From patchwork Thu Jun 5 13:43:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bjorn Andersson X-Patchwork-Id: 894526 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5B612405ED for ; Thu, 5 Jun 2025 13:43:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749130998; cv=none; b=bX/6VWL0g6eXcXHXXgl8UXNkhXTMxu9ZSCkpXi7d2HJRux0fgioNdkvmLLq/4dUhgrqkmGBa+V2pCFtAZQLFkYKc0fS9GdQBOQnTj47ZgSM0yfgZsLoG8CmondzCZT1pv+h2bpDMoKv0POZyFpvGyh7DXXl5YbR0b9ttTVSCBGg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749130998; c=relaxed/simple; bh=VAZvVY4YvO4yZJam3Pqn64RyEqzAe5U0pqKB9Nl1xSw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=op8ScG2QuzzMRpSKLUtAf5CHcoUnT/4KvW+GSm06mXs1m6MXztWUIJihpccCe9CEArzf5rPE0Va/5jziZw9+61g8x+rDf2oc1gPVYEjpFcrd8++kPqD8MzzVtrUg8ySz5xZ7HeglRtJwdXBbTcAeg7MEAYsQIXBwXoVsa8+4Jac= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=MIUsm2k1; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="MIUsm2k1" Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5557DU9J006332 for ; Thu, 5 Jun 2025 13:43:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= 4K1V7X0mjkkzCtjA8wOdUTAbcAITWxzAG6tod7BBZUY=; b=MIUsm2k1HDuWbw6f sj7bv4aDOBMkQ+Ez3x/M/tTYYfBEEbAT5bBFMO21tSQ7JhyhZ6iC5ecIW0AtissW z8JUiwtDgZmpbToEpPDpfLZ41NNNSWgwiUG4YJWWbaV1N0Ijp6nhoFpOuiuPMgDc KZpxTwiDSK9X2COW4bxzvpJiQU/B2n4LlhQjvFowmaWbORSkOds971IgwlsEwJw+ wPJPINsuUCR204WNVntf+euhpOLjrOzZQS5+/eRAqOjgReQRbdSna9y1ZwEzEFAn 1xexUOBZcISpREreDCUlu6KYY92MSzT83b72lxir0qeRL9KI03K6zWV4SPIyM+Gh oU/y/w== Received: from mail-oo1-f72.google.com (mail-oo1-f72.google.com [209.85.161.72]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 471g8t1f52-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Thu, 05 Jun 2025 13:43:15 +0000 (GMT) Received: by mail-oo1-f72.google.com with SMTP id 006d021491bc7-60d2dc0c4f8so1529826eaf.0 for ; Thu, 05 Jun 2025 06:43:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749130994; x=1749735794; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4K1V7X0mjkkzCtjA8wOdUTAbcAITWxzAG6tod7BBZUY=; b=uFMGdWwKVyEvhO5KfuDjOJISMTimfphuqcB12DkF0UFTMQj2xlJ2LGFGkKdVsliM6F 2BUnHN+SF7pX0hgtD6xDtCE6yIsDJi7K56cCIItvJhvR6g7Em9qCu03ymwmWh7uQslGx qAUztKuEg/sRTkcUNi0rdo5lALFZLyGR0oihkKl2GyiQ/CMFTONakruT2GsgKlFK692W EmHNeJyIi4OrWutL2CmYR62pgXU6AuDevf3RjC0e3DkeR+DA5L7TyYS9cgHC4/YREPCI asQgZmhITFLKzAQVtLXw5qAVKiiPf7nPfLB60SvC1KDIPmUpSqQCRnovcxr8kwd3QSPe cBJg== X-Gm-Message-State: AOJu0YyfIWVdlBciMFUY2wkH4dVRId+LQ2kgWoaQodSZdzRoeOrpA9q1 /wD1ikFVQQ/auVYP2EzDeY0WZhnhAA3N1PEMQdjMu86uHfJkAyidaQNWh+N3W5++WaP5lpUh9OJ 3NsxEc6yaTsy0Ex+9VKwH7K42cnhi0UTcM+II4nWtZm9GnEh5ttko66JMGzw1XV145XX4 X-Gm-Gg: ASbGnct4X9yCkuuNXcWWmpZeM5H+eq9Qg5RwV5a1J4rzG+vfqLsg4534dExB1f7YENa 1RdIXzS0HdDQoO2pEt0RC03YJ3w4+t3qd+q3pHh+ENAVWTKVE7BuksfdrFk4vXECdUW7U6CpROB qFlVHy9MDbxLkKdIFER7whalCwyHig7DsZIqkOES/E3gt3Oa+AOtgez6mw9i4iG8MgBrfDFpd3V O/FP1/e54stmt7DBM+IQYKoOTlYFItz5j08d4UH4DN1hVAcdLSBNdS86yTSzMf+53seb7mSqjrm Z8/ophrtyoUJwf5pk01G/sSsDLP6PNhg/i5oELbQyEwQS0jaApoHNIVEVD8hKM+ID1eegx8hWY6 VXs64UEbRdbQ= X-Received: by 2002:a05:6808:398c:b0:406:6875:3f0b with SMTP id 5614622812f47-408fab8b28cmr2811697b6e.7.1749130994483; Thu, 05 Jun 2025 06:43:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGVO4JnGuwbYTanrmVGFuPGT0vXXaE6+r6I65XBXdCTONC7vN0Ig72qhyjwBB4WTSWBBcIaYw== X-Received: by 2002:a05:6808:398c:b0:406:6875:3f0b with SMTP id 5614622812f47-408fab8b28cmr2811682b6e.7.1749130994131; Thu, 05 Jun 2025 06:43:14 -0700 (PDT) Received: from [192.168.86.65] (104-57-184-186.lightspeed.austtx.sbcglobal.net. [104.57.184.186]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-60c1eb719f8sm2691359eaf.28.2025.06.05.06.43.