From nobody Sat Oct 11 08:26:20 2025 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E467A224B12 for ; Wed, 11 Jun 2025 02:58:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749610722; cv=none; b=pSLjcuYr/PAh8GJaT0TkdbyHUbkCPyeF3ebsFG1b125JHLu0FXlXvlbdsRI/JZIEiGE6B2ENDIIywGbcyYVImz8PxpQOytJ9h/Z2sZd2ncHXnvwSWcd+opBdC/UhNN8IrR0KcJcTWV54OGcdFQYROR22eh7WN/bGu8+h1ma26vY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749610722; c=relaxed/simple; bh=DJn9NYHqZgqnTw4yMsPNWysi1jIuh/SNHNWMy4qhxPQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ds6YnI/svlldqfX74PjMEUfFQW9UgwK33JWWUxhTvj+4HZT4uGtD/N5Aqom+R2keKaIKx7isZ/2fgnBbmQaq8r1H2q7J7kYOkV2jfWO7ENbGjjM8mqtwcafM6GSGHY0kvh3CVawFpbX/P7zqT06Sb0xvk3D12l+w5MzFX7685bI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=mcbO4tcQ; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="mcbO4tcQ" Received: from pps.filterd (m0279866.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55AIQ84N023984 for ; Wed, 11 Jun 2025 02:58:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= YHqKWedYyr0OY6wJ10igxBdQqHVIA6btUlkeWEdA34E=; b=mcbO4tcQ5e+IxFIi 2gII1o93SHjYQi4LJQzxEWpyqyQqWH0nUZfaUZYYSSmhw5pNopJeC4GAFF+a/PWj fi57u1GCEUYhHAu0APylj2TrK9iX3f2WbzLhnzmUShBCzxU5+WHzNC1bmGK12qcv eE+q+I4cUIvPdlZzcsojVtU2RdCw/E5jfj60ZR9mybF5RT0dt54e+Qf5EHEbgZe7 1HizZJ4AiZki5rWTPN64Gi5gleUFv7qhxdRW+BjTN+Lmo06MDFVs8OdIrJR+5gnb 1kZepFjQds2c2/C8lb/xwjm4/dUtMMk0tB4hzJawohpIbHMniQabmyV7EkmlrRxI pZi67A== Received: from mail-oa1-f69.google.com (mail-oa1-f69.google.com [209.85.160.69]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 474eqcker7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Wed, 11 Jun 2025 02:58:39 +0000 (GMT) Received: by mail-oa1-f69.google.com with SMTP id 586e51a60fabf-2daf2a40894so1554414fac.2 for ; Tue, 10 Jun 2025 19:58:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749610719; x=1750215519; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YHqKWedYyr0OY6wJ10igxBdQqHVIA6btUlkeWEdA34E=; b=jNv2ZkRc4CnuE58mKhWIkb7JdBq+to1kLQgYRfhv+Xd2iPThkqB779lDg9NSjayJzG LIvXPHaFZwpKL1SR6onYs3/Ju301kUJmJkj4pIfgC407iGksRU/9zCId2eK57mYbqL4s ebB3s7e30sAOYE4qVbxXVDlIHyyAl7LrDCpjv30dZV/fj1AAxsQTjbkuSefxcFXadjav 2NwWJzxkBUaFeqNPMHC9RGGz4muMhkEhIg5cPH7Y/eGOp80Kd1Kh2k8glWnPEQCMn8xf koRWRm28jvnEYf2GefyV0yXziDtWyh58RNljbbapSDqUhydIQPxmG8tmSQwjFQSvqxJC SDNg== X-Forwarded-Encrypted: i=1; AJvYcCXymS1skHhrwzWk16zXVFXIqsRUO1zBbDHAe5PAG+91aAJ5FxqiOEO3ULLsP04S6qnZk7QcnJWWo+kvp0Y=@vger.kernel.org X-Gm-Message-State: AOJu0Yylz78qtPj5kxm3UzcG4ttYQx3doV6qwqsc3uL6KUbOJFd4szJ5 4O/eBIi60yF4FJPttjVIzUjh1N5/gMik5s3Won0eR5OOtyoG5FVyGwd0ayMGVopMLaZTtlcnSyZ QLT5gyZp+SyHrjTdcDHlM+9/QYc83lWsIAe93rIdf+HhW7zeaU9IOcTjDyV1qEYJMwkM= X-Gm-Gg: ASbGnctXWqXaHu26o7DvHJtNHyUrKv9PBpjzUdoJv4ERhEXcDULuKw5KkxetiP7Y6zg QokoFAyIChFy2/H5GAAY7UteI2a34VYQUecmj4FQMolXrjg+tQI9VHHmN903A/o6jZtb2hHkM8Q ycpR+/WlxK+b1Wv0Tmo4ZyM8UWYOIqzU7ywXYFv21aR2WPyMTzolp5882F++jv80njQ2C9YTons AyzOowUWGPmWuI6QQnrzOBFAC7i9tgHnNmSvMTdWjnGOlGGQJHOt92+80JkO1N9F6dnr8C3FfjJ UnRHM518Schcac3ztX1/yFcf2GxXlJ1F85ibwmlLC5MwhaDggj3AeS/bEaSss7vnhztEacaBAhW wCSTwyXQRoqY9eE10fq7s9w== X-Received: by 2002:a05:6871:230d:b0:2d6:6633:463a with SMTP id 586e51a60fabf-2ea99630c12mr729387fac.8.1749610718956; Tue, 10 Jun 2025 19:58:38 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGRLQcilCJwRVztlhp6Tq1XQRDSfon5wVImIcFPTKlDGIIDnxnp7kRLq0y9C6AdKmJ0vdJFaQ== X-Received: by 2002:a05:6871:230d:b0:2d6:6633:463a with SMTP id 586e51a60fabf-2ea99630c12mr729379fac.8.1749610718647; Tue, 10 Jun 2025 19:58:38 -0700 (PDT) Received: from [192.168.86.65] (104-57-184-186.lightspeed.austtx.sbcglobal.net. [104.57.184.186]) by smtp.gmail.com with ESMTPSA id 586e51a60fabf-2ea85fa2cbasm478059fac.8.2025.06.10.19.58.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Jun 2025 19:58:38 -0700 (PDT) From: Bjorn Andersson Date: Tue, 10 Jun 2025 21:58:28 -0500 Subject: [PATCH v2 1/3] soc: qcom: mdt_loader: Ensure we don't read past the ELF header Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250610-mdt-loader-validation-and-fixes-v2-1-f7073e9ab899@oss.qualcomm.com> References: <20250610-mdt-loader-validation-and-fixes-v2-0-f7073e9ab899@oss.qualcomm.com> In-Reply-To: <20250610-mdt-loader-validation-and-fixes-v2-0-f7073e9ab899@oss.qualcomm.com> To: Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, Mukesh Ojha , Doug Anderson , Bjorn Andersson , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3078; i=bjorn.andersson@oss.qualcomm.com; h=from:subject:message-id; bh=DJn9NYHqZgqnTw4yMsPNWysi1jIuh/SNHNWMy4qhxPQ=; b=owEBgwJ8/ZANAwAIAQsfOT8Nma3FAcsmYgBoSPDcWMhl8PNhEUSpN0/Q5gk8VSK6rZb/VYHEr OGbXJKHVbmJAkkEAAEIADMWIQQF3gPMXzXqTwlm1SULHzk/DZmtxQUCaEjw3BUcYW5kZXJzc29u QGtlcm5lbC5vcmcACgkQCx85Pw2ZrcXRow//XIVlajDg/QB4/Ejz8xnsC13HZRwJw6RFbDmviPK 9+M9T+oSd0oJELF+cVbPGfvsPyDgHgQuWQbnHIi4N4rMhtY0Lvfcm5NJelfBet4oJfwckF8fiyR LX9ez77SqzOHBBrWoSOMxQBz/IrB4b/30n0oV3Fkf2GnsgFnbaMU/PImMJirh7hMkfAhxo0pRJx 7bzA4D2iwOpO3+d7cB8WP7rwyU7QaMngZ2YSElK/cKD2c4kfZav+1KeSwQJRi1sHncuE9+qQXpw YuU44pAk4BDRZOPktAt0+vkSdaYRijoE2Dw+JaBj4az0ZZPgbmkgJu5wviMEdlI/gi2J7PLeeJM CerjSJEmHdAJii3IvdU953ABtk70tL0FYrgGL5jIUpGDV4+9msLY6NyZdXUmJD5QIDQtQb/wMSg nOk1VsbsqPyd1Ud9u8cmB8T29tqTbaCn3L4XUu2yg2LVs/n4xKpdn44cgjrVYYNpqo0GrytATQL lX9ROm5A4TopngVk6nT/5257bw7RpMNNZGly1r/J1Bv1TCAYWc4JujZ+c4P72wSDmSgkyKn37gI