Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp2161920ioo; Mon, 23 May 2022 11:33:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyIhItSBPDYaHV8nOtRRb7WCH78F8pmQU6+r3HIjXshATuRdSgCSj+W4/eDPowSPBFphXdZ X-Received: by 2002:a17:903:120e:b0:15e:84d2:4bbb with SMTP id l14-20020a170903120e00b0015e84d24bbbmr23175659plh.165.1653330811514; Mon, 23 May 2022 11:33:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653330811; cv=none; d=google.com; s=arc-20160816; b=UAa+R7Z1/wAbbT4erOyhauUGAy+qEDmhS3n+HSH/f/+URUd2GAZenfNMaBvJ2oCsI2 U1paFqKeJ1Hj052Tlot5D8m20ajTlj5xlQ6GlRCwJKax6BZCZq2a1roXn4kpf3thcJZZ Nnx6b/JlZSP/MxGuXexvQkwmy0U8hppbIe2fvcy5z/3JWIEfejlxGABSfkfRNRi3eRK7 SjD3BnqaxwGTz4MV6qVYIsmhEp8QAZeHRQD1mxTTznOPB8zkG/Yz3CfJP3umz3+4XycC vt6lOQPVcae/ICbW+4WmpObBFZgcjMucZUj+OwWQGxcQVYlkW6yxK8ZAMVRIGbkvk1i/ IgDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=+Un/yabmze2/YKQBatCoH5s62SdrHIa9oDgV5SaE5LI=; b=T6kUwZ2zuTaJv2jnzRIDtPZoJOXps9kE1Yb5R0Zzp10Y8XFOtv18bT/qo8/6az5pA/ M+D5qjlnJUgzczyn/q2VJsISddMT9yovXgHp3aa0u3ETMpguSmFhvtEUH3yKVOggYgFI XEucllSTnABMVboA0ASsJtV7lYOO4YQebmoZjhMG6Ba7HSKSRXvZcQBKWH0yLX76XX1C 37VXw3FfL8U8tw44ugDHfVF81LWdmYnWpOsc3judgM+ScjVTa+r6Jur9NAh+eCwc8gAW OtoUWlowF6iTkXiEjWbfJenB3t+L0yn27u0u6WaVhWIqaoO0pqH8hqLBkXKTMAgsboaU ZFjg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id m7-20020a635807000000b003f66d07b6e1si10401385pgb.721.2022.05.23.11.33.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 May 2022 11:33:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2B01D73579; Mon, 23 May 2022 11:31:44 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229896AbiEWR6e (ORCPT + 99 others); Mon, 23 May 2022 13:58:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40256 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242207AbiEWRcP (ORCPT ); Mon, 23 May 2022 13:32:15 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C2C1753737 for ; Mon, 23 May 2022 10:27:06 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1A3E61FB; Mon, 23 May 2022 10:17:07 -0700 (PDT) Received: from pluto.guestnet.cambridge.arm.com (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5BC6B3F73D; Mon, 23 May 2022 10:17:05 -0700 (PDT) From: Cristian Marussi To: linux-arm-kernel@lists.infradead.org, linux-rockchip@lists.infradead.org, linux-kernel@vger.kernel.org Cc: Heiko Stuebner , Liang Chen , Kever Yang , Jeffy Chen , Peter Geis , Cristian Marussi , Nicolas Frattaroli , Etienne Carriere , Sudeep Holla Subject: [PATCH] firmware: arm_scmi: Relax BASE protocol sanity checks on protocol list Date: Mon, 23 May 2022 18:15:59 +0100 Message-Id: <20220523171559.472112-1-cristian.marussi@arm.com> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Even though malformed replies from firmware must be treated carefully to avoid memory corruption Kernel side, some out-of-spec SCMI replies can be tolerated to avoid breaking existing deployed system, as long as they won't cause memory issues. Reported-by: Nicolas Frattaroli Cc: Etienne Carriere Cc: Sudeep Holla Signed-off-by: Cristian Marussi --- drivers/firmware/arm_scmi/base.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/firmware/arm_scmi/base.c b/drivers/firmware/arm_scmi/base.c index 20fba7370f4e..d0ac96da1ddf 100644 --- a/drivers/firmware/arm_scmi/base.c +++ b/drivers/firmware/arm_scmi/base.c @@ -221,11 +221,17 @@ scmi_base_implementation_list_get(const struct scmi_protocol_handle *ph, calc_list_sz = (1 + (loop_num_ret - 1) / sizeof(u32)) * sizeof(u32); if (calc_list_sz != real_list_sz) { - dev_err(dev, - "Malformed reply - real_sz:%zd calc_sz:%u\n", - real_list_sz, calc_list_sz); - ret = -EPROTO; - break; + dev_warn(dev, + "Malformed reply - real_sz:%zd calc_sz:%u (loop_num_ret:%d)\n", + real_list_sz, calc_list_sz, loop_num_ret); + /* + * Bail out if the expected list size is bigger than the + * total payload size of the received reply. + */ + if (calc_list_sz > real_list_sz) { + ret = -EPROTO; + break; + } } for (loop = 0; loop < loop_num_ret; loop++) -- 2.36.1