6.6-stable patches

added patches:
	soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch

diff --git a/queue-6.6/series b/queue-6.6/series
index e068e781af1adbd5dac7d556a98a29216aae82df..dfab38daeba60baee6c462c24465a9bf3ec2ffc0 100644 (file)
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -489,3 +489,4 @@ drm-amd-display-fix-fractional-fb-divider-in-set_pixel_clock_v3.patch
 drm-amd-display-fix-dp-audio-dto1-clock-source-on-dce-6.patch
 drm-amd-display-find-first-crtc-and-its-line-time-in-dce110_fill_display_configs.patch
 drm-amd-display-fill-display-clock-and-vblank-time-in-dce110_fill_display_configs.patch
+soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch

diff --git a/queue-6.6/soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch b/queue-6.6/soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch
new file mode 100644 (file)
index 0000000..1982916
--- /dev/null
+++ b/queue-6.6/soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch
@@ -0,0 +1,42 @@
+From 9f35ab0e53ccbea57bb9cbad8065e0406d516195 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@linaro.org>
+Date: Wed, 25 Jun 2025 10:22:41 -0500
+Subject: soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
+
+From: Dan Carpenter <dan.carpenter@linaro.org>
+
+commit 9f35ab0e53ccbea57bb9cbad8065e0406d516195 upstream.
+
+This function is supposed to return true for valid headers and false for
+invalid.  In a couple places it returns -EINVAL instead which means the
+invalid headers are counted as true.  Change it to return false.
+
+Fixes: 9f9967fed9d0 ("soc: qcom: mdt_loader: Ensure we don't read past the ELF header")
+Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
+Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
+Link: https://lore.kernel.org/r/db57c01c-bdcc-4a0f-95db-b0f2784ea91f@sabinyo.mountain
+Signed-off-by: Bjorn Andersson <andersson@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/soc/qcom/mdt_loader.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/soc/qcom/mdt_loader.c
++++ b/drivers/soc/qcom/mdt_loader.c
+@@ -32,14 +32,14 @@ static bool mdt_header_valid(const struc
+               return false;
+ 
+       if (ehdr->e_phentsize != sizeof(struct elf32_phdr))
+-              return -EINVAL;
++              return false;
+ 
+       phend = size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), ehdr->e_phoff);
+       if (phend > fw->size)
+               return false;
+ 
+       if (ehdr->e_shentsize != sizeof(struct elf32_shdr))
+-              return -EINVAL;
++              return false;
+ 
+       shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff);
+       if (shend > fw->size)