QJU+aJ1k29rR7q8ACOmDdk+t8bTSyf77YA1/g5bNlYXBDD64Lcn1RzVd0yWOY/i3R+zVRzc08lE 4aEzqmNwJtZ2ftWHoX5/8+FYqiUpTmJJPKe4eS87JI+M= X-Developer-Key: i=bjorn.andersson@oss.qualcomm.com; a=openpgp; fpr=05DE03CC5F35EA4F0966D5250B1F393F0D99ADC5 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjExMDAyNSBTYWx0ZWRfX94Qfb3Oj0dHk 6vwIPtHeFinC3mnoretyo+TgCrfOQBGqxMGI4pXAhUaQV6peS+zfeLQHJ/CdpgbbYCbpyxpmWpi q3IELCHWV2JKzRI9yHABBytqYCh5rysSeHdduYmaUt3T2OXjTvXRXEWTiy45GWRbR7fPSDzqKyX p9f720fNFyZCXd+UePvgsLNcLIVwOZteP+68G/cpv1c2bHMmqvyncdv8mI/UfJ6UUHx9DEG6sxK dp21l4EpS0XabIXEgkxe7HR6gqFrS6m7ThdIqz/bahlqe6zkbiKsKDs+OLQ6LU0jDsO1fxe3vAB jPmVGlc9RqvGGtInzWVjm4z766xKNSLRtywHo28JGVk1t77AE5trqSi57o5cdJwU7zb7PWXy+jd q6+kox17btru1DhKlUwlOWGGECs4H7tUx83k0s5zXKLc5VZtOPRgsLQz5L81fpQChP2RJL8l X-Authority-Analysis: v=2.4 cv=Q7TS452a c=1 sm=1 tr=0 ts=6848f0e0 cx=c_pps a=zPxD6eHSjdtQ/OcAcrOFGw==:117 a=DaeiM5VmU20ml6RIjrOvYw==:17 a=IkcTkHD0fZMA:10 a=6IFa9wvqVegA:10 a=VwQbUJbxAAAA:8 a=cm27Pg_UAAAA:8 a=EUspDBNiAAAA:8 a=R2NP8FmM25b3pXeoK7YA:9 a=QEXdDO2ut3YA:10 a=y8BKWJGFn5sdPF1Y92-H:22 X-Proofpoint-GUID: lIuGz3DtO49q9RKSkIVZ0NE1Zp_sU6z_ X-Proofpoint-ORIG-GUID: lIuGz3DtO49q9RKSkIVZ0NE1Zp_sU6z_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-11_01,2025-06-10_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 mlxscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 clxscore=1015 lowpriorityscore=0 adultscore=0 impostorscore=0 priorityscore=1501 malwarescore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506110025 When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. e_phentsize and e_shentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid. Fixes: 2aad40d911ee ("remoteproc: Move qcom_mdt_loader into drivers/soc/qco= m") Cc: Reported-by: Doug Anderson Signed-off-by: Bjorn Andersson Reviewed-by: Dmitry Baryshkov --- drivers/soc/qcom/mdt_loader.c | 43 +++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 43 insertions(+) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index b2c0fb55d4ae678ee333f0d6b8b586de319f53b1..b2c9731b6f2afacf4acafe555dd= 36ca0657444a6 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -18,6 +18,37 @@ #include #include =20 +static bool mdt_header_valid(const struct firmware *fw) +{ + const struct elf32_hdr *ehdr; + size_t phend; + size_t shend; + + if (fw->size < sizeof(*ehdr)) + return false; + + ehdr =3D (struct elf32_hdr *)fw->data; + + if (memcmp(ehdr->e_ident, ELFMAG, SELFMAG)) + return false; + + if (ehdr->e_phentsize !=3D sizeof(struct elf32_phdr)) + return -EINVAL; + + phend =3D size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), eh= dr->e_phoff); + if (phend > fw->size) + return false; + + if (ehdr->e_shentsize !