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Jun 2025 06:43:13 -0700 (PDT) From: Bjorn Andersson Date: Thu, 05 Jun 2025 08:43:00 -0500 Subject: [PATCH 1/3] soc: qcom: mdt_loader: Ensure we don't read past the ELF header Precedence: bulk X-Mailing-List: linux-arm-msm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250605-mdt-loader-validation-and-fixes-v1-1-29e22e7a82f4@oss.qualcomm.com> References: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> In-Reply-To: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> To: Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, Mukesh Ojha , Doug Anderson , Bjorn Andersson , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2788; i=bjorn.andersson@oss.qualcomm.com; h=from:subject:message-id; bh=VAZvVY4YvO4yZJam3Pqn64RyEqzAe5U0pqKB9Nl1xSw=; b=owEBgwJ8/ZANAwAIAQsfOT8Nma3FAcsmYgBoQZ7wAqUKHWx5c58KFtrNhi1WL9mDfy3fQItYg wVrzRnDtYiJAkkEAAEIADMWIQQF3gPMXzXqTwlm1SULHzk/DZmtxQUCaEGe8BUcYW5kZXJzc29u QGtlcm5lbC5vcmcACgkQCx85Pw2ZrcUXbBAAwnO6nb6pVq3Y8z20lFrjxXplNhoWbkPBK4mPuxS mBiFeoCsC1o5w0QkoFilM1m9PwsF7Q1rHWiuj8NtiGaCTMuCr2fCtjvbpBLKHOXmJFbkAMVCD7D nC3e12G080tmK1ytZ6YaUxLJ7KxSar5HOWZpgKwvl3etBpKuxBo9RE6fSnxDC9kCRSdPeFbfEVD NwUv3K2MLTNj2+GjpGlLR1CG/LMaPYvpS0D4l/AnpT1HDbk3HKHBN7aZ6iK4Iu/jZA+jSToqhe9 pblCaTdLCAC8X055d7cOp1nLU9pNm/8TFwTi1LmudeICp5pGKYH4zJo6QEN2qf+8gNzfcOq+hL/ wZamX32BWdgI02HDBboUgOkcZFbbI/2yN+wm5Lv2ruvxjVJPE6/56RoWTfrx+oMHwquibpuxI6k Zt4vH0tw3Bho12O71POPh8ct8pDn0pq2vIPMzWNpVQMt4/aM2oooRbi6JSDms5eHqwo1nSTLax8 osnCuqfNfHfG0KOUTrOv2bV+89GjTV9jdAheC71M1OeyAwhm6qDHCw0bOICYD/EabT5k54HetG+ 22sQk1GgsfLmMWLtrhc+PDgBIEPQQo52IhFMZMtHUubaAVWlZWuhHcyFK8e4Pkyj6+LUl2lysav PCmHVzW0xXo2WLVV1FahABDuZnci9AEW5FbBxEhHY3qY= X-Developer-Key: i=bjorn.andersson@oss.qualcomm.com; a=openpgp; fpr=05DE03CC5F35EA4F0966D5250B1F393F0D99ADC5 X-Proofpoint-ORIG-GUID: rp5nSZiBex02q0L1d0Pt3FRM2bwHm-T8 X-Authority-Analysis: v=2.4 cv=EPcG00ZC c=1 sm=1 tr=0 ts=68419ef3 cx=c_pps a=wURt19dY5n+H4uQbQt9s7g==:117 a=DaeiM5VmU20ml6RIjrOvYw==:17 a=IkcTkHD0fZMA:10 a=6IFa9wvqVegA:10 a=VwQbUJbxAAAA:8 a=cm27Pg_UAAAA:8 a=EUspDBNiAAAA:8 a=R2NP8FmM25b3pXeoK7YA:9 a=QEXdDO2ut3YA:10 a=-UhsvdU3ccFDOXFxFb4l:22 X-Proofpoint-GUID: rp5nSZiBex02q0L1d0Pt3FRM2bwHm-T8 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjA1MDExNyBTYWx0ZWRfX7ETrYnH3AS1/ SinSeTjDXONpamJ31c9tWJ4U/9qeCgT/Tzw5lK/YvJEL7WBHuUBuGQ38T0qr4hlT7sKbmIM4ZCm QWOPCaPTGYPPxluBPGYM0dDZbq9B+f2Lm1ByoWrfCtXKrnomLsvne7EwEiFbdr+1XQPJirDVwWo I+x3gKHeqwjHQIHEiSPDhbUlMvZKY/cazPAOYya2pu5LnY0+pmPCrJJ9STzzK1cDhz57iJKvjgV nivSKgHb45s6OV5IvX6QSo5fwvKaB3NZ2mR+2u33YuRNv5vc4kZbJWcqWoxGEED8XeRKn1nWSFY EotlP8tEdKtQPYMnbLZLgvwDJKVQub5a0+Lm154nJB+sfecp4BOlkot6PxZouFVVogHiWlejSY2 bM+yHzpdDmJJZtO3Hb80XX8eQMVbbIbeUTZvjg0dfeTrIbwhdYjZDxtgK/wlB8TTAW01h46k X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-05_02,2025-06-05_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 bulkscore=0 priorityscore=1501 phishscore=0 impostorscore=0 lowpriorityscore=0 adultscore=0 malwarescore=0 mlxscore=0 clxscore=1015 mlxlogscore=999 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506050117 When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. Fixes: 2aad40d911ee ("remoteproc: Move qcom_mdt_loader into drivers/soc/qcom") Cc: Reported-by: Doug Anderson Signed-off-by: Bjorn Andersson --- drivers/soc/qcom/mdt_loader.