lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Mar 2021 20:54:43 -0400 From: Sasha Levin <sashal@...nel.org> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org Cc: Mark Pearson <markpearson@...ovo.com>, Philipp Leskovitz <philipp.leskovitz@...unet.com>, Pierre-Louis Bossart <pierre-louis.bossart@...ux.intel.com>, Takashi Iwai <tiwai@...e.de>, Sasha Levin <sashal@...nel.org>, alsa-devel@...a-project.org Subject: [PATCH AUTOSEL 5.11 09/61] ALSA: hda: ignore invalid NHLT table From: Mark Pearson <markpearson@...ovo.com> [ Upstream commit a14a6219996ee6f6e858d83b11affc7907633687 ] On some Lenovo systems if the microphone is disabled in the BIOS only the NHLT table header is created, with no data. This means the endpoints field is not correctly set to zero - leading to an unintialised variable and hence invalid descriptors are parsed leading to page faults. The Lenovo firmware team is addressing this, but adding a check preventing invalid tables being parsed is worthwhile. Tested on a Lenovo T14. Tested-by: Philipp Leskovitz <philipp.leskovitz@...unet.com> Reported-by: Philipp Leskovitz <philipp.leskovitz@...unet.com> Signed-off-by: Mark Pearson <markpearson@...ovo.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@...ux.intel.com> Link: https://lore.kernel.org/r/20210302141003.7342-1-markpearson@lenovo.com Signed-off-by: Takashi Iwai <tiwai@...e.de> Signed-off-by: Sasha Levin <sashal@...nel.org> --- sound/hda/intel-nhlt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sound/hda/intel-nhlt.c b/sound/hda/intel-nhlt.c index d053beccfaec..e2237239d922 100644 --- a/sound/hda/intel-nhlt.c +++ b/sound/hda/intel-nhlt.c @@ -39,6 +39,11 @@ int intel_nhlt_get_dmic_geo(struct device *dev, struct nhlt_acpi_table *nhlt) if (!nhlt) return 0; + if (nhlt->header.length <= sizeof(struct acpi_table_header)) { + dev_warn(dev, "Invalid DMIC description table\n"); + return 0; + } + for (j = 0, epnt = nhlt->desc; j < nhlt->endpoint_count; j++, epnt = (struct nhlt_endpoint *)((u8 *)epnt + epnt->length)) { -- 2.30.1
Powered by blists - more mailing lists