=3D sizeof(struct elf32_shdr)) + return -EINVAL; + + shend =3D size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), eh= dr->e_shoff); + if (shend > fw->size) + return false; + + return true; +} + static bool mdt_phdr_valid(const struct elf32_phdr *phdr) { if (phdr->p_type !=3D PT_LOAD) @@ -82,6 +113,9 @@ ssize_t qcom_mdt_get_size(const struct firmware *fw) phys_addr_t max_addr =3D 0; int i; =20 + if (!mdt_header_valid(fw)) + return -EINVAL; + ehdr =3D (struct elf32_hdr *)fw->data; phdrs =3D (struct elf32_phdr *)(ehdr + 1); =20 @@ -134,6 +168,9 @@ void *qcom_mdt_read_metadata(const struct firmware *fw,= size_t *data_len, ssize_t ret; void *data; =20 + if (!mdt_header_valid(fw)) + return ERR_PTR(-EINVAL); + ehdr =3D (struct elf32_hdr *)fw->data; phdrs =3D (struct elf32_phdr *)(ehdr + 1); =20 @@ -214,6 +251,9 @@ int qcom_mdt_pas_init(struct device *dev, const struct = firmware *fw, int ret; int i; =20 + if (!mdt_header_valid(fw)) + return -EINVAL; + ehdr =3D (struct elf32_hdr *)fw->data; phdrs =3D (struct elf32_phdr *)(ehdr + 1); =20 @@ -310,6 +350,9 @@ static int __qcom_mdt_load(struct device *dev, const st= ruct firmware *fw, if (!fw || !mem_region || !mem_phys || !mem_size) return -EINVAL; =20 + if (!mdt_header_valid(fw)) + return -EINVAL; + is_split =3D qcom_mdt_bins_are_split(fw, fw_name); ehdr =3D (struct elf32_hdr *)fw->data; phdrs =3D (struct elf32_phdr *)(ehdr + 1); --=20 2.49.0 From nobody Sat Oct 11 08:26:20 2025 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E73A1226165 for ; Wed, 11 Jun 2025 02:58:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749610724; cv=none; b=TR4W50FPJjmij2GkJh/AtDkFtnA0GvMZeZngTi1AeIjPDJao5f8RFzCZy6VTQTPwImW6Ela1qZu/uNDA91mFEll9CGJlgrX8D38ZVFf47BxzLehRd6wbtNPvXGg7YPp/930m+QYRof39xRSPKFr3y20Z3dfElCYn9PUDBd6at2M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749610724; c=relaxed/simple; bh=Tq84tO28/ihL3VCn+xRUdAhQjrUgd8j1sFdAu9HULA8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=OpJCGaxX7Vv1iWSE5p5U3h6m5uo8jcXjhr79swdUB+Gls6ma7ZK6h1exuxDXIwhiCORPmI6EgxBA77ggEX/yuBvA5XMBa+79mNFh0BMA2IDpV+nMh0tKUdmYQS37ofTyIxkq8IuslcqEVTRjmgU8Udeagky8MCsFfy/gdiFFYgk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=c71lYeF3; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="c71lYeF3" Received: from pps.filterd (m0279866.