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index b2c0fb55d4ae678ee333f0d6b8b586de319f53b1..1da22b23d19d28678ec78cccdf8c328b50d3ffda 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -18,6 +18,31 @@ #include #include +static bool mdt_header_valid(const struct firmware *fw) +{ + const struct elf32_hdr *ehdr; + size_t phend; + size_t shend; + + if (fw->size < sizeof(*ehdr)) + return false; + + ehdr = (struct elf32_hdr *)fw->data; + + if (memcmp(ehdr->e_ident, ELFMAG, SELFMAG)) + return false; + + phend = size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), ehdr->e_phoff); + if (phend > fw->size) + return false; + + shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff); + if (shend > fw->size) + return false; + + return true; +} + static bool mdt_phdr_valid(const struct elf32_phdr *phdr) { if (phdr->p_type != PT_LOAD) @@ -82,6 +107,9 @@ ssize_t qcom_mdt_get_size(const struct firmware *fw) phys_addr_t max_addr = 0; int i; + if (!mdt_header_valid(fw)) + return -EINVAL; + ehdr = (struct elf32_hdr *)fw->data; phdrs = (struct elf32_phdr *)(ehdr + 1); @@ -134,6 +162,9 @@ void *qcom_mdt_read_metadata(const struct firmware *fw, size_t *data_len, ssize_t ret; void *data; + if (!mdt_header_valid(fw)) + return ERR_PTR(-EINVAL); + ehdr = (struct elf32_hdr *)fw->data; phdrs = (struct elf32_phdr *)(ehdr + 1); @@ -214,6 +245,9 @@ int qcom_mdt_pas_init(struct device *dev, const struct firmware *fw, int ret; int i; + if (!mdt_header_valid(fw)) + return -EINVAL; + ehdr = (struct elf32_hdr *)fw->data; phdrs = (struct elf32_phdr *)(ehdr + 1); @@ -310,6 +344,9 @@ static int __qcom_mdt_load(struct device *dev, const struct firmware *fw, if (!fw || !mem_region || !mem_phys || !mem_size) return -EINVAL; + if (!mdt_header_valid(fw)) + return -EINVAL; + is_split = qcom_mdt_bins_are_split(fw, fw_name); ehdr = (struct elf32_hdr *)fw->data; phdrs = (struct elf32_phdr *)(ehdr + 1); From patchwork Thu Jun 5 13:43:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bjorn Andersson X-Patchwork-Id: 894255 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4EB3F25D546 for ; Thu, 5 Jun 2025 13:43:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749130999; cv=none; b=FBd4dnWVhq6sKpsXSwpnmd0tKH3sORPOPJWs6rE1w21Wa2ex4b7r1UdKMFpJKbqjjtESIhK+GDdYOw6fh2JZDtd3MXqJdARyR3oJ9CZZ8gc/xdvTH8mV/hlUlPd7qQlMZHHRN0XCyoG7RdPFFoNENaGeo75xvnR+/RRtDtH6nOc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749130999; c=relaxed/simple; bh=ah/lhWzPd3F4x1p9T5vxQvIqsGcJdDNhQG2J7Kb+OHE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Unc1krycpaH3XSlPbrt4MZiIJ1Pbudn55J8QqbE3xHAKZnpol83qgMJ50WGeFCr0MbiwTNy1+B7colLzYkg2NWMrTeVDQd29fzeLUR7B6D7j3QBFkD7Fo3P5qIVKAqRreig6Hwi6A1AVWX5BDpOPdTp7kTmiojy49k6PHcHxaD4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=lsP/yj0M; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="lsP/yj0M" Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5559EKJY013107 