From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D4A4C41535 for ; Mon, 15 Nov 2021 20:01:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 22A9061B64 for ; Mon, 15 Nov 2021 20:01:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348691AbhKOT7K (ORCPT ); Mon, 15 Nov 2021 14:59:10 -0500 Received: from mail.kernel.org ([198.145.29.99]:45402 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344107AbhKOTXX (ORCPT ); Mon, 15 Nov 2021 14:23:23 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 234D563629; Mon, 15 Nov 2021 18:52:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1637002322; bh=9XPeT6qZ5vpU1N0TdMKx++5I47YaQ2OzvEuKU7q2wbg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WyP6Fyps6jm8Bc56lCrQZ0kmuSB1HDD37UM2mB0fuutSf3cn68bFyGtuYWacEzeas JhbpVd+A9oEpEPbhpRKhcCjzWA/WOQuczXY5RMCiNM0R1Lh74M8scuUl72X9q2eSAC mJXasA1ccrmXuvpFsd3s4MQY2u8stNftpxXjIYx0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Berg , Luca Coelho , Kalle Valo , Sasha Levin Subject: [PATCH 5.15 488/917] iwlwifi: pnvm: read EFI data only if long enough Date: Mon, 15 Nov 2021 17:59:43 +0100 Message-Id: <20211115165445.336527053@linuxfoundation.org> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211115165428.722074685@linuxfoundation.org> References: <20211115165428.722074685@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Johannes Berg [ Upstream commit e864a77f51d0d8113b49cf7d030bc9dc911c8176 ] If the data we get from EFI is not even long enough for the package struct we expect then ignore it entirely. Signed-off-by: Johannes Berg Fixes: a1a6a4cf49ec ("iwlwifi: pnvm: implement reading PNVM from UEFI") Signed-off-by: Luca Coelho Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/iwlwifi.20211016114029.33feba783518.I54a5cf33975d0330792b3d208b225d479e168f32@changeid Signed-off-by: Sasha Levin --- drivers/net/wireless/intel/iwlwifi/fw/pnvm.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c b/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c index 9b0eee53488ab..069fcbc46d2ba 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c +++ b/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c @@ -284,9 +284,13 @@ int iwl_pnvm_load(struct iwl_trans *trans, /* First attempt to get the PNVM from BIOS */ package = iwl_uefi_get_pnvm(trans, &len); if (!IS_ERR_OR_NULL(package)) { - /* we need only the data */ - len -= sizeof(*package); - data = kmemdup(package->data, len, GFP_KERNEL); + if (len >= sizeof(*package)) { + /* we need only the data */ + len -= sizeof(*package); + data = kmemdup(package->data, len, GFP_KERNEL); + } else { + data = NULL; + } /* free package regardless of whether kmemdup succeeded */ kfree(package); -- 2.33.0