF9iIRC46PWTexGNYn1Aj0fulduoMjBphpjFxXE/+qKVvy+ASWixuzyB6OrjnEGri3gkUj0F+PWXOP/9OITnkMGWkeN3oH33XwV1VvoAH7giyC63uLZkhUJzbqL10g0GA2gPczDwntPVPKVCsLBcXVLSUf6AItX875IBKnwSTZnjhwz5GmbrKXCGpFPmp7AGNEDGurKfB4nbdAf2Lcf5PIxOfXeM4F1o4JNCt0i5TNcnMXaSYDE7JTuKELTebYZg668FA== Received: from localhost ([102.222.70.76]) by smtp.gmail.com with ESMTPSA id un8-20020a170907cb8800b00a37669280d1sm740179ejc.141.2024.02.09.05.02.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Feb 2024 05:02:19 -0800 (PST) Date: Fri, 9 Feb 2024 16:02:16 +0300 From: Dan Carpenter To: Pierre-Louis Bossart Cc: Liam Girdwood , Peter Ujfalusi , Bard Liao , Ranjani Sridharan , Daniel Baluta , Kai Vehmanen , Mark Brown , Jaroslav Kysela , Takashi Iwai , sound-open-firmware@alsa-project.org, linux-sound@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH] ASoC: SOF: Add some bounds checking to firmware data Message-ID: <5593d147-058c-4de3-a6f5-540ecb96f6f8@moroto.mountain> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline X-Mailer: git-send-email haha only kidding X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790426508510243490 X-GMAIL-MSGID: 1790426508510243490 Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well. Fixes: d2458baa799f ("ASoC: SOF: ipc3-loader: Implement firmware parsing and loading") Signed-off-by: Dan Carpenter --- sound/soc/sof/ipc3-loader.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/soc/sof/ipc3-loader.c b/sound/soc/sof/ipc3-loader.c index 28218766d211..6e3ef0672110 100644 --- a/sound/soc/sof/ipc3-loader.c +++ b/sound/soc/sof/ipc3-loader.c @@ -148,6 +148,8 @@ static size_t sof_ipc3_fw_parse_ext_man(struct snd_sof_dev *sdev) head = (struct sof_ext_man_header *)fw->data; remaining = head->full_size - head->header_size; + if (remaining < 0 || remaining > sdev->basefw.fw->size) + return -EINVAL; ext_man_size = ipc3_fw_ext_man_size(sdev, fw); /* Assert firmware starts with extended manifest */