From nobody Fri Dec 19 19:07:39 2025 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F15972E40E for ; Thu, 5 Jun 2025 13:43:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749131000; cv=none; b=Te5XsLm78RQPBV5MGVih7NR5lfbqMThq9Y13pk1i6ll6TYK+rmp+i9v8lzIfSoJIqy0Oo8P/azVsE2WJyXF8TBBzflKnmlcgNUlq2V6F5gPUfwHvXIVN559mSs9i6q2te5xXGx5Ll4QqbfxxA1W71DN8kz/3YNFizrpcX640h40= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749131000; c=relaxed/simple; bh=VAZvVY4YvO4yZJam3Pqn64RyEqzAe5U0pqKB9Nl1xSw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=AtkQYi7a8i1yJokBdsLr6kaw36jcEn4WEx+rhA17wUh4xRMPcN5XJ71wtLP0WYzYEqPr0BSPcMxsb2A+2dzILwuhj3kJ+OApFSNzpFSNIUG+giHKz/4dRx/aHSz8zXNfFVB+TAWy80SvN0w91ZkGGXLGmeDF6s2FtbXofro5TDs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=MIUsm2k1; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="MIUsm2k1" Received: from pps.filterd (m0279870.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5557vuhM032470 for ; Thu, 5 Jun 2025 13:43:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= 4K1V7X0mjkkzCtjA8wOdUTAbcAITWxzAG6tod7BBZUY=; b=MIUsm2k1HDuWbw6f sj7bv4aDOBMkQ+Ez3x/M/tTYYfBEEbAT5bBFMO21tSQ7JhyhZ6iC5ecIW0AtissW z8JUiwtDgZmpbToEpPDpfLZ41NNNSWgwiUG4YJWWbaV1N0Ijp6nhoFpOuiuPMgDc KZpxTwiDSK9X2COW4bxzvpJiQU/B2n4LlhQjvFowmaWbORSkOds971IgwlsEwJw+ wPJPINsuUCR204WNVntf+euhpOLjrOzZQS5+/eRAqOjgReQRbdSna9y1ZwEzEFAn 1xexUOBZcISpREreDCUlu6KYY92MSzT83b72lxir0qeRL9KI03K6zWV4SPIyM+Gh oU/y/w== Received: from mail-oo1-f70.google.com (mail-oo1-f70.google.com [209.85.161.70]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 471sfv0avy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Thu, 05 Jun 2025 13:43:15 +0000 (GMT) Received: by mail-oo1-f70.google.com with SMTP id 006d021491bc7-60d2dc0c4f8so1529829eaf.0 for ; Thu, 05 Jun 2025 06:43:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749130994; x=1749735794; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4K1V7X0mjkkzCtjA8wOdUTAbcAITWxzAG6tod7BBZUY=; b=Ae1UaaJeilrYBzI2cWQHpaf8URZrQ6eUpAuTmGlgnqfd9nPlqDK196+Y1S2lGuhQZi z3yUmwtCCQfQFMx/VmJXOTiMUDjhB8mKf+N6NRlvk8xdHklbuoJRVAvIm2xc6/Q1rioP mhQajvMZLK7s5ySc8hWoQysqyOpibrxJNW9AE56yH2E/8QuHn+10jwpfE0qQ1hTHXtd5 QvkaE/lluEOa7dVR74zqAmofQry1ln58d9sBa9WeAqk+BCVp8oqIwJ1iJbHSx+8kxCqC lny/dqPRwBoDo7ABgfCTh7C/B93apMNmLxGK/vUOU0Il8dYTwru/KA4kQJ9A9ODoWhY8 PTVQ== X-Forwarded-Encrypted: i=1; AJvYcCWAnJYrfEwwiaqMZASDwAqWwwy70CAWzmw9jDFVjOr9bNK2fyJdDcw2NifqQ8OPz1SuGlWC08QX1gcq9Gg=@vger.kernel.org X-Gm-Message-State: AOJu0YxYeTsvYjeqlsYRTdMCp2+KexJhcPu9K4sZ47zej3YMoZTPMB/v EFm1Zq+fqdx+wLeRREHq42psT8ely0wL4lKiqtycoAofr0dWoLKJgH6Y3SGBGJtdY06ld9VXBqM MbmIjkU8sMoZbQMsp9qOR+j5SHJpfrAE5JrXlIFw1IrqiblC/Si3MEUAJBtBJXCY/dOOS+JyzqJ cYlQ== X-Gm-Gg: ASbGnct4wVObIUr/UOyn9dSp/07h6sKK9kubUTUi2UGBtgtO4ooIxmfjqwR20tqgycl lrWkZdgS+XZBUGPTkjV8I8XTsB4DgNoir4AttjLVG/1RuMits1jNqC/N6ot7xavjmMZfFMOilOR Fx+fATOP2xAY0ONN6BzCF1VUTCu5vF21SB0YF20OxLI3+rzQpdm9Z4Z+b4A4HrfMtLSq3tSuUS7 mcrU/2nyD5Duqoh4+DnNtK90WQKoUAyroFLi8FOwtXbhmGohE38fA64UcDQphqDrtp04LWVTeGI 0tteiV7BuVH2SWUFAMoFlz+tnUrpfHuYetsVGL9MTkn5T77s18Pk02wfw2moyrx52VAp5Oo/UHw Vc+w43egTwMQRq4WCe+OwIg== X-Received: by 2002:a05:6808:398c:b0:406:6875:3f0b with SMTP id 5614622812f47-408fab8b28cmr2811701b6e.7.1749130994486; Thu, 05 Jun 2025 06:43:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGVO4JnGuwbYTanrmVGFuPGT0vXXaE6+r6I65XBXdCTONC7vN0Ig72qhyjwBB4WTSWBBcIaYw== X-Received: by 2002:a05:6808:398c:b0:406:6875:3f0b with SMTP id 5614622812f47-408fab8b28cmr2811682b6e.7.1749130994131; Thu, 05 Jun 2025 06:43:14 -0700 (PDT) Received: from [192.168.86.65] (104-57-184-186.lightspeed.austtx.sbcglobal.net. [104.57.184.186]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-60c1eb719f8sm2691359eaf.28.2025.06.05.06.43.