From ac1ca14fba3b7c535c9da2ce9b6508bcd133be4b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 23 Aug 2025 13:21:29 +0200 Subject: [PATCH] 6.6-stable patches added patches: soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch --- queue-6.6/series | 1 + ...or-return-values-in-mdt_header_valid.patch | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 queue-6.6/soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch diff --git a/queue-6.6/series b/queue-6.6/series index e068e781af..dfab38daeb 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -489,3 +489,4 @@ drm-amd-display-fix-fractional-fb-divider-in-set_pixel_clock_v3.patch drm-amd-display-fix-dp-audio-dto1-clock-source-on-dce-6.patch drm-amd-display-find-first-crtc-and-its-line-time-in-dce110_fill_display_configs.patch drm-amd-display-fill-display-clock-and-vblank-time-in-dce110_fill_display_configs.patch +soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch diff --git a/queue-6.6/soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch b/queue-6.6/soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch new file mode 100644 index 0000000000..1982916cfd --- /dev/null +++ b/queue-6.6/soc-qcom-mdt_loader-fix-error-return-values-in-mdt_header_valid.patch @@ -0,0 +1,42 @@ +From 9f35ab0e53ccbea57bb9cbad8065e0406d516195 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 25 Jun 2025 10:22:41 -0500 +Subject: soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() + +From: Dan Carpenter + +commit 9f35ab0e53ccbea57bb9cbad8065e0406d516195 upstream. + +This function is supposed to return true for valid headers and false for +invalid. In a couple places it returns -EINVAL instead which means the +invalid headers are counted as true. Change it to return false. + +Fixes: 9f9967fed9d0 ("soc: qcom: mdt_loader: Ensure we don't read past the ELF header") +Signed-off-by: Dan Carpenter +Reviewed-by: Konrad Dybcio +Link: https://lore.kernel.org/r/db57c01c-bdcc-4a0f-95db-b0f2784ea91f@sabinyo.mountain +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/soc/qcom/mdt_loader.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/soc/qcom/mdt_loader.c ++++ b/drivers/soc/qcom/mdt_loader.c +@@ -32,14 +32,14 @@ static bool mdt_header_valid(const struc + return false; + + if (ehdr->e_phentsize != sizeof(struct elf32_phdr)) +- return -EINVAL; ++ return false; + + phend = size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), ehdr->e_phoff); + if (phend > fw->size) + return false; + + if (ehdr->e_shentsize != sizeof(struct elf32_shdr)) +- return -EINVAL; ++ return false; + + shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff); + if (shend > fw->size) -- 2.47.3