From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Luis Chamberlain <mcgrof@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 5.10 31/50] firmware_loader: fix pre-allocated buf built-in firmware use
Date: Tue, 9 Nov 2021 17:20:44 -0500 [thread overview]
Message-ID: <20211109222103.1234885-31-sashal@kernel.org> (raw)
In-Reply-To: <20211109222103.1234885-1-sashal@kernel.org>
From: Luis Chamberlain <mcgrof@kernel.org>
[ Upstream commit f7a07f7b96033df7709042ff38e998720a3f7119 ]
The firmware_loader can be used with a pre-allocated buffer
through the use of the API calls:
o request_firmware_into_buf()
o request_partial_firmware_into_buf()
If the firmware was built-in and present, our current check
for if the built-in firmware fits into the pre-allocated buffer
does not return any errors, and we proceed to tell the caller
that everything worked fine. It's a lie and no firmware would
end up being copied into the pre-allocated buffer. So if the
caller trust the result it may end up writing a bunch of 0's
to a device!
Fix this by making the function that checks for the pre-allocated
buffer return non-void. Since the typical use case is when no
pre-allocated buffer is provided make this return successfully
for that case. If the built-in firmware does *not* fit into the
pre-allocated buffer size return a failure as we should have
been doing before.
I'm not aware of users of the built-in firmware using the API
calls with a pre-allocated buffer, as such I doubt this fixes
any real life issue. But you never know... perhaps some oddball
private tree might use it.
In so far as upstream is concerned this just fixes our code for
correctness.
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Link: https://lore.kernel.org/r/20210917182226.3532898-2-mcgrof@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/firmware_loader/main.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
index f41e4e4993d37..1372f40d0371f 100644
--- a/drivers/base/firmware_loader/main.c
+++ b/drivers/base/firmware_loader/main.c
@@ -99,12 +99,15 @@ static struct firmware_cache fw_cache;
extern struct builtin_fw __start_builtin_fw[];
extern struct builtin_fw __end_builtin_fw[];
-static void fw_copy_to_prealloc_buf(struct firmware *fw,
+static bool fw_copy_to_prealloc_buf(struct firmware *fw,
void *buf, size_t size)
{
- if (!buf || size < fw->size)
- return;
+ if (!buf)
+ return true;
+ if (size < fw->size)
+ return false;
memcpy(buf, fw->data, fw->size);
+ return true;
}
static bool fw_get_builtin_firmware(struct firmware *fw, const char *name,
@@ -116,9 +119,7 @@ static bool fw_get_builtin_firmware(struct firmware *fw, const char *name,
if (strcmp(name, b_fw->name) == 0) {
fw->size = b_fw->size;
fw->data = b_fw->data;
- fw_copy_to_prealloc_buf(fw, buf, size);
-
- return true;
+ return fw_copy_to_prealloc_buf(fw, buf, size);
}
}
--
2.33.0
next prev parent reply other threads:[~2021-11-09 22:34 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 22:20 [PATCH AUTOSEL 5.10 01/50] arm64: zynqmp: Do not duplicate flash partition label property Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 02/50] arm64: zynqmp: Fix serial compatible string Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 03/50] ARM: dts: sunxi: Fix OPPs node name Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 04/50] arm64: dts: allwinner: h5: Fix GPU thermal zone " Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 05/50] arm64: dts: allwinner: a100: Fix " Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 06/50] staging: wfx: ensure IRQ is ready before enabling it Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 07/50] ARM: dts: NSP: Fix mpcore, mmc node names Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 08/50] scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 09/50] arm64: dts: rockchip: Disable CDN DP on Pinebook Pro Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 10/50] arm64: dts: hisilicon: fix arm,sp805 compatible string Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 11/50] arm64: dts: rockchip: add Coresight debug range for RK3399 Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 12/50] RDMA/bnxt_re: Check if the vlan is valid before reporting Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 13/50] bus: ti-sysc: Add quirk handling for reinit on context lost Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 14/50] bus: ti-sysc: Use context lost quirks for gpmc Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 15/50] bus: ti-sysc: Use context lost quirk for otg Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 16/50] usb: musb: tusb6010: check return value after calling platform_get_resource() Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 17/50] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 18/50] ARM: dts: ux500: Skomer regulator fixes Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 19/50] staging: rtl8723bs: remove possible deadlock when disconnect (v2) Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 20/50] ARM: BCM53016: Specify switch ports for Meraki MR32 Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 21/50] arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 22/50] arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 23/50] arm64: dts: qcom: msm8916: Add unit name for /soc node Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 24/50] arm64: dts: freescale: fix arm,sp805 compatible string Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 25/50] ASoC: SOF: Intel: hda-dai: fix potential locking issue Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 26/50] clk: imx: imx6ul: Move csi_sel mux to correct base register Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 27/50] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 28/50] scsi: advansys: Fix kernel pointer leak Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 29/50] ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices based on ES8336 codec Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 30/50] ASoC: Intel: sof_sdw: add missing quirk for Dell SKU 0A45 Sasha Levin
2021-11-09 22:20 ` Sasha Levin [this message]
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 32/50] cpuidle: tegra: Check whether PMC is ready Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 33/50] ARM: dts: omap: fix gpmc,mux-add-data type Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 34/50] usb: host: ohci-tmio: check return value after calling platform_get_resource() Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 35/50] ARM: dts: ls1021a: move thermal-zones node out of soc/ Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 36/50] ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 37/50] ALSA: ISA: not for M68K Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 38/50] tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 39/50] MIPS: sni: Fix the build Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 40/50] scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 41/50] scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 42/50] scsi: target: Fix ordered tag handling Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 43/50] scsi: target: Fix alua_tg_pt_gps_count tracking Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 44/50] iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 45/50] powerpc/5200: dts: fix memory node unit name Sasha Levin
2021-11-09 22:20 ` [PATCH AUTOSEL 5.10 46/50] arm64: dts: qcom: msm8916: Add CPU ACC and SAW/SPM Sasha Levin
2021-11-09 22:21 ` [PATCH AUTOSEL 5.10 47/50] ARM: dts: qcom: fix memory and mdio nodes naming for RB3011 Sasha Levin
2021-11-09 22:21 ` [PATCH AUTOSEL 5.10 48/50] ALSA: gus: fix null pointer dereference on pointer block Sasha Levin
2021-11-09 22:21 ` [PATCH AUTOSEL 5.10 49/50] powerpc/dcr: Use cmplwi instead of 3-argument cmpli Sasha Levin
2021-11-09 22:21 ` [PATCH AUTOSEL 5.10 50/50] powerpc/8xx: Fix Oops with STRICT_KERNEL_RWX without DEBUG_RODATA_TEST Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211109222103.1234885-31-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).