for ; Thu, 5 Jun 2025 13:43:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= uA1ezJb5O6oxjcWW0nT9EUP50nDItWbzBteKzRW6CE4=; b=lsP/yj0MX3g97cK+ P9CbRXRZryyaJb+RWHkKdwO5bRrvy2YoVH+vb4NgAulUkzcj8AAaR8bX1sbS9Tka cUZiThKOCUSEWYRaQDkqlCe6ZvIzzKyIXHW4CkjNM/zqxLZI6xxo9mEDOVNk3jIP krKWzHcahYUJ3kToHmVlXEcydFMOndVgj2PJ85x9Q/PTOzs5YNhc0wjF+MS40dmi +63tkC2vuwHEKAgbS5/vRwo85c3+lJPtHY53Up9Wo+uDKBv7yhzuPtDtoS4HkoUS AzeI/ldkRSNSsBXj3tCUuIlDwyvuLPZqqo6gRvkNvTNZwRe8inqYhHieRHokEuvb wNNECQ== Received: from mail-oo1-f69.google.com (mail-oo1-f69.google.com [209.85.161.69]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 47202wf32a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Thu, 05 Jun 2025 13:43:16 +0000 (GMT) Received: by mail-oo1-f69.google.com with SMTP id 006d021491bc7-60b90c2e011so777019eaf.2 for ; Thu, 05 Jun 2025 06:43:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749130995; x=1749735795; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uA1ezJb5O6oxjcWW0nT9EUP50nDItWbzBteKzRW6CE4=; b=Q+5MZj+nle1xrtFBrmpUQfy1GNwv2KAFJbDLjgBKFMV6Zz/EKDePOJ5rCY1N3u3fZ6 rrjQO+qun05lcck5CUYfNSZa/wQTmJAO7doJszh3cLPNIGMxAbPTiX8BTdvzKYWaflG5 qf6jQMNQ0sQIgGnPekyezWewhQAF42sfLqg9k6q2BmDeB3pj13iNcRriA4BmR2oCjW6B e5JxUqj36Wom8iMDDV2S0GTqXD/TTuCIsrRLRA4iIHyclna+cBT7LtS57SXZ+sNnQWfg uhBGBUS7q7AMX59+F1j5pdu9hA1fekzz69Gy9WequH7gAMLXjsv9mp0OdQxtEZPu2uQo EZAA== X-Gm-Message-State: AOJu0Yw1kMkFn04vYmeqeg2eTaeTz7Q3YcKHubeXqH/vvpom5yo+7oav 4qIP21Y8+sIRTJwr4mxxIUmXUG8B3uW13h/b1pMt0qOe4dyNbBKJNmfQeOUDoOK2fXo2PYxFKMk ljHGLoTY1tKXAT0P85uh4TP96xenSHHR+CB1u566T+Pi64NYW/Zgc0F4mmHnf7K7tm0LipwnOhb 8E/ns= X-Gm-Gg: ASbGncuhOc9YsmOphgFI5Y3VtVosTuQl1cndD4yY0scykb2LGw6ZckL3/JlWmtw9qhW xsCd6MW3Ubry8xx9ZMPi7zeZons2+2x0+dw2jVed82D17RZS/kDA3pJdKGEOKGZgfawcwEA+ZCl gE9qm1VjyxmuI9QFAS5r7jTKVEKc4ItGYGY9Js53SL7jGDPT4ZOutQ2vN3oJX5Cw6OjvV9QV2Kp 48YynWCa8uz/rnNkUJimaMSYEKC8n4WmzoM9e6X1oHIRo+vL4hFBTUmV4henKAAKYiRH+t8lr2r NUMzUa4L1f2SKZIH5tLXFNdBy7JXg82Ufye7iu6wHs/fCAhhzccXVDn2GNpfYrqPdwtNUKjIypD GvxpnblnSkIw= X-Received: by 2002:a05:6820:1a4b:b0:60f:16d3:df3 with SMTP id 006d021491bc7-60f16d30e9cmr2688586eaf.1.1749130995219; Thu, 05 Jun 2025 06:43:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEturGnep5hT4yRWVQtDibkZa+fM7EuTbrFdkm034fDMEJK89puu1r7Ay4+am4powKAWqTZkw== X-Received: by 2002:a05:6820:1a4b:b0:60f:16d3:df3 with SMTP id 006d021491bc7-60f16d30e9cmr2688561eaf.1.1749130994887; Thu, 05 Jun 2025 06:43:14 -0700 (PDT) Received: from [192.168.86.65] (104-57-184-186.lightspeed.austtx.sbcglobal.net. [104.57.184.186]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-60c1eb719f8sm2691359eaf.28.2025.06.05.06.43.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Jun 2025 06:43:14 -0700 (PDT) From: Bjorn Andersson Date: Thu, 05 Jun 2025 08:43:01 -0500 Subject: [PATCH 2/3] soc: qcom: mdt_loader: Rename mdt_phdr_valid() Precedence: bulk X-Mailing-List: linux-arm-msm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250605-mdt-loader-validation-and-fixes-v1-2-29e22e7a82f4@oss.qualcomm.com> References: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> In-Reply-To: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> To: Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, Mukesh Ojha , Doug Anderson , Bjorn Andersson X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2112; i=bjorn.andersson@oss.qualcomm.com; h=from:subject:message-id; bh=ah/lhWzPd3F4x1p9T5vxQvIqsGcJdDNhQG2J7Kb+OHE=; b=owEBgwJ8/ZANAwAIAQsfOT8Nma3FAcsmYgBoQZ7wXUj7o6UHoQ2l61kxh16BQCsmUUAqCTemp pNvsfa/6gmJAkkEAAEIADMWIQQF3gPMXzXqTwlm1SULHzk/DZmtxQUCaEGe8BUcYW5kZXJzc29u QGtlcm5lbC5vcmcACgkQCx85Pw2ZrcVAUBAArbl+Hamg8b3CeUtjZZ+Gal6gvxcLCuz1cu7yEX8 JW5xDvy8D+CJ0tcApo/zFOeEWkVW2dktRdqSHXTLbm1cB4BPgKdqK1VpabzntNV+H7zA0POIR4q myuILdhhpNBJqz9F78fIuAdWvPFSaLFi7FnaEjJvaw3vj4kpnCnDko8VYIiLK8ReD37KwrV15Uc OcbUGMZs4xQAxKQieHdtppJ5KMF2FG4UFsVqSkzPL6jaFODrx3ob3XFJlxdK9WguZzjbUb9LKxx hepIsc2fKYtssbIeCuGzYrotyOemh8sinx+HUc7dX3cPuUaoBpOArJY3+67f22T3SMvQz1LtvpC ISVPbAOApnCqnpFtBVg71VCdaX8Y4fmA2ArZFkQbczF4h9WRDMkRNxpCzxHYqsDKgOE8PnV0eLL o1Y9ciNuZIguk2tlJxOLQaufDm3y/L8a1XgEH7TlJaTyNEri3RCTjGWWiaLBrxJQIKX9yXyUiYN pSyPK3zwdzAkdKVXCCB03gWi2MKbwMc+p8/lyoccMvzYrWz+MrYmez/aWlJjRR9reWbPXm84zCC vkDZmeQvxso3pE3LPAJIrNKoIaAf7BcZQ/Ig14rDmrhSSUWP7c/0LboVKp1eeQVzewvu823Gk/H fLEeNQ4PxrRljwxGniTzeR1Kb3j5WbPxlA5R2n8ZrfC0= X-Developer-Key: i=bjorn.andersson@oss.qualcomm.com; a=openpgp; fpr=05DE03CC5F35EA4F0966D5250B1F393F0D99ADC5 X-Proofpoint-ORIG-GUID: 8exvnpH3WU_mNskLrtRxzc2m8O3nKwuw X-Proofpoint-GUID: 8exvnpH3WU_mNskLrtRxzc2m8O3nKwuw X-Authority-Analysis: v=2.4 cv=Y/D4sgeN c=1 sm=1 tr=0 ts=68419ef4 cx=c_pps a=lVi5GcDxkcJcfCmEjVJoaw==:117 a=DaeiM5VmU20ml6RIjrOvYw==:17 a=IkcTkHD0fZMA:10 a=6IFa9wvqVegA:10 a=EUspDBNiAAAA:8 a=f2cNVZAXkzJHwsNSZUYA:9 a=QEXdDO2ut3YA:10 a=rBiNkAWo9uy_4UTK5NWh:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjA1MDExNyBTYWx0ZWRfXxMB5VtkmPmec qq1mD4wkXJhamDT/a5Tye2LWahF6Bi3635ShkIER2d8n65iMEsAuhf1SS1fhdjfmPg+rFv8kBZ/ s5VSUsdrIOQSB6kyynf8mC/ujbg6BKRBOUKTk8uy7AXJCZSB0axoAWAP3tTJ6XAzN140KOgVtIc dRCfYkU3VV3KDW1hdwf3sVdMA5vCOQjVW9U0EpHz084c5sahohuUd+Sb1kw1wfvirwQeGm6bx7K CnPY8Zs/5vFTP87wO0LCkepM3CIODrlHns3rkvpu5nPoMY2yjF3vnFLcOqJOAv0eB0lMJVvpVX5 a2UPDg6en4yhBjZ9Jg7omFojJnMtB/fOPExdN6rUpGlHJyYsoyO0bEKS/gAgFsl9zNB/h4oTuP7 Vitom+NdxICNtjwjFN+dvegQlWf4o/KbJ7rGEo+ckCuW7leK6TDtYkG20A8Z1b7Mo2TVHI86 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-05_02,2025-06-05_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 spamscore=0 adultscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0 mlxscore=0 mlxlogscore=999 malwarescore=0 bulkscore=0 suspectscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506050117 The function checks if a program header refers to a PT_LOAD segment, that isn't a hash segment (which should be PT_LOAD in the first place), andwith non-zero size. That's not the definition of "valid", but rather if it's "loadable". Rename the function to reflect what it does. Signed-off-by: Bjorn Andersson --- drivers/soc/qcom/mdt_loader.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index 1da22b23d19d28678ec78cccdf8c328b50d3ffda..dd3875dd7ef68d1f135efd8efdf5634f27aadd5e 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -43,7 +43,7 @@ static bool mdt_header_valid(const struct firmware *fw) return true; } -static bool mdt_phdr_valid(const struct elf32_phdr *phdr) +static bool mdt_phdr_loadable(const struct elf32_phdr *phdr) { if (phdr->p_type != PT_LOAD) return false; @@ -116,7 +116,7 @@ ssize_t qcom_mdt_get_size(const struct firmware *fw) for (i = 0; i < ehdr->e_phnum; i++) { phdr = &phdrs[i]; - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; if (phdr->p_paddr < min_addr) @@ -254,7 +254,7 @@ int qcom_mdt_pas_init(struct device *dev, const struct firmware *fw, for (i = 0; i < ehdr->e_phnum; i++) { phdr = &phdrs[i]; - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; if (phdr->p_flags & QCOM_MDT_RELOCATABLE) @@ -354,7 +354,7 @@ static int __qcom_mdt_load(struct device *dev, const struct firmware *fw, for (i = 0; i < ehdr->e_phnum; i++) { phdr = &phdrs[i]; - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; if (phdr->p_flags & QCOM_MDT_RELOCATABLE) @@ -381,7 +381,7 @@ static int __qcom_mdt_load(struct device *dev, const struct firmware *fw, for (i = 0; i < ehdr->e_phnum; i++) { phdr = &phdrs[i]; - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; offset = phdr->p_paddr - mem_reloc; From patchwork Thu Jun 5 13:43:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bjorn Andersson X-Patchwork-Id: 894525 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 36F8225D8E3 for ; Thu, 5 Jun 2025 13:43:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749131000; cv=none; b=UjZH7NUZNQpLd+wb2zqQYcDj7SlKpEv1QXXOqRWpKfBbXYym/X+dgKnwynXaWVAJYQ0Njd4Ek9/57WtHW6M23Y3OtsizhUDQbkzLmnGs0EkLCxEX9qu+Zcma8aMCMjJQLs8ebdMCe/DIAZfSPVBXxa97jEDnH/ZClYTHRH4Cu+0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749131000; c=relaxed/simple; bh=4LG9aen+UKEmXElW3km0tU+Gv6VrtGDS/2bhhYgau/w=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=SvkjrjnQP4ccR2m3Onu1dwZyOR26JjfV9aXuRtQZl5EneVOc7SNq+HLY6ryOT6FE6Iks1r9G5S+vtYNHTfYzgTNmGIEsR79VmFMpSt9HjrJXDgDXTjxQE4xud3Sggm0kRMkzGAwEb4H7Zb0wwhInBMfddztYr1ZM7J+X5GMFqj4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=L1wbxHOW; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="L1wbxHOW" Received: from pps.filterd (m0279862.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 555A0bc2012737 for ; Thu, 5 Jun 2025 13:43:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= EcVfgrO/ZjVFn++fwRV+p0fV27JSng2FzXTeHDTEDz4=; b=L1wbxHOWeQ0yxPfj l2QfZ6Qrw5hivc4zXPDGHaqWT/n0J2vfd4i5DumDok40cH3fSQW5+SNE7+EOdpTm NExqpXjeWQ2im7zZcfYTEQCtg+gKXRElLosEk7y/u/nWyEGJQeIW5kMVI3R/2ATL R9q/BrHNfDkX0q3y19zwTNXTocGCITPILoNkSJUMeIYJ1aDCGd8FReTfZOHfamTU 1AOQTl0ZIwIXDC9I/lCJX6gkeGr/lISrzqwLGy4w1pjRU9Y8qbgE5WpGBky5tzse m0DeVvgxjukXnSdj5sLM1fmoVCuxJqDcg1NgoXfG2BRiV1Q418MJLrlWPkV0cRFC mpvwHw== Received: from mail-oo1-f72.google.com (mail-oo1-f72.google.com [209.85.161.72]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 472be855r3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Thu, 05 Jun 2025 13:43:17 +0000 (GMT) Received: by mail-oo1-f72.google.com with SMTP id 006d021491bc7-60b90c2e011so777039eaf.2 for ; Thu, 05 Jun 2025 06:43:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749130996; x=1749735796; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EcVfgrO/ZjVFn++fwRV+p0fV27JSng2FzXTeHDTEDz4=; b=J7t9/UgbaVwIkmlwyRa7qONF0UH3De5eiVWofqg0kRe6gGmhkoDMbZkt6lTxeTFltu 8ztIdPIUk2Il+Zs+bxGEubeSYFZcynuqeA/H9mL9jxy4juVRQnOdH9V++Iz7C4IpsTbb XJPvCCp6lobYrBns/wNiCL7sw8dxcubDEAMTEaHVrAWNb6Z5nbdCMZqf2BP2h0niIvS1 AQhlbrXoll16Ahp/GOf1yb7K53owBbN5TrBY4S7JfFzmthED28uPYgnmWQP3QTFnN9Fz 8ZJ5j7FVjJptGxhJ+jmZl55jN80cpzAIVhTexqFtG2XmSp2h83/AlOs506D86+CuuE7a 8DEg== X-Gm-Message-State: AOJu0YzbC21LfFoayZY3Xa1IfSBLZEh/XqBcwET1OLmAXF23LOOwEIL5 xq6ZRBOMb/WGEv60WONwjdopnBGB56hsztW906KcnIMLn+yHZHxXwOn+ApV9i2YAKWoyFpvyOys gO4CYHOTWsa8WoU7DKUEWuHxLC175ZY8cmQNSYCF5yjn5Zz1MwQWJr+qA9oB0jaGVkK9b X-Gm-Gg: ASbGncstzUVefT9y9cH1lcN2UwIve2nBm7C3rO80cidXaK3MUjgDSyPPw5WhTSiOJMT KcOuGAn+meOE0z9eQIL/r0DxYi+jvIVQ7FTjPjhxoYALKNkw6LXBVQJ70+HW6n/GiJizhfzTPWz Etn1FbSAaLplanc06cRdUm8AgJPAu8oeHdnOm9ae3aNWTkd+lPqMBfSbIqylUuXCv7uCEHsGPGR T2wyVExkqR10VwYBRZv1RNKpETDHarfnFTml9vokka56qig0+AHrA4D5oE15o4qJak/3V0inKOy nq+keWdcQb2yq+FW1MMx67iIhpT2D0MJvQbXQpSw0Cp85xOHbghJCSTQMmzD6K7C8q8ZJaQjhHk JqchELefesP8= X-Received: by 2002:a05:6820:1e0e:b0:60b:ecbc:dc50 with SMTP id 006d021491bc7-60f0c7ca167mr5018553eaf.3.1749130996181; Thu, 05 Jun 2025 06:43:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFiiD9ljtJHB+ylVXFa9d85uIWbOmYp4glyZzk87k6EP3VaYO5FO8iTw08AMLXnnbkDXIS4mw== X-Received: by 2002:a05:6820:1e0e:b0:60b:ecbc:dc50 with SMTP id 006d021491bc7-60f0c7ca167mr5018490eaf.3.1749130995829; Thu, 05 Jun 2025 06:43:15 -0700 (PDT) Received: from [192.168.86.65] (104-57-184-186.lightspeed.austtx.sbcglobal.net. [104.57.184.186]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-60c1eb719f8sm2691359eaf.28.2025.06.05.06.43.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Jun 2025 06:43:15 -0700 (PDT) From: Bjorn Andersson Date: Thu, 05 Jun 2025 08:43:02 -0500 Subject: [PATCH 3/3] soc: qcom: mdt_loader: Actually use the e_phoff Precedence: bulk X-Mailing-List: linux-arm-msm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250605-mdt-loader-validation-and-fixes-v1-3-29e22e7a82f4@oss.qualcomm.com> References: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> In-Reply-To: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> To: Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, Mukesh Ojha , Doug Anderson , Bjorn Andersson X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2254; i=bjorn.andersson@oss.qualcomm.com; h=from:subject:message-id; bh=4LG9aen+UKEmXElW3km0tU+Gv6VrtGDS/2bhhYgau/w=; b=owEBgwJ8/ZANAwAIAQsfOT8Nma3FAcsmYgBoQZ7w13CxlnKFE71dbh50VU7TRshQ8GfmTkbWM 5ghTkTTwfeJAkkEAAEIADMWIQQF3gPMXzXqTwlm1SULHzk/DZmtxQUCaEGe8BUcYW5kZXJzc29u QGtlcm5lbC5vcmcACgkQCx85Pw2ZrcWWlRAAiiZ+YPVc+u6389ZQF+/SQaMdPA44r7qRphoqmeL Kr1J8fvRPkMhJAFXLAGAdn0Lw1maOO8M5lXHMdEzD9DFxsukVx1Quq91S4Nh2f4M6uEkF+IOuyb ktzh8xnX8gMPayxP13Jp/mhuvb4/3EVAQyIa2hgTmnSXBfn3wtDOYm3NZ5scdNW4IHNowil18tp LhcvRuM3lex4kfrJQf7dNvJVhgRrxyV976tHW3FVBlmDIyqYjzYLO54GDUNwbLsnDAtd+zA/fc2 2piYgJdcnjl6/mKiirTlOewOyVJdxWjDluQlePD6eKdg6CRNT6ax3MQHJf8smaJkx5CeTOvORWZ swowr8PTnyWU86uummkAtKjOGdPW0rb9MFOejYwJ4D8wWaBFPJqaUkeA4zWK4jFP84N71UW15LM E4Rk6+SqvY/LrUL0LYpkk0eDsYckxEYz4t1rw5Qa0RWIADvn1uUqa1VmaT2LNkf97fZDfikSk0H 7hmZ1Km9Yr3QvUp4PdUxCd0eHNfo6KAfHQ/CmaXLerqNimO2/+XFbehH/+9+XaUb39HLaawHieu eKFYkGEGBTtSFVAp6gFUFy490GtIIKRdZay0gaSg0FnI3rPuL9ac/wwgyJZvvTUiAzcsR2hQ7Eg T5QBNWOZOkUNGfxKvpc/0ymUID3iE2JFO/lm8sZ9245I= X-Developer-Key: i=bjorn.andersson@oss.qualcomm.com; a=openpgp; fpr=05DE03CC5F35EA4F0966D5250B1F393F0D99ADC5 