From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95224C2BA57 for ; Wed, 17 Mar 2021 00:59:13 +0000 (UTC) Received: from alsa0.perex.cz (alsa0.perex.cz [77.48.224.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B61AC64F10 for ; Wed, 17 Mar 2021 00:59:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B61AC64F10 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=alsa-devel-bounces@alsa-project.org Received: from alsa1.perex.cz (alsa1.perex.cz [207.180.221.201]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by alsa0.perex.cz (Postfix) with ESMTPS id 3ECE018DB; Wed, 17 Mar 2021 01:58:21 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa0.perex.cz 3ECE018DB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=alsa-project.org; s=default; t=1615942751; bh=vYyV+kBM1TPUs8JBk1N7OqBCX71hPx7lrnMzeArP0hE=; h=From:To:Subject:Date:In-Reply-To:References:Cc:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=T6S3SmuEPVpC3WlQLqpR23vSgtpPSc78eQlE/n8qSb+NVo9ooa5HjA04Sdf4f2GMN OaJnDVFQ9jOxUQZQ+WSGAAZhwmdLBzzGMZKB9rxp6zPtmXbURNQ0eAsXMQMpB5qMK5 4k/qWPXLOh7yT+4HWFEMndrdtL4Ge8I4N6Uplw7Y= Received: from alsa1.perex.cz (localhost.localdomain [127.0.0.1]) by alsa1.perex.cz (Postfix) with ESMTP id CCBEFF80148; Wed, 17 Mar 2021 01:58:20 +0100 (CET) Received: by alsa1.perex.cz (Postfix, from userid 50401) id 78EEBF80163; Wed, 17 Mar 2021 01:58:19 +0100 (CET) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by alsa1.perex.cz (Postfix) with ESMTPS id 38517F80156 for ; Wed, 17 Mar 2021 01:58:12 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa1.perex.cz 38517F80156 Authentication-Results: alsa1.perex.cz; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Ow0Pdtbw" Received: by mail.kernel.org (Postfix) with ESMTPSA id 34A776500F; Wed, 17 Mar 2021 00:58:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1615942691; bh=vYyV+kBM1TPUs8JBk1N7OqBCX71hPx7lrnMzeArP0hE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ow0Pdtbw03VoqYyaLH5zlQVLOAKxE404ZWhl0kJmopeJ0+VLKtgpNwBDJrmImX+N1 XYcjQIuNmiMxeVCNP4vGx2pCaHrd3xZnsua64O3bOcyKsyH6GLKx0jm7iUC/HxtHpX 8ocu9sefEdvQk7UJ7EH6ywZTBnDr/LmUWNV4jXk1RjdjxytVH+5b3Zd+gNga3M5WyD 2dpahMX8XQ+M8TSWAh3/lGPiNVgUJFSGEWzhb+2Hh7GQ9tQlcMe6nzdDpJGDo5l3E3 FVeWLz7upWOwwwkmdEw5XZ5GAkapOPpqjwSSZjSFEc4so6mdnPpt3J1qCk0bbaUnuc grLhKSlIawsEw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH AUTOSEL 5.4 06/37] ALSA: hda: ignore invalid NHLT table Date: Tue, 16 Mar 2021 20:57:31 -0400 Message-Id: <20210317005802.725825-6-sashal@kernel.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210317005802.725825-1-sashal@kernel.org> References: <20210317005802.725825-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Cc: Sasha Levin , alsa-devel@alsa-project.org, Takashi Iwai , Pierre-Louis Bossart , Philipp Leskovitz , Mark Pearson X-BeenThere: alsa-devel@alsa-project.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Alsa-devel mailing list for ALSA developers - http://www.alsa-project.org" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: alsa-devel-bounces@alsa-project.org Sender: "Alsa-devel" From: Mark Pearson [ Upstream commit a14a6219996ee6f6e858d83b11affc7907633687 ] On some Lenovo systems if the microphone is disabled in the BIOS only the NHLT table header is created, with no data. This means the endpoints field is not correctly set to zero - leading to an unintialised variable and hence invalid descriptors are parsed leading to page faults. The Lenovo firmware team is addressing this, but adding a check preventing invalid tables being parsed is worthwhile. Tested on a Lenovo T14. Tested-by: Philipp Leskovitz Reported-by: Philipp Leskovitz Signed-off-by: Mark Pearson