]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 28a5529)
soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
authorBjorn Andersson <bjorn.andersson@linaro.org>
Thu, 7 Jan 2021 23:31:19 +0000 (15:31 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 22 May 2021 08:59:30 +0000 (10:59 +0200)
[ Upstream commit 84168d1b54e76a1bcb5192991adde5176abe02e3 ]

The code validates that segments of p_memsz bytes of a segment will fit
in the provided memory region, but does not validate that p_filesz bytes
will, which means that an incorrectly crafted ELF header might write
beyond the provided memory region.

Fixes: 051fb70fd4ea ("remoteproc: qcom: Driver for the self-authenticating Hexagon v5")
Reviewed-by: Sibi Sankar <sibis@codeaurora.org>
Link: https://lore.kernel.org/r/20210107233119.717173-1-bjorn.andersson@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/soc/qcom/mdt_loader.c patch | blob | blame | history

diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c
index 1c488024c69874d1a8b613f96a5f292ff2cef729..7584b81d06a1dcaa2885f4b120ef109b50d578cf 100644 (file)
--- a/drivers/soc/qcom/mdt_loader.c
+++ b/drivers/soc/qcom/mdt_loader.c
@@ -168,6 +168,14 @@ static int __qcom_mdt_load(struct device *dev, const struct firmware *fw,
                        break;
                }
 
+               if (phdr->p_filesz > phdr->p_memsz) {
+                       dev_err(dev,
+                               "refusing to load segment %d with p_filesz > p_memsz\n",
+                               i);
+                       ret = -EINVAL;
+                       break;
+               }
+
                ptr = mem_region + offset;
 
                if (phdr->p_filesz) {
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git