| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241220173516.907406-3-ckeepax@opensource.cirrus.com>
Date: Fri, 20 Dec 2024 17:35:14 +0000
From: Charles Keepax <ckeepax@...nsource.cirrus.com>
To: <broonie@...nel.org>
CC: <lgirdwood@...il.com>, <peter.ujfalusi@...ux.intel.com>,
<yung-chuan.liao@...ux.intel.com>, <pierre-louis.bossart@...ux.dev>,
<linux-sound@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<patches@...nsource.cirrus.com>
Subject: [PATCH 3/5] ASoC: SDCA: Add bounds check for function address
SDCA only supports 3-bits for the function address, but the ACPI value
is 64-bits. Update the code that parses this to do a bounds check
and error out on invalid addresses. Currently, an invalid address
would truncate to the bottom 3-bits when used and thus use a likely
incorrect address. With the bounds check, it is also now safe to
shrink the size of the adr member of sdca_function_desc to a u8 and
rearrange the struct members to pack better with the new size of adr.
Signed-off-by: Charles Keepax <ckeepax@...nsource.cirrus.com>
---
include/sound/sdca.h | 4 ++--
sound/soc/sdca/sdca_functions.c | 9 ++-------
2 files changed, 4 insertions(+), 9 deletions(-)
diff --git a/include/sound/sdca.h b/include/sound/sdca.h
index 3eea1dfec16c..973252d0adac 100644
--- a/include/sound/sdca.h
+++ b/include/sound/sdca.h
@@ -23,9 +23,9 @@ struct sdw_slave;
* @name: human-readable string
*/
struct sdca_function_desc {
- u64 adr;
- u32 type;
const char *name;
+ u32 type;
+ u8 adr;
};
/**
diff --git a/sound/soc/sdca/sdca_functions.c b/sound/soc/sdca/sdca_functions.c
index 46aa874bb0aa..a69fdb9c8b15 100644
--- a/sound/soc/sdca/sdca_functions.c
+++ b/sound/soc/sdca/sdca_functions.c
@@ -108,17 +108,12 @@ static int find_sdca_function(struct acpi_device *adev, void *data)
return -EINVAL;
}
- /*
- * The number of functions cannot exceed 8, we could use
- * acpi_get_local_address() but the value is stored as u64 so
- * we might as well avoid casts and intermediate levels
- */
ret = acpi_get_local_u64_address(adev->handle, &addr);
if (ret < 0)
return ret;
- if (!addr) {
- dev_err(dev, "no addr\n");
+ if (!addr || addr > 0x7) {
+ dev_err(dev, "invalid addr: 0x%llx\n", addr);
return -ENODEV;
}
--
2.39.5
Powered by blists - more mailing lists