Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2622467pxb; Fri, 5 Nov 2021 01:36:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxL0VMIHUpW84Aq8k3X/shUdnSlgYZrJFk3KG6YLdT+exuRrOfagdMl4pYu2Ur4EFSQx8Wk X-Received: by 2002:a05:6e02:18ce:: with SMTP id s14mr26550664ilu.142.1636101411166; Fri, 05 Nov 2021 01:36:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1636101411; cv=none; d=google.com; s=arc-20160816; b=TuE2iEMu+vde0hg62HmlDMKSUjQKcWAWO/+FlbFh+P0m8e3BfGQrWCsNNRObe7wr3X IvErg53s0w/nYxDTZv/zryb2C6pZzTWArAkOwSV6Tku97YS/Yv21A//PshKAuQ6D4JDQ ns/42MHXoR4oen6/XXt3pd8guVRRGQazT5YstzRR1+QZ9ssbz6gejiPjVSmJ9NWK72ox n1Q1S7NP6MYBVwCyJ3zePXn554XKUYz3kcr9P3/t7EzxWdrxIvrvlrGJIFutqjeYSeJY 8avX2NBSQ9cn9ywCtx5tLmYH2W7aVOqrOzs60g685ATX2XezZCHGQXIkI+jNOvE6BuyK zTKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:user-agent :references:in-reply-to:subject:cc:to:from:dmarc-filter:sender :dkim-signature; bh=PodyxWQ8aytFTJyLWgc6LTD5vO5t/jcyhMo21PoIjXk=; b=k0BIDuHaVkN8eluQkhS7KVMWC3RWbsxV92QgQwtF3BYayA0sItOY3okSMm9bRdA0W4 yIYFHuAi27LbWzYTwR3QHJibUTGZYa+lFcdrXqlKqIrCe+vDYnO1E3bDqgBTJy/fpRba nBRUsDU7WGX3gTKerssELLI8ZxT14Fny2MooKXFrrA0T3l4miUd2msZySWgeJVvDd8Ut Lgklgp7geqXuadSRqex1opmx0/foioeIPqviWnaFojKv0GsnHxCluehOXWSCeZ9jIehr Qd+svUgcUyerZpxInUglyn68jhFbVG8cU2K65oNfcA4/MVU+ie4r+onyeEMoNzUgYX/m zMjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mg.codeaurora.org header.s=smtp header.b=JOuwEYAy; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o7si12160854ilj.101.2021.11.05.01.36.37; Fri, 05 Nov 2021 01:36:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@mg.codeaurora.org header.s=smtp header.b=JOuwEYAy; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232685AbhKEI2E (ORCPT + 67 others); Fri, 5 Nov 2021 04:28:04 -0400 Received: from so254-9.mailgun.net ([198.61.254.9]:35570 "EHLO so254-9.mailgun.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231682AbhKEI2D (ORCPT ); Fri, 5 Nov 2021 04:28:03 -0400 DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mg.codeaurora.org; q=dns/txt; s=smtp; t=1636100724; h=Content-Type: MIME-Version: Message-ID: Date: References: In-Reply-To: Subject: Cc: To: From: Sender; bh=PodyxWQ8aytFTJyLWgc6LTD5vO5t/jcyhMo21PoIjXk=; b=JOuwEYAyH/0az3J52Ey8r0MqwyvlHySMt77L+F2/0fLPqssGDjNv6KWpouAV2FWLxSVEffo8 sgmgE3gAiejXuXabvxZ8I3vwzKmIf7RPlN84MS6Yw+mmENwdd71XFIzNFnEMEu4VKdZf1L91 LV5Vf9eLJuWTxISCNQJ/b8bYe08= X-Mailgun-Sending-Ip: 198.61.254.9 X-Mailgun-Sid: WyI3YTAwOSIsICJsaW51eC13aXJlbGVzc0B2Z2VyLmtlcm5lbC5vcmciLCAiYmU5ZTRhIl0= Received: from smtp.codeaurora.org (ec2-35-166-182-171.us-west-2.compute.amazonaws.com [35.166.182.171]) by smtp-out-n05.prod.us-west-2.postgun.com with SMTP id 6184ea6e7d93184cc7b1b74b (version=TLS1.2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Fri, 05 Nov 2021 08:25:18 GMT Sender: kvalo=codeaurora.org@mg.codeaurora.org Received: by smtp.codeaurora.org (Postfix, from userid 1001) id A0522C4360C; Fri, 5 Nov 2021 08:25:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-caf-mail-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=ALL_TRUSTED,BAYES_00,SPF_FAIL, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from tykki (tynnyri.adurom.net [51.15.11.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: kvalo) by smtp.codeaurora.org (Postfix) with ESMTPSA id F1B86C4338F; Fri, 5 Nov 2021 08:25:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 smtp.codeaurora.org F1B86C4338F Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; spf=fail smtp.mailfrom=codeaurora.org From: Kalle Valo To: Takashi Iwai Cc: Ping-Ke Shih , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, Larry Finger Subject: Re: [PATCH] rtw89: Fix crash by loading compressed firmware file In-Reply-To: (Takashi Iwai's message of "Fri, 05 Nov 2021 08:21:44 +0100") References: <20211105071725.31539-1-tiwai@suse.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) Date: Fri, 05 Nov 2021 10:25:13 +0200 Message-ID: <87zgqjqaae.fsf@codeaurora.org> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Takashi Iwai writes: > On Fri, 05 Nov 2021 08:17:25 +0100, > Takashi Iwai wrote: >> >> When a firmware is loaded in the compressed format or via user-mode >> helper, it's mapped in read-only, and the rtw89 driver crashes at >> rtw89_fw_download() when it tries to modify some data. >> >> This patch is an attemp to avoid the crash by re-allocating the data >> via vmalloc() for the data modification. > > Alternatively, we may drop the code that modifies the loaded firmware > data? At least SET_FW_HDR_PART_SIZE() in rtw89_fw_hdr_parser() looks > writing it, and I have no idea why this overwrite is needed. Strange, isn't the firmware data marked as const just to avoid this kind of problem? Does rtw89 have wrong casts somewhere which removes the const? -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches