git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Evgeny Pimenov <pimenoveu12@gmail.com>
	Tue, 1 Apr 2025 20:40:58 +0000 (23:40 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 25 Apr 2025 08:45:46 +0000 (10:45 +0200)
commit	a12c14577882b1f2b4cff0f86265682f16e97b0c
tree	b6fb55a7c0730af1d7abad6403f9532143f2f492	tree
parent	bf39a185a6269e7b3ba25f8d223c51323abafad6	commit \| diff

ASoC: qcom: Fix sc7280 lpass potential buffer overflow

commit a31a4934b31faea76e735bab17e63d02fcd8e029 upstream.

Case values introduced in commit
5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution")
cause out of bounds access in arrays of sc7280 driver data (e.g. in case
of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()).

Redefine LPASS_MAX_PORTS to consider the maximum possible port id for
q6dsp as sc7280 driver utilizes some of those values.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 77d0ffef793d ("ASoC: qcom: Add macro for lpass DAI id's max limit")
Cc: stable@vger.kernel.org # v6.0+
Suggested-by: Mikhail Kobuk <m.kobuk@ispras.ru>
Suggested-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Evgeny Pimenov <pimenoveu12@gmail.com>
Link: https://patch.msgid.link/20250401204058.32261-1-pimenoveu12@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>