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Jun 2025 06:43:13 -0700 (PDT) From: Bjorn Andersson Date: Thu, 05 Jun 2025 08:43:00 -0500 Subject: [PATCH 1/3] soc: qcom: mdt_loader: Ensure we don't read past the ELF header Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250605-mdt-loader-validation-and-fixes-v1-1-29e22e7a82f4@oss.qualcomm.com> References: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> In-Reply-To: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> To: Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, Mukesh Ojha , Doug Anderson , Bjorn Andersson , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2788; i=bjorn.andersson@oss.qualcomm.com; h=from:subject:message-id; bh=VAZvVY4YvO4yZJam3Pqn64RyEqzAe5U0pqKB9Nl1xSw=; b=owEBgwJ8/ZANAwAIAQsfOT8Nma3FAcsmYgBoQZ7wAqUKHWx5c58KFtrNhi1WL9mDfy3fQItYg wVrzRnDtYiJAkkEAAEIADMWIQQF3gPMXzXqTwlm1SULHzk/DZmtxQUCaEGe8BUcYW5kZXJzc29u QGtlcm5lbC5vcmcACgkQCx85Pw2ZrcUXbBAAwnO6nb6pVq3Y8z20lFrjxXplNhoWbkPBK4mPuxS mBiFeoCsC1o5w0QkoFilM1m9PwsF7Q1rHWiuj8NtiGaCTMuCr2fCtjvbpBLKHOXmJFbkAMVCD7D nC3e12G080tmK1ytZ6YaUxLJ7KxSar5HOWZpgKwvl3etBpKuxBo9RE6fSnxDC9kCRSdPeFbfEVD NwUv3K2MLTNj2+GjpGlLR1CG/LMaPYvpS0D4l/AnpT1HDbk3HKHBN7aZ6iK4Iu/jZA+jSToqhe9 pblCaTdLCAC8X055d7cOp1nLU9pNm/8TFwTi1LmudeICp5pGKYH4zJo6QEN2qf+8gNzfcOq+hL/ wZamX32BWdgI02HDBboUgOkcZFbbI/2yN+wm5Lv2ruvxjVJPE6/56RoWTfrx+oMHwquibpuxI6k Zt4vH0tw3Bho12O71POPh8ct8pDn0pq2vIPMzWNpVQMt4/aM2oooRbi6JSDms5eHqwo1nSTLax8 osnCuqfNfHfG0KOUTrOv2bV+89GjTV9jdAheC71M1OeyAwhm6qDHCw0bOICYD/EabT5k54HetG+ 22sQk1GgsfLmMWLtrhc+PDgBIEPQQo52IhFMZMtHUubaAVWlZWuhHcyFK8e4Pkyj6+LUl2lysav PCmHVzW0xXo2WLVV1FahABDuZnci9AEW5FbBxEhHY3qY= X-Developer-Key: i=bjorn.andersson@oss.qualcomm.com; a=openpgp; fpr=05DE03CC5F35EA4F0966D5250B1F393F0D99ADC5 X-Authority-Analysis: v=2.4 cv=CY8I5Krl c=1 sm=1 tr=0 ts=68419ef3 cx=c_pps a=lkkFf9KBb43tY3aOjL++dA==:117 a=DaeiM5VmU20ml6RIjrOvYw==:17 a=IkcTkHD0fZMA:10 a=6IFa9wvqVegA:10 a=VwQbUJbxAAAA:8 a=cm27Pg_UAAAA:8 a=EUspDBNiAAAA:8 a=R2NP8FmM25b3pXeoK7YA:9 a=QEXdDO2ut3YA:10 a=k4UEASGLJojhI9HsvVT1:22 X-Proofpoint-ORIG-GUID: SJblqUT1CDvxfDXyEmuE9MG3CwR-e-a9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjA1MDExNyBTYWx0ZWRfXxUav1Cj8gG3p hj7oDw0weGjSVAaCovwKOwdHIQ/0B2wgl012z+aRHo0w8X4Fz59X99G8Cgb0UuiJpS5hiISY4ZR P65vjFhzfrSmqe5EQSyxbdMvUGjAc+q8H3NiK+ZRpkZ+pvk3pztWHw08ykDMfq+cO4/4P0MNQTo pqHPDGkX6/UcmBnrCE05IM3RRXAK+uwUAg3uBdggWL8nt31afqxYbBXL187OXmmWHLDSYKxRjb7 j+u3xedQc8ie3MvuFoHE0QDfDuld+UXTemPlZeMF8w9SU9YvKMqg7eNEkmlxOVitUH+lgmQZe8j Drb1esg7PWk2hRFUUr+Ao4belaonDGlRBtQ4gikfgz0f9HqjmejmTX3CG39uMG5crkM+NIr+21/ Ssx0yRucxHSv5FvpbQu82SgjfXFNc7MTpmSKhKL0Bt/1HaOIH5yikWhw97xxoEutSE09+qo2 X-Proofpoint-GUID: SJblqUT1CDvxfDXyEmuE9MG3CwR-e-a9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-05_02,2025-06-05_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 mlxscore=0 adultscore=0 bulkscore=0 suspectscore=0 malwarescore=0 clxscore=1015 lowpriorityscore=0 spamscore=0 impostorscore=0 phishscore=0 mlxlogscore=999 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506050117 When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. Fixes: 2aad40d911ee ("remoteproc: Move qcom_mdt_loader into drivers/soc/qco= m") Cc: Reported-by: Doug Anderson Signed-off-by: Bjorn Andersson --- drivers/soc/qcom/mdt_loader.