From: "Luis R. Rodriguez" <mcgrof@kernel.org>
To: gregkh@linuxfoundation.org
Cc: bp@suse.de, akpm@linux-foundation.org, josh@joshtriplett.org,
rishabhb@codeaurora.org, kubakici@wp.pl, maco@android.com,
david.brown@linaro.org, bjorn.andersson@linaro.org,
linux-wireless@vger.kernel.org, keescook@chromium.org,
shuah@kernel.org, mfuzzey@parkeon.com, zohar@linux.vnet.ibm.com,
dhowells@redhat.com, pali.rohar@gmail.com, tiwai@suse.de,
arend.vanspriel@broadcom.com, zajec5@gmail.com, nbroeking@me.com,
broonie@kernel.org, dmitry.torokhov@gmail.com,
dwmw2@infradead.org, torvalds@linux-foundation.org,
Abhay_Salunke@dell.com, jewalt@lgsinnovations.com,
cantabile.desu@gmail.com, ast@fb.com, andresx7@gmail.com,
dan.rue@linaro.org, brendanhiggins@google.com,
yzaikin@google.com, sfr@canb.auug.org.au, rdunlap@infradead.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Luis Chamberlain <mcgrof@kernel.org>
Subject: [PATCH 01/14] firmware_loader: fix pre-allocated buf built-in firmware use
Date: Fri, 17 Sep 2021 11:22:13 -0700 [thread overview]
Message-ID: <20210917182226.3532898-2-mcgrof@kernel.org> (raw)
In-Reply-To: <20210917182226.3532898-1-mcgrof@kernel.org>
From: Luis Chamberlain <mcgrof@kernel.org>
The firmware_loader can be used with a pre-allocated buffer
through the use of the API calls:
o request_firmware_into_buf()
o request_partial_firmware_into_buf()
If the firmware was built-in and present, our current check
for if the built-in firmware fits into the pre-allocated buffer
does not return any errors, and we proceed to tell the caller
that everything worked fine. It's a lie and no firmware would
end up being copied into the pre-allocated buffer. So if the
caller trust the result it may end up writing a bunch of 0's
to a device!
Fix this by making the function that checks for the pre-allocated
buffer return non-void. Since the typical use case is when no
pre-allocated buffer is provided make this return successfully
for that case. If the built-in firmware does *not* fit into the
pre-allocated buffer size return a failure as we should have
been doing before.
I'm not aware of users of the built-in firmware using the API
calls with a pre-allocated buffer, as such I doubt this fixes
any real life issue. But you never know... perhaps some oddball
private tree might use it.
In so far as upstream is concerned this just fixes our code for
correctness.
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
---
drivers/base/firmware_loader/main.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
index bdbedc6660a8..ef904b8b112e 100644
--- a/drivers/base/firmware_loader/main.c
+++ b/drivers/base/firmware_loader/main.c
@@ -100,12 +100,15 @@ static struct firmware_cache fw_cache;
extern struct builtin_fw __start_builtin_fw[];
extern struct builtin_fw __end_builtin_fw[];
-static void fw_copy_to_prealloc_buf(struct firmware *fw,
+static bool fw_copy_to_prealloc_buf(struct firmware *fw,
void *buf, size_t size)
{
- if (!buf || size < fw->size)
- return;
+ if (!buf)
+ return true;
+ if (size < fw->size)
+ return false;
memcpy(buf, fw->data, fw->size);
+ return true;
}
static bool fw_get_builtin_firmware(struct firmware *fw, const char *name,
@@ -117,9 +120,7 @@ static bool fw_get_builtin_firmware(struct firmware *fw, const char *name,
if (strcmp(name, b_fw->name) == 0) {
fw->size = b_fw->size;
fw->data = b_fw->data;
- fw_copy_to_prealloc_buf(fw, buf, size);
-
- return true;
+ return fw_copy_to_prealloc_buf(fw, buf, size);
}
}
--
2.30.2
next prev parent reply other threads:[~2021-09-17 18:22 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-17 18:22 [PATCH 00/14] firmware_loader: built-in API and make x86 use it Luis R. Rodriguez
2021-09-17 18:22 ` Luis R. Rodriguez [this message]
2021-09-17 18:22 ` [PATCH 02/14] firmware_loader: split built-in firmware call Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 03/14] firmware_loader: add a sanity check for firmware_request_builtin() Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 04/14] firmware_loader: add built-in firmware kconfig entry Luis R. Rodriguez
2021-10-05 14:30 ` Greg KH
2021-10-11 17:35 ` Luis Chamberlain
2021-10-11 17:46 ` Greg KH
2021-10-11 22:30 ` Luis Chamberlain
2021-10-18 21:00 ` Luis Chamberlain
2021-10-19 6:16 ` Greg KH
2021-10-19 15:52 ` Luis Chamberlain
2021-09-17 18:22 ` [PATCH 05/14] firmware_loader: formalize built-in firmware API Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 06/14] firmware_loader: remove old DECLARE_BUILTIN_FIRMWARE() Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 07/14] x86/microcode: Use the firmware_loader built-in API Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 08/14] firmware_loader: move struct builtin_fw to the only place used Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 09/14] vmlinux.lds.h: wrap built-in firmware support under its kconfig symbol Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 10/14] x86/build: Tuck away built-in firmware " Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 11/14] firmware_loader: rename EXTRA_FIRMWARE and EXTRA_FIRMWARE_DIR Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 12/14] firmware_loader: move builtin build helper to shared library Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 13/14] test_firmware: move a few test knobs out to its library Luis R. Rodriguez
2021-09-17 18:22 ` [PATCH 14/14] test_firmware: add support for testing built-in firmware Luis R. Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210917182226.3532898-2-mcgrof@kernel.org \
--to=mcgrof@kernel.org \
--cc=Abhay_Salunke@dell.com \
--cc=akpm@linux-foundation.org \
--cc=andresx7@gmail.com \
--cc=arend.vanspriel@broadcom.com \
--cc=ast@fb.com \
--cc=bjorn.andersson@linaro.org \
--cc=bp@suse.de \
--cc=brendanhiggins@google.com \
--cc=broonie@kernel.org \
--cc=cantabile.desu@gmail.com \
--cc=dan.rue@linaro.org \
--cc=david.brown@linaro.org \
--cc=dhowells@redhat.com \
--cc=dmitry.torokhov@gmail.com \
--cc=dwmw2@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=jewalt@lgsinnovations.com \
--cc=josh@joshtriplett.org \
--cc=keescook@chromium.org \
--cc=kubakici@wp.pl \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=maco@android.com \
--cc=mfuzzey@parkeon.com \
--cc=nbroeking@me.com \
--cc=pali.rohar@gmail.com \
--cc=rdunlap@infradead.org \
--cc=rishabhb@codeaurora.org \
--cc=sfr@canb.auug.org.au \
--cc=shuah@kernel.org \
--cc=tiwai@suse.de \
--cc=torvalds@linux-foundation.org \
--cc=yzaikin@google.com \
--cc=zajec5@gmail.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).