Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3179492imw; Mon, 11 Jul 2022 03:40:50 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uEA5W2IiLkz7Aac5xqzSZvoRqoDEJDABiw2qU8oSB6TU3S8hSm7e5sw+OIoCQyoWpFiOqf X-Received: by 2002:a17:902:d292:b0:16b:e6a4:5768 with SMTP id t18-20020a170902d29200b0016be6a45768mr18078476plc.128.1657536050581; Mon, 11 Jul 2022 03:40:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657536050; cv=none; d=google.com; s=arc-20160816; b=en22gUzMSLzZ/8YSvnyyRjCj4ligWCE5h71nviE8IYgUZVe+bSZBNNl13Q7DgMU0rV VrfYCDGbzM/4xAY8nmLEVCyE02jhM4e1Ns53twusqnuT/6bmsj6cELkT2pD4nGCvs2Mx jipJIWKr9hindt6jNeHV+QceGFf1O7oqzQD+HW6EZa7ONkwCCQht8qgM3F69xnI/yyps 7QQPSDh/8Ke3NH+kW/wV1DxxGTxuScvPmnJ7pbsnIC809lro/E9lqrZd/rZ4jA2T8sGs I2xxU7pQTw5JjnfYQ6BCNy25EUjenMI7XLLLaQ7R6xKF49dfvhtUVvHQAfA3kHcFXM1O b6Og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6qKCsHyZ1mmf2Lqaoly17xZPuQCqE4iQFW2e0r+zBrg=; b=c27EfcURY0VuJDFfXYuR3iDq18xOxiupA7CtMc46TMFR5Mp9B93MMa80JIZQ0I+YyD MLfz/dGHEzbmuhouw7Z1GtZPTAAjvfTBww6yTM4HDlSdlLeCmJxese7QRUO0V6eZFkjC EOmXDYM2I6CK4jJNO0SVL5oHbLb5wKY92xDc4EehblwOvfiko1I1lPahI/UmdLDIWtgI Gi/i+ogA/3CRm5jfTHbo9nqp8AqJtlKfFtUJRXuvXczI3/uFjZRIMkukYElWAkT9EQVt yUB/q9zHZj+JPsazrI29OIgyODMOCibg4YRW06m2598/59Zg0P9snsEuMpr1jQZvA688 B5TA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=k09N59zI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k24-20020a635618000000b0040dc2f85ca9si9547759pgb.381.2022.07.11.03.40.38; Mon, 11 Jul 2022 03:40:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=k09N59zI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232444AbiGKJaA (ORCPT + 99 others); Mon, 11 Jul 2022 05:30:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40282 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232464AbiGKJ26 (ORCPT ); Mon, 11 Jul 2022 05:28:58 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7028C3D5AA; Mon, 11 Jul 2022 02:16:14 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CAC0761243; Mon, 11 Jul 2022 09:16:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D5C53C34115; Mon, 11 Jul 2022 09:16:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1657530972; bh=FBu7KY5YYbZo+WK5Ypy6wwAPJNUeHar+h74qFtStpgk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=k09N59zIOh/VOnEj+MXk9uD2iFhLIJa6KduHngKSo8RTwpAXcuWuoOGxE4H5VJ/81 b00pd1CN52IVOtNdnyJra7NPs54R05/yAgdNiKhYHESdXGgp1U5n7xRiu8nYwoeUVe jjvpOcmHcK1ykqR/MDOeOmjYUZvZ+d/9wt7bKCeg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Peter Ujfalusi , Pierre-Louis Bossart , Ranjani Sridharan , Bard Liao , Mark Brown , Sasha Levin Subject: [PATCH 5.18 051/112] ASoC: SOF: ipc3-topology: Move and correct size checks in sof_ipc3_control_load_bytes() Date: Mon, 11 Jul 2022 11:06:51 +0200 Message-Id: <20220711090551.020035523@linuxfoundation.org> X-Mailer: git-send-email 2.37.0 In-Reply-To: <20220711090549.543317027@linuxfoundation.org> References: <20220711090549.543317027@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Peter Ujfalusi [ Upstream commit c2d1aec3f5da2475aa13a487d329823b7d27d499 ] Move the size checks prior to allocating memory as these checks do not need the data to be allocated and in case of an error we would not need to free the allocation. The max size must not be less than the size of struct sof_ipc_ctrl_data + struct sof_abi_hdr as the ABI header needs to be present under all circumstances. The check was incorrectly used or between the two size checks. Fixes: b5cee8feb1d4 ("ASoC: SOF: topology: Make control parsing IPC agnostic") Signed-off-by: Peter Ujfalusi Reviewed-by: Pierre-Louis Bossart Reviewed-by: Ranjani Sridharan Reviewed-by: Bard Liao Link: https://lore.kernel.org/r/20220610084735.19397-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown Signed-off-by: Sasha Levin --- sound/soc/sof/ipc3-topology.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/sound/soc/sof/ipc3-topology.c b/sound/soc/sof/ipc3-topology.c index cdff48c4195f..80fb82ece38d 100644 --- a/sound/soc/sof/ipc3-topology.c +++ b/sound/soc/sof/ipc3-topology.c @@ -1578,24 +1578,23 @@ static int sof_ipc3_control_load_bytes(struct snd_sof_dev *sdev, struct snd_sof_ struct sof_ipc_ctrl_data *cdata; int ret; - scontrol->ipc_control_data = kzalloc(scontrol->max_size, GFP_KERNEL); - if (!scontrol->ipc_control_data) - return -ENOMEM; - - if (scontrol->max_size < sizeof(*cdata) || - scontrol->max_size < sizeof(struct sof_abi_hdr)) { - ret = -EINVAL; - goto err; + if (scontrol->max_size < (sizeof(*cdata) + sizeof(struct sof_abi_hdr))) { + dev_err(sdev->dev, "%s: insufficient size for a bytes control: %zu.\n", + __func__, scontrol->max_size); + return -EINVAL; } - /* init the get/put bytes data */ if (scontrol->priv_size > scontrol->max_size - sizeof(*cdata)) { - dev_err(sdev->dev, "err: bytes data size %zu exceeds max %zu.\n", + dev_err(sdev->dev, + "%s: bytes data size %zu exceeds max %zu.\n", __func__, scontrol->priv_size, scontrol->max_size - sizeof(*cdata)); - ret = -EINVAL; - goto err; + return -EINVAL; } + scontrol->ipc_control_data = kzalloc(scontrol->max_size, GFP_KERNEL); + if (!scontrol->ipc_control_data) + return -ENOMEM; + scontrol->size = sizeof(struct sof_ipc_ctrl_data) + scontrol->priv_size; cdata = scontrol->ipc_control_data; -- 2.35.1