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index b2c0fb55d4ae678ee333f0d6b8b586de319f53b1..1da22b23d19d28678ec78cccdf8= c328b50d3ffda 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -18,6 +18,31 @@ #include #include =20 +static bool mdt_header_valid(const struct firmware *fw) +{ + const struct elf32_hdr *ehdr; + size_t phend; + size_t shend; + + if (fw->size < sizeof(*ehdr)) + return false; + + ehdr =3D (struct elf32_hdr *)fw->data; + + if (memcmp(ehdr->e_ident, ELFMAG, SELFMAG)) + return false; + + phend =3D size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), eh= dr->e_phoff); + if (phend > fw->size) + return false; + + shend =3D size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), eh= dr->e_shoff); + if (shend > fw->size) + return false; + + return true; +} + static bool mdt_phdr_valid(const struct elf32_phdr *phdr) { if (phdr->p_type !=3D PT_LOAD) @@ -82,6 +107,9 @@ ssize_t qcom_mdt_get_size(const struct firmware *fw) phys_addr_t max_addr =3D 0; int i; =20 + if (!mdt_header_valid(fw)) + return -EINVAL; + ehdr =3D (struct elf32_hdr *)fw->data; phdrs =3D (struct elf32_phdr *)(ehdr + 1); =20 @@ -134,6 +162,9 @@ void *qcom_mdt_read_metadata(const struct firmware *fw,= size_t *data_len, ssize_t ret; void *data; =20 + if (!mdt_header_valid(fw)) + return ERR_PTR(-EINVAL); + ehdr =3D (struct elf32_hdr *)fw->data; phdrs =3D (struct elf32_phdr *)(ehdr + 1); =20 @@ -214,6 +245,9 @@ int qcom_mdt_pas_init(struct device *dev, const struct = firmware *fw, int ret; int i; =20 + if (!mdt_header_valid(fw)) + return -EINVAL; + ehdr =3D (struct elf32_hdr *)fw->data; phdrs =3D (struct elf32_phdr *)(ehdr + 1); =20 @@ -310,6 +344,9 @@ static int __qcom_mdt_load(struct device *dev, const st= ruct firmware *fw, if (!fw || !mem_region || !mem_phys || !mem_size) return -EINVAL; =20 + if (!mdt_header_valid(fw)) + return -EINVAL; + is_split =3D qcom_mdt_bins_are_split(fw, fw_name); ehdr =3D (struct elf32_hdr *)fw->data; phdrs =3D (struct elf32_phdr *)(ehdr + 1); --=20 2.49.0 From nobody Fri Dec 19 19:07:39 2025 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4EABA25D53B for ; Thu, 5 Jun 2025 13:43:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749130999; cv=none; b=FBd4dnWVhq6sKpsXSwpnmd0tKH3sORPOPJWs6rE1w21Wa2ex4b7r1UdKMFpJKbqjjtESIhK+GDdYOw6fh2JZDtd3MXqJdARyR3oJ9CZZ8gc/xdvTH8mV/hlUlPd7qQlMZHHRN0XCyoG7RdPFFoNENaGeo75xvnR+/RRtDtH6nOc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749130999; c=relaxed/simple; bh=ah/lhWzPd3F4x1p9T5vxQvIqsGcJdDNhQG2J7Kb+OHE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Unc1krycpaH3XSlPbrt4MZiIJ1Pbudn55J8QqbE3xHAKZnpol83qgMJ50WGeFCr0MbiwTNy1+B7colLzYkg2NWMrTeVDQd29fzeLUR7B6D7j3QBFkD7Fo3P5qIVKAqRreig6Hwi6A1AVWX5BDpOPdTp7kTmiojy49k6PHcHxaD4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=lsP/yj0M; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="lsP/yj0M" Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5557vcQE000905 