lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c00ae61c-83b9-4816-bd40-582be9e14137@suswa.mountain>
Date: Tue, 5 Aug 2025 12:32:34 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Val Packett <val@...kett.cool>,
	Neil Armstrong <neil.armstrong@...aro.org>
Cc: Bjorn Andersson <andersson@...nel.org>,
	Konrad Dybcio <konradybcio@...nel.org>,
	Dmitry Baryshkov <dmitry.baryshkov@....qualcomm.com>,
	linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
	kernel-janitors@...r.kernel.org,
	Neil Armstrong <neil.armstrong@...aro.org>
Subject: Re: [PATCH] soc: qcom: mdt_loader: Fix error return values in
 mdt_header_valid()

On Mon, Jul 21, 2025 at 08:35:22PM -0300, Val Packett wrote:
> Hi,
> 
> On 6/25/25 12:22 PM, Dan Carpenter wrote:
> > This function is supposed to return true for valid headers and false for
> > invalid.  In a couple places it returns -EINVAL instead which means the
> > invalid headers are counted as true.  Change it to return false.
> [..]
> >   	if (ehdr->e_shentsize != sizeof(struct elf32_shdr))
> > -		return -EINVAL;
> > +		return false;
> >   	shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff);
> >   	if (shend > fw->size)
> 
> this has broken all firmware loading on my x1e laptop (Dell Latitude 7455).
> 
> Apparently e_shentsize is always 0 in Qualcomm firmware files.
> 
> Confirmed externally with readelf:
> 
> % readelf --all
> /lib/firmware/qcom/x1e80100/dell/latitude-7455/qcadsp8380.mbn
> [..]
>   Start of program headers:          52 (bytes into file)
>   Start of section headers:          0 (bytes into file)
>   Flags:                             0x73
>   Size of this header:               52 (bytes)
>   Size of program headers:           32 (bytes)
>   Number of program headers:         58
>   Size of section headers:           0 (bytes)
>   Number of section headers:         0
>   Section header string table index: 0
> 
> There are no sections in this file.
> 
> There are no section groups in this file.
> 
> 
> (Not just with my files, also readelf'd the Lenovo ones committed to
> linux-firmware, same deal.)

Thanks Val,

What a great bug report!  Could you please try the patch I just sent.

Neil, I forgot to CC you.  Sorry!
https://lore.kernel.org/all/5d392867c81da4b667f61430d3aa7065f61b7096.1754385120.git.dan.carpenter@linaro.org/

regards,
dan carpenter


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