Reviewed-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/20210302141003.7342-1-markpearson@lenovo.com Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin --- sound/hda/intel-nhlt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sound/hda/intel-nhlt.c b/sound/hda/intel-nhlt.c index baeda6c9716a..6ed80a4cba01 100644 --- a/sound/hda/intel-nhlt.c +++ b/sound/hda/intel-nhlt.c @@ -72,6 +72,11 @@ int intel_nhlt_get_dmic_geo(struct device *dev, struct nhlt_acpi_table *nhlt) if (!nhlt) return 0; + if (nhlt->header.length <= sizeof(struct acpi_table_header)) { + dev_warn(dev, "Invalid DMIC description table\n"); + return 0; + } + for (j = 0, epnt = nhlt->desc; j < nhlt->endpoint_count; j++, epnt = (struct nhlt_endpoint *)((u8 *)epnt + epnt->length)) { -- 2.30.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A670CC43381 for ; Wed, 17 Mar 2021 01:01:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8C7C364FE9 for ; Wed, 17 Mar 2021 01:01:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232967AbhCQBBd (ORCPT ); Tue, 16 Mar 2021 21:01:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:37260 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231955AbhCQA6L (ORCPT ); Tue, 16 Mar 2021 20:58:11 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 34A776500F; Wed, 17 Mar 2021 00:58:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1615942691; bh=vYyV+kBM1TPUs8JBk1N7OqBCX71hPx7lrnMzeArP0hE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ow0Pdtbw03VoqYyaLH5zlQVLOAKxE404ZWhl0kJmopeJ0+VLKtgpNwBDJrmImX+N1 XYcjQIuNmiMxeVCNP4vGx2pCaHrd3xZnsua64O3bOcyKsyH6GLKx0jm7iUC/HxtHpX 8ocu9sefEdvQk7UJ7EH6ywZTBnDr/LmUWNV4jXk1RjdjxytVH+5b3Zd+gNga3M5WyD 2dpahMX8XQ+M8TSWAh3/lGPiNVgUJFSGEWzhb+2Hh7GQ9tQlcMe6nzdDpJGDo5l3E3 FVeWLz7upWOwwwkmdEw5XZ5GAkapOPpqjwSSZjSFEc4so6mdnPpt3J1qCk0bbaUnuc grLhKSlIawsEw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Mark Pearson , Philipp Leskovitz , Pierre-Louis Bossart , Takashi Iwai , Sasha Levin , alsa-devel@alsa-project.org Subject: [PATCH AUTOSEL 5.4 06/37] ALSA: hda: ignore invalid NHLT table Date: Tue, 16 Mar 2021 20:57:31 -0400 Message-Id: <20210317005802.725825-6-sashal@kernel.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210317005802.725825-1-sashal@kernel.org> References: <20210317005802.725825-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Pearson [ Upstream commit a14a6219996ee6f6e858d83b11affc7907633687 ] On some Lenovo systems if the microphone is disabled in the BIOS only the NHLT table header is created, with no data. This means the endpoints field is not correctly set to zero - leading to an unintialised variable and hence invalid descriptors are parsed leading to page faults. The Lenovo firmware team is addressing this, but adding a check preventing invalid tables being parsed is worthwhile. Tested on a Lenovo T14. Tested-by: Philipp Leskovitz Reported-by: Philipp Leskovitz Signed-off-by: Mark Pearson Reviewed-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/20210302141003.7342-1-markpearson@lenovo.com Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin --- sound/hda/intel-nhlt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sound/hda/intel-nhlt.c b/sound/hda/intel-nhlt.c index baeda6c9716a..6ed80a4cba01 100644 --- a/sound/hda/intel-nhlt.c +++ b/sound/hda/intel-nhlt.c @@ -72,6 +72,11 @@ int intel_nhlt_get_dmic_geo(struct device *dev, struct nhlt_acpi_table *nhlt) if (!nhlt) return 0; + if (nhlt->header.length <= sizeof(struct acpi_table_header)) { + dev_warn(dev, "Invalid DMIC description table\n"); + return 0; + } + for (j = 0, epnt = nhlt->desc; j < nhlt->endpoint_count; j++, epnt = (struct nhlt_endpoint *)((u8 *)epnt + epnt->length)) { -- 2.30.1