for ; Thu, 5 Jun 2025 13:43:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= uA1ezJb5O6oxjcWW0nT9EUP50nDItWbzBteKzRW6CE4=; b=lsP/yj0MX3g97cK+ P9CbRXRZryyaJb+RWHkKdwO5bRrvy2YoVH+vb4NgAulUkzcj8AAaR8bX1sbS9Tka cUZiThKOCUSEWYRaQDkqlCe6ZvIzzKyIXHW4CkjNM/zqxLZI6xxo9mEDOVNk3jIP krKWzHcahYUJ3kToHmVlXEcydFMOndVgj2PJ85x9Q/PTOzs5YNhc0wjF+MS40dmi +63tkC2vuwHEKAgbS5/vRwo85c3+lJPtHY53Up9Wo+uDKBv7yhzuPtDtoS4HkoUS AzeI/ldkRSNSsBXj3tCUuIlDwyvuLPZqqo6gRvkNvTNZwRe8inqYhHieRHokEuvb wNNECQ== Received: from mail-oo1-f70.google.com (mail-oo1-f70.google.com [209.85.161.70]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 471g8q9g1y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Thu, 05 Jun 2025 13:43:15 +0000 (GMT) Received: by mail-oo1-f70.google.com with SMTP id 006d021491bc7-60b90c2e011so777016eaf.2 for ; Thu, 05 Jun 2025 06:43:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749130995; x=1749735795; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uA1ezJb5O6oxjcWW0nT9EUP50nDItWbzBteKzRW6CE4=; b=bSx29W7m7O8Az+g2Ddrs+KrS9I8UkwmeF5BmlGQyraoCx9GXCBCmmYSmf9ng+pGvXq pbcfpn7hK3aW6qAL/oluO5zWbABBMuticYpCD861jASgV9nFabdACj3xeGwfNUk1c78R 6T1KMj86fPwaSHafXGRUvnP2AtRu9Js1ElaVqO4OppHlJjQV6PWAstXOowjJwSilQ0gS HDR9LUlbrDOKN5gKJLJxxwMNzeqcyJFkW1KOraOd+e/QcgzKAPEeGB8lqlutABX8uQP3 ubpZ6PtqlwZjN6XdkLJB4V8xzATMz058Dz8gCiOrakjMQlbLMZnvdJDZ5lK/BEDb8Ts9 Fceg== X-Forwarded-Encrypted: i=1; AJvYcCWk2PBysqSwjWuV0q8a7NSEPJ4SeYLOqBR2qTvM8zILu84TDkptY0cvDVRt93yG/9WS2O7r9BU06C6S0vY=@vger.kernel.org X-Gm-Message-State: AOJu0YzUVNu3Lm69L5UkRXHSynz7ZKrSfeV9333+jVwEbrOW9MN4SIm9 PmnEZAxHXWybj+hIMW0V/T/3XhnldyZJDGXY+OsTJvjqeZCDGaF6IFiLwxHg+qE5Wawwi0cCUUs +ilunujUlVY1hC4Lwd9FYMdz2VUzHuKmCIQkiIXBfuBgXA4J7lQXqy/fP8OrpvG8AK9U= X-Gm-Gg: ASbGncuo6OCF3y3MVibxLJBFsuAXr1A6EHXXQYgz1LK8PFx5gFZcZraku1rUv/pxZso x/UyNgOEaOF5aHXNfXAr5/uHi3tp31nVG6QpgIeklATl0ZoIrTV1skDpcUKO5NehAM7eK/+mPno FYNzVTLiTrSIdPNZ70wPA2BKpQ+tK4L8TmYU1USgReksq8efb8GGshMm+mZ0bNBkhjyTIWpYsQC nhganUbkoDH6NLpQ0gNQwCV6eFPH0CFg7mx/kV3BdCo8UlLdUeqWR6UTkxdqFOZBkQUNdfGEAF7 VYHZge/phM7bIq8tYW8zC34p9ePCopTPzOMY55r8V36kQKvsZqWkRxzpYplMPV1NQb+H9s8AsAW ClGtI45Sf8g8= X-Received: by 2002:a05:6820:1a4b:b0:60f:16d3:df3 with SMTP id 006d021491bc7-60f16d30e9cmr2688588eaf.1.1749130995220; Thu, 05 Jun 2025 06:43:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEturGnep5hT4yRWVQtDibkZa+fM7EuTbrFdkm034fDMEJK89puu1r7Ay4+am4powKAWqTZkw== X-Received: by 2002:a05:6820:1a4b:b0:60f:16d3:df3 with SMTP id 006d021491bc7-60f16d30e9cmr2688561eaf.1.1749130994887; Thu, 05 Jun 2025 06:43:14 -0700 (PDT) Received: from [192.168.86.65] (104-57-184-186.lightspeed.austtx.sbcglobal.net. [104.57.184.186]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-60c1eb719f8sm2691359eaf.28.2025.06.05.06.43.