X-Authority-Analysis: v=2.4 cv=bNYWIO+Z c=1 sm=1 tr=0 ts=68419ef5 cx=c_pps a=wURt19dY5n+H4uQbQt9s7g==:117 a=DaeiM5VmU20ml6RIjrOvYw==:17 a=IkcTkHD0fZMA:10 a=6IFa9wvqVegA:10 a=EUspDBNiAAAA:8 a=f2cNVZAXkzJHwsNSZUYA:9 a=QEXdDO2ut3YA:10 a=-UhsvdU3ccFDOXFxFb4l:22 X-Proofpoint-GUID: t5L4XRdR_ld9LYiIlcD6znncL9IAeGkv X-Proofpoint-ORIG-GUID: t5L4XRdR_ld9LYiIlcD6znncL9IAeGkv X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjA1MDExNyBTYWx0ZWRfX6RnH2r1tgozA /YM6QZyR4P2FakmktY6vUfS3wD6StHe8gcN3SKD6clNX+bFMPzCLj91XdNcphDVsbZ4MAWOw3a1 8q+GXteQPa54BrV3DmwKr486bDuHOJClCz4nPSOhfiMrLi99NXqfN6aK9mgQsvHZl5JpujyaxdK RqCZs+6a+TBCMvr36GSaoW16PrJerUh9dPyHRMMR5rCxHdhl2N5jkLjFEkyESnpFFqb7B9Fd6Wf hnYc1iDUNT+weS0+qwjZ1TIwBO+OUDqP5AS/aKwpv5UhFnxW1qqVmOFVDmHNTvjmKWs9LEx6ukW zG34IzyQuTpsZERwy9bQyTlt4Tz1e+VslEwNz4lrvlkv0WKcZ3l/EHVzyK/W+OhbLdV/8oAU/61 yOs9c/sRG7c8Op4muYZ4K1rBG7s62Yv83Jc7eLU4+Sm9wX8AnlZ+RUEHEjgW15s52gKmKvQL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-05_02,2025-06-05_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 phishscore=0 priorityscore=1501 suspectscore=0 mlxscore=0 impostorscore=0 spamscore=0 clxscore=1015 mlxlogscore=999 adultscore=0 bulkscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506050117 Rather than relying/assuming that the tools generating the firmware places the program headers immediately following the ELF header, use e_phoff as intended to find the program headers. Signed-off-by: Bjorn Andersson --- drivers/soc/qcom/mdt_loader.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index dd3875dd7ef68d1f135efd8efdf5634f27aadd5e..01fea4c510717197a67a529cfa467c6a9a3ab55d 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -111,7 +111,7 @@ ssize_t qcom_mdt_get_size(const struct firmware *fw) return -EINVAL; ehdr = (struct elf32_hdr *)fw->data; - phdrs = (struct elf32_phdr *)(ehdr + 1); + phdrs = (struct elf32_phdr *)(fw->data + ehdr->e_phoff); for (i = 0; i < ehdr->e_phnum; i++) { phdr = &phdrs[i]; @@ -166,7 +166,7 @@ void *qcom_mdt_read_metadata(const struct firmware *fw, size_t *data_len, return ERR_PTR(-EINVAL); ehdr = (struct elf32_hdr *)fw->data; - phdrs = (struct elf32_phdr *)(ehdr + 1); + phdrs = (struct elf32_phdr *)(fw->data + ehdr->e_phoff); if (ehdr->e_phnum < 2) return ERR_PTR(-EINVAL); @@ -249,7 +249,7 @@ int qcom_mdt_pas_init(struct device *dev, const struct firmware *fw, return -EINVAL; ehdr = (struct elf32_hdr *)fw->data; - phdrs = (struct elf32_phdr *)(ehdr + 1); + phdrs = (struct elf32_phdr *)(fw->data + ehdr->e_phoff); for (i = 0; i < ehdr->e_phnum; i++) { phdr = &phdrs[i]; @@ -304,7 +304,7 @@ static bool qcom_mdt_bins_are_split(const struct firmware *fw, const char *fw_na int i; ehdr = (struct elf32_hdr *)fw->data; - phdrs = (struct elf32_phdr *)(ehdr + 1); + phdrs = (struct elf32_phdr *)(fw->data + ehdr->e_phoff); for (i = 0; i < ehdr->e_phnum; i++) { /* @@ -349,7 +349,7 @@ static int __qcom_mdt_load(struct device *dev, const struct firmware *fw, is_split = qcom_mdt_bins_are_split(fw, fw_name); ehdr = (struct elf32_hdr *)fw->data; - phdrs = (struct elf32_phdr *)(ehdr + 1); + phdrs = (struct elf32_phdr *)(fw->data + ehdr->e_phoff); for (i = 0; i < ehdr->e_phnum; i++) { phdr = &phdrs[i];