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Jun 2025 06:43:14 -0700 (PDT) From: Bjorn Andersson Date: Thu, 05 Jun 2025 08:43:01 -0500 Subject: [PATCH 2/3] soc: qcom: mdt_loader: Rename mdt_phdr_valid() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250605-mdt-loader-validation-and-fixes-v1-2-29e22e7a82f4@oss.qualcomm.com> References: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> In-Reply-To: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> To: Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, Mukesh Ojha , Doug Anderson , Bjorn Andersson X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2112; i=bjorn.andersson@oss.qualcomm.com; h=from:subject:message-id; bh=ah/lhWzPd3F4x1p9T5vxQvIqsGcJdDNhQG2J7Kb+OHE=; b=owEBgwJ8/ZANAwAIAQsfOT8Nma3FAcsmYgBoQZ7wXUj7o6UHoQ2l61kxh16BQCsmUUAqCTemp pNvsfa/6gmJAkkEAAEIADMWIQQF3gPMXzXqTwlm1SULHzk/DZmtxQUCaEGe8BUcYW5kZXJzc29u QGtlcm5lbC5vcmcACgkQCx85Pw2ZrcVAUBAArbl+Hamg8b3CeUtjZZ+Gal6gvxcLCuz1cu7yEX8 JW5xDvy8D+CJ0tcApo/zFOeEWkVW2dktRdqSHXTLbm1cB4BPgKdqK1VpabzntNV+H7zA0POIR4q myuILdhhpNBJqz9F78fIuAdWvPFSaLFi7FnaEjJvaw3vj4kpnCnDko8VYIiLK8ReD37KwrV15Uc OcbUGMZs4xQAxKQieHdtppJ5KMF2FG4UFsVqSkzPL6jaFODrx3ob3XFJlxdK9WguZzjbUb9LKxx hepIsc2fKYtssbIeCuGzYrotyOemh8sinx+HUc7dX3cPuUaoBpOArJY3+67f22T3SMvQz1LtvpC ISVPbAOApnCqnpFtBVg71VCdaX8Y4fmA2ArZFkQbczF4h9WRDMkRNxpCzxHYqsDKgOE8PnV0eLL o1Y9ciNuZIguk2tlJxOLQaufDm3y/L8a1XgEH7TlJaTyNEri3RCTjGWWiaLBrxJQIKX9yXyUiYN pSyPK3zwdzAkdKVXCCB03gWi2MKbwMc+p8/lyoccMvzYrWz+MrYmez/aWlJjRR9reWbPXm84zCC vkDZmeQvxso3pE3LPAJIrNKoIaAf7BcZQ/Ig14rDmrhSSUWP7c/0LboVKp1eeQVzewvu823Gk/H fLEeNQ4PxrRljwxGniTzeR1Kb3j5WbPxlA5R2n8ZrfC0= X-Developer-Key: i=bjorn.andersson@oss.qualcomm.com; a=openpgp; fpr=05DE03CC5F35EA4F0966D5250B1F393F0D99ADC5 X-Proofpoint-GUID: z0O0FRlU9vcZr-zgu66afXArE-BHHlDc X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjA1MDExNyBTYWx0ZWRfX/pgb4AwJOPCM QYANJURFlAwv7E4jRJWTdVyWKlAIYBwWKPge9RDXfqq8s4PGs9YSaZ3Ax2OIMUM8JYJ644PZ6yU fMT1XSjx2IzucaF557n0PZD7dr8FcJkQRA20sMHMVAtkamiV6sOLyihams5wkffn3j1tsZVWCs8 qV7Lue5fzlHl5dkxui5YsM7i18gPMzphbg/7GGQ1I9I6rlNLZQBwvN7yURxNe1L+6eaET3sZ6kx oLKLewWx/oQII2VD0Ck8onGKPN3fgHSkZ2zQegAHv47sqEG2nxOY4FxDa4THT+CRc8VPKkLZ5Nr KVtcBzT4t5P5mMC6TY/z0jwgxM8g/FQUyNYYAVu5DTWsbfJgWwwEn+KWz/3Ke6/PjM4xpe4ksrp 1cYJg04u4uHXxJFwrXCGUFzLFgWus4PGTAjAhRxzGTLeGyBZOTnFtL7CSNz6RxptaxZzGgBA X-Proofpoint-ORIG-GUID: z0O0FRlU9vcZr-zgu66afXArE-BHHlDc X-Authority-Analysis: v=2.4 cv=PrmTbxM3 c=1 sm=1 tr=0 ts=68419ef4 cx=c_pps a=lkkFf9KBb43tY3aOjL++dA==:117 a=DaeiM5VmU20ml6RIjrOvYw==:17 a=IkcTkHD0fZMA:10 a=6IFa9wvqVegA:10 a=EUspDBNiAAAA:8 a=f2cNVZAXkzJHwsNSZUYA:9 a=QEXdDO2ut3YA:10 a=k4UEASGLJojhI9HsvVT1:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-05_02,2025-06-05_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 priorityscore=1501 mlxlogscore=999 mlxscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 spamscore=0 clxscore=1015 adultscore=0 suspectscore=0 bulkscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506050117 The function checks if a program header refers to a PT_LOAD segment, that isn't a hash segment (which should be PT_LOAD in the first place), andwith non-zero size. That's not the definition of "valid", but rather if it's "loadable". Rename the function to reflect what it does. Signed-off-by: Bjorn Andersson Reviewed-by: Dmitry Baryshkov --- drivers/soc/qcom/mdt_loader.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index 1da22b23d19d28678ec78cccdf8c328b50d3ffda..dd3875dd7ef68d1f135efd8efdf= 5634f27aadd5e 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -43,7 +43,7 @@ static bool mdt_header_valid(const struct firmware *fw) return true; } =20 -static bool mdt_phdr_valid(const struct elf32_phdr *phdr) +static bool mdt_phdr_loadable(const struct elf32_phdr *phdr) { if (phdr->p_type !=3D PT_LOAD) return false; @@ -116,7 +116,7 @@ ssize_t qcom_mdt_get_size(const struct firmware *fw) for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; =20 - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; =20 if (phdr->p_paddr < min_addr) @@ -254,7 +254,7 @@ int qcom_mdt_pas_init(struct device *dev, const struct = firmware *fw, for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; =20 - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; =20 if (phdr->p_flags & QCOM_MDT_RELOCATABLE) @@ -354,7 +354,7 @@ static int __qcom_mdt_load(struct device *dev, const st= ruct firmware *fw, for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; =20 - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; =20 if (phdr->p_flags & QCOM_MDT_RELOCATABLE) @@ -381,7 +381,7 @@ static int __qcom_mdt_load(struct device *dev, const st= ruct firmware *fw, for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; =20 - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; =20 offset =3D phdr->p_paddr - mem_reloc; --=20 2.49.0 From nobody Fri Dec 19 19:07:39 2025 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 36EC825D54A for ; Thu, 5 Jun 2025 13:43:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749130999; cv=none; b=Z1xih73zjfk58AH7lbT0b2WN0QiobPWpx6mLyupG2ey+uVHNWob10OdWZpJYDbdFxFwcoP46/DdkOpnXl4gMuCuLguvp/q0kPL5CnxyqR9uf7SErRWWoP/8t8JrmHDOxmyuIfhVRRE0kUW29ooezjSaq0DlZE3xCzsVuDilbIEY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749130999; c=relaxed/simple; bh=4LG9aen+UKEmXElW3km0tU+Gv6VrtGDS/2bhhYgau/w=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=tha79fF3Dn2x1wgimiE0EnXAW9ODh+BD9aoQuaYeZTXX+rqBRLBJUrIHVGw1AO5TWPIlEC/Mue7pHEAd7OIiG32N/uxJc7x3NfsIV6zTrLka7VgFwwZXV0x+EoMyh8JeyfhGewI4F1GpGlzeoQWMkP4vzwzbATGivZglqeGCRQU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=L1wbxHOW; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="L1wbxHOW" Received: from pps.filterd (m0279864.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5557m8PS013514 for ; Thu, 5 Jun 2025 13:43:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= EcVfgrO/ZjVFn++fwRV+p0fV27JSng2FzXTeHDTEDz4=; b=L1wbxHOWeQ0yxPfj l2QfZ6Qrw5hivc4zXPDGHaqWT/n0J2vfd4i5DumDok40cH3fSQW5+SNE7+EOdpTm NExqpXjeWQ2im7zZcfYTEQCtg+gKXRElLosEk7y/u/nWyEGJQeIW5kMVI3R/2ATL R9q/BrHNfDkX0q3y19zwTNXTocGCITPILoNkSJUMeIYJ1aDCGd8FReTfZOHfamTU 1AOQTl0ZIwIXDC9I/lCJX6gkeGr/lISrzqwLGy4w1pjRU9Y8qbgE5WpGBky5tzse m0DeVvgxjukXnSdj5sLM1fmoVCuxJqDcg1NgoXfG2BRiV1Q418MJLrlWPkV0cRFC mpvwHw== Received: from mail-oo1-f72.google.com (mail-oo1-f72.google.com [209.85.161.72]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 471g8nsdrq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Thu, 05 Jun 2025 13:43:17 +0000 (GMT) Received: by mail-oo1-f72.google.com with SMTP id 006d021491bc7-607dceb1c53so771353eaf.0 for ; Thu, 05 Jun 2025 06:43:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749130996; x=1749735796; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EcVfgrO/ZjVFn++fwRV+p0fV27JSng2FzXTeHDTEDz4=; b=Gltdx52Z25AhrGnYSpM0xqectWQols9XT4c8oFlMAXD/PBLz9f8sTekhLgjlYBt3C2 rYhMyEDa02gIxTFseuLZsJxiofEnrdKhRs7uOIQHbmvkky+3AVVucKquVAoTi/uE8Unl 3p35P8vCDU0VotI2r8sZQ2cVtfC3IFJ5Qf4vxpDRsyK5MjUKImlHuGsJ/UxiwdXbMgMc ep8XHrPq+V4EYJSeZa49kXs09BoIkt4wcBXC5pOqJUdQkH5U5teRD9shZyiOXW6LE1/A XcCYapSDJVC48pt7V6nnIjJuMptsGbIsPDCUdEZlACJvRfFkXJsnHMSpCsfviaVM+YOi BExQ== X-Forwarded-Encrypted: i=1; AJvYcCXnYWE83IwHrPi65CoyLHkPXtiW6pViWa8X11xB+BBbyt0OgRhUlxdN7p+YTJX8RiqKZ88vo4cGHyWES/M=@vger.kernel.org X-Gm-Message-State: AOJu0YydoKsQ+pHsQkKKklHPDogcombDBV8w5GvMWQU0Z6TsohgVcqFD EESzHurZNfTZ1yMQdCvp3+Qnw1FES6XrpvCXmQ1rDVKtqRLShnaP1LdpcR5VQXScfkNIvENXjrK 6qlz0FCp18GUV37OzzpLvDxMPW2vFCgXkkjOENN9R0XBBWXwYl51sWwjvprix/qM2Uek= X-Gm-Gg: ASbGncsoNgW659GhprO7OlldZI/lA7nCptwkM/GSpWMK+SU4Fe8D7XdWxzcjwEpKjsP wcfq/vxqu8RaD+vLYNigvPg3dgDH5CPoKEvSfue5/tXoc2l0ni+9kUX1OJKGxX5sG3VpElBprYo GtqBA1UAHFYNvGCB9TTO7pPS55FQKPJWnDWLuNKuBd5oWXuvkPbSudHqMi+dbY8letSxcJAev5M 6SMIRXyveWuHq6wivSVg9Wm0/RIB4BD2+hPraPO7tdMCLCsfQbF5OYMLS9h5mSgEkux5xowEyHQ 0HhSuOP5CMBePYHAfJzdRrAu+2zR5Rnz0QfhYP7J9RhoX6A/3wTkGfKHUumkydaZpx24cfQI8Dw m4IBwWXP/82A= X-Received: by 2002:a05:6820:1e0e:b0:60b:ecbc:dc50 with SMTP id 006d021491bc7-60f0c7ca167mr5018548eaf.3.1749130996179; Thu, 05 Jun 2025 06:43:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFiiD9ljtJHB+ylVXFa9d85uIWbOmYp4glyZzk87k6EP3VaYO5FO8iTw08AMLXnnbkDXIS4mw== X-Received: by 2002:a05:6820:1e0e:b0:60b:ecbc:dc50 with SMTP id 006d021491bc7-60f0c7ca167mr5018490eaf.3.1749130995829; Thu, 05 Jun 2025 06:43:15 -0700 (PDT) Received: from [192.168.86.65] (104-57-184-186.lightspeed.austtx.sbcglobal.net. [104.57.184.186]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-60c1eb719f8sm2691359eaf.28.2025.06.05.06.43.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Jun 2025 06:43:15 -0700 (PDT) From: Bjorn Andersson Date: Thu, 05 Jun 2025 08:43:02 -0500 Subject: [PATCH 3/3] soc: qcom: mdt_loader: Actually use the e_phoff Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250605-mdt-loader-validation-and-fixes-v1-3-29e22e7a82f4@oss.qualcomm.com> References: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> In-Reply-To: <20250605-mdt-loader-validation-and-fixes-v1-0-29e22e7a82f4@oss.qualcomm.com> To: Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, Mukesh Ojha , Doug Anderson , Bjorn Andersson X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2254; i=bjorn.andersson@oss.qualcomm.com; h=from:subject:message-id; bh=4LG9aen+UKEmXElW3km0tU+Gv6VrtGDS/2bhhYgau/w=; b=owEBgwJ8/ZANAwAIAQsfOT8Nma3FAcsmYgBoQZ7w13CxlnKFE71dbh50VU7TRshQ8GfmTkbWM 5ghTkTTwfeJAkkEAAEIADMWIQQF3gPMXzXqTwlm1SULHzk/DZmtxQUCaEGe8BUcYW5kZXJzc29u QGtlcm5lbC5vcmcACgkQCx85Pw2ZrcWWlRAAiiZ+YPVc+u6389ZQF+/SQaMdPA44r7qRphoqmeL Kr1J8fvRPkMhJAFXLAGAdn0Lw1maOO8M5lXHMdEzD9DFxsukVx1Quq91S4Nh2f4M6uEkF+IOuyb ktzh8xnX8gMPayxP13Jp/mhuvb4/3EVAQyIa2hgTmnSXBfn3wtDOYm3NZ5scdNW4IHNowil18tp LhcvRuM3lex4kfrJQf7dNvJVhgRrxyV976tHW3FVBlmDIyqYjzYLO54GDUNwbLsnDAtd+zA/fc2 2piYgJdcnjl6/mKiirTlOewOyVJdxWjDluQlePD6eKdg6CRNT6ax3MQHJf8smaJkx5CeTOvORWZ swowr8PTnyWU86uummkAtKjOGdPW0rb9MFOejYwJ4D8wWaBFPJqaUkeA4zWK4jFP84N71UW15LM E4Rk6+SqvY/LrUL0LYpkk0eDsYckxEYz4t1rw5Qa0RWIADvn1uUqa1VmaT2LNkf97fZDfikSk0H 7hmZ1Km9Yr3QvUp4PdUxCd0eHNfo6KAfHQ/CmaXLerqNimO2/+XFbehH/+9+XaUb39HLaawHieu eKFYkGEGBTtSFVAp6gFUFy490GtIIKRdZay0gaSg0FnI3rPuL9ac/wwgyJZvvTUiAzcsR2hQ7Eg T5QBNWOZOkUNGfxKvpc/0ymUID3iE2JFO/lm8sZ9245I= X-Developer-Key: i=bjorn.andersson@oss.qualcomm.com; a=openpgp; fpr=05DE03CC5F35EA4F0966D5250B1F393F0D99ADC5 X-Proofpoint-GUID: S-URDQWuCOqmdowJ97--2RopLLozeBpb X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjA1MDExNyBTYWx0ZWRfX/Ckze6Ux2xxh 6OEHxkVOD6BFi/hRdJMRSGCUko/X6kqc+hoMXREHyGXuQ9KXaEe/0008hpxsIPoDAF7gYc6/ppw cvaYhbkiP++JAsOcq0bX7iuiNSKfQhEBGRx4uFG/RY1d2huTXbav+lWsPDyEjgcqs238zbpc1jE S8j/7U0CZHTyenhtCkUP7pN/AO+TWh+A75fsICubSBWf5RmPcPFwlvKqjK9MD2WDoMNZjIBJge1 q2duD6K7TH5KexxrCOOE7ZNAY8z9Iqzx0L1T94Mv0SD72uqH4nMt3jrcochiGIytfuxHkFUBduu VKHIZPnpFnH4BhuY8qrQhpzJCeCau3I/4aNb4Lkby4/QAgdiDrVvxM5N1vAnsslYwvPkQ9vaS8S xdLkobeL8bfLeqZctG4jB7OUhS2UJW6tAEv7Rxt/u2JIUjPWFrrJDN+7PoDBso2wtffyTNYM X-Proofpoint-ORIG-GUID: S-URDQWuCOqmdowJ97--2RopLLozeBpb X-Authority-Analysis: v=2.4 cv=UphjN/wB c=1 sm=1 tr=0 ts=68419ef5 cx=c_pps a=wURt19dY5n+H4uQbQt9s7g==:117 a=DaeiM5VmU20ml6RIjrOvYw==:17 a=IkcTkHD0fZMA:10 a=6IFa9wvqVegA:10 a=EUspDBNiAAAA:8 a=f2cNVZAXkzJHwsNSZUYA:9 a=QEXdDO2ut3YA:10 a=-UhsvdU3ccFDOXFxFb4l:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-05_02,2025-06-05_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0 mlxlogscore=999 clxscore=1011 malwarescore=0 adultscore=0 bulkscore=0 mlxscore=0 suspectscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506050117 Rather than relying/assuming that the tools generating the firmware places the program headers immediately following the ELF header, use e_phoff as intended to find the program headers. Signed-off-by: Bjorn Andersson Reviewed-by: Dmitry Baryshkov --- drivers/soc/qcom/mdt_loader.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index dd3875dd7ef68d1f135efd8efdf5634f27aadd5e..01fea4c510717197a67a529cfa4= 67c6a9a3ab55d 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -111,7 +111,7 @@ ssize_t qcom_mdt_get_size(const struct firmware *fw) return -EINVAL; =20 ehdr =3D (struct elf32_hdr *)fw->data; - phdrs =3D (struct elf32_phdr *)(ehdr + 1); + phdrs =3D (struct elf32_phdr *)(fw->data + ehdr->e_phoff); =20 for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; @@ -166,7 +166,7 @@ void *qcom_mdt_read_metadata(const struct firmware *fw,= size_t *data_len, return ERR_PTR(-EINVAL); =20 ehdr =3D (struct elf32_hdr *)fw->data; - phdrs =3D (struct elf32_phdr *)(ehdr + 1); + phdrs =3D (struct elf32_phdr *)(fw->data + ehdr->e_phoff); =20 if (ehdr->e_phnum < 2) return ERR_PTR(-EINVAL); @@ -249,7 +249,7 @@ int qcom_mdt_pas_init(struct device *dev, const struct = firmware *fw, return -EINVAL; =20 ehdr =3D (struct elf32_hdr *)fw->data; - phdrs =3D (struct elf32_phdr *)(ehdr + 1); + phdrs =3D (struct elf32_phdr *)(fw->data + ehdr->e_phoff); =20 for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; @@ -304,7 +304,7 @@ static bool qcom_mdt_bins_are_split(const struct firmwa= re *fw, const char *fw_na int i; =20 ehdr =3D (struct elf32_hdr *)fw->data; - phdrs =3D (struct elf32_phdr *)(ehdr + 1); + phdrs =3D (struct elf32_phdr *)(fw->data + ehdr->e_phoff); =20 for (i =3D 0; i < ehdr->e_phnum; i++) { /* @@ -349,7 +349,7 @@ static int __qcom_mdt_load(struct device *dev, const st= ruct firmware *fw, =20 is_split =3D qcom_mdt_bins_are_split(fw, fw_name); ehdr =3D (struct elf32_hdr *)fw->data; - phdrs =3D (struct elf32_phdr *)(ehdr + 1); + phdrs =3D (struct elf32_phdr *)(fw->data + ehdr->e_phoff); =20 for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; --=20 2.49.0