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55AIPqYU023667 for ; Wed, 11 Jun 2025 02:58:41 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= m0HKw6uRkuFduO3sES05/apr/xAyNFuACuh7Zmwxopw=; b=c71lYeF3zzxZGG+m llQz5GYISxBd76fMKQ2q3ps1PMXC14rFFDOUZ080DnKmjRagXuOtbiD+9cgmOsVE +Ry+ivVBKQvY42z4pwjFOrw2Cwe1cRErmGb3j9UmYnSrjOfzHAalHxLqIPFtpIB8 4YKZljG7E4PW5NjGHARYLW5Xn1te0yRvLlvm+DNO35fA9zj9MpZkizrDAJ/ttYmJ BwDyYT3RlXDWJZlWWZCQFSFiwW57P7cjHCgx0annB62Cu+Xs8Y3irkLFqlF2q083 mxhQwb+XgakTuYCGIEKwgLVZmSSgD3Li5oyf1owQI93I/1DeIF+IF/1sj4mBCqaS NCNxJA== Received: from mail-oa1-f70.google.com (mail-oa1-f70.google.com [209.85.160.70]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 474eqcker8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Wed, 11 Jun 2025 02:58:41 +0000 (GMT) Received: by mail-oa1-f70.google.com with SMTP id 586e51a60fabf-2ea89e10eeaso320415fac.0 for ; Tue, 10 Jun 2025 19:58:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749610720; x=1750215520; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=m0HKw6uRkuFduO3sES05/apr/xAyNFuACuh7Zmwxopw=; b=hfc/bjmMuh1Vxp0b/BkggJ0l9iSpEwC2zF664mdnc4CJrdkwDdjz4QWtXdoFrsAPIA GFu7UuTK7JLdQHDUbr8B5yvJP/VLXY5kOdXCGugGEUEBMyQFa5qfnvOjqRSqf6QoweJ0 zQ0n6lrG1COwFW6RZOgcF8snWtWZf7chKwY8oSo9JQUhlppyCOXZNhIaONa37X/v7gfx k2jkO8adZ3kLn99bleTa0Vd0ylZaVQl3U79ppgUGMkdr03A6tsgGA0WyC9rSracr77Bp Pr14cn6TP9A/xI8zxfl48K1LUOu2W+/0atcoPzz7I+iAWSkDpRS88C+cwPE7OThQsbV5 x69g== X-Forwarded-Encrypted: i=1; AJvYcCXl/jM4b4y9iRsYRQxmQ2PyZM9EJN4r3yRCBJdE/PpGbiBg13GG45aoco2ZvM1nJ/VQolDO+9MBsgnC/+o=@vger.kernel.org X-Gm-Message-State: AOJu0YyzF4gV7qlGBQlQIb/LrM4UgBIAFvE24t47CotWSzpajK+TScoD ia8SuWdUihF0n+xpJPQFvYQJ1VFojjEAQhdrj/FHEmGlErKuhqjntk6uk3/XcOW8RkYItn008QA Sf34aoxyT9owDF7BVey+4M+7Zr1C0rP+NVUXx+O+0Svh1EwbnvIukVRPqHE6Mev9+TvU= X-Gm-Gg: ASbGnctb7dj4MmgLxyhhxnoO+gk9M8ni+E49AS4e+l0KNDKm4bwKOdWIik0tP6eI4z8 RBJjnXfARscKasI2g3K/30iVCrdufiTl7d3JRDeGSzmQGixqSmvYssnOXlsYQDClIutur0A4Czh CzTDjSb0NaXwBHLmUBH4E8VhcoPG6naBnliBR6/LOUTEbliMgumEaCF0ff+TbyrKFplulGiGlwe wRpRsE1fJqzAbtXI+xxtf7qAHDxTLBXh457gyWi3iz1x9zsfJ3Fb/8aJQDKt9YmEajAkXO92tzK bh8r0F2A8/FQFYB8kmCfJ7iTYpEvaxr7o/y1uGVKlWAfQosVpyn9I2Q5TrKzxP6tyA2tB0mzSJ6 /Q8L6D5CkHVmuWrJ5yQu/cg== X-Received: by 2002:a05:6870:d0d:b0:2d5:97d0:c03c with SMTP id 586e51a60fabf-2ea9675aa8dmr1180348fac.18.1749610719974; Tue, 10 Jun 2025 19:58:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFBud1AVwyFvOwAw4uK84W6FyfbeOV8nniRVWU9hjKilfxs2wJ95EuOAcCOsyWx63mo0uOdUg== X-Received: by 2002:a05:6870:d0d:b0:2d5:97d0:c03c with SMTP id 586e51a60fabf-2ea9675aa8dmr1180339fac.18.1749610719648; Tue, 10 Jun 2025 19:58:39 -0700 (PDT) Received: from [192.168.86.65] (104-57-184-186.lightspeed.austtx.sbcglobal.net. [104.57.184.186]) by smtp.gmail.com with ESMTPSA id 586e51a60fabf-2ea85fa2cbasm478059fac.8.2025.06.10.19.58.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Jun 2025 19:58:39 -0700 (PDT) From: Bjorn Andersson Date: Tue, 10 Jun 2025 21:58:29 -0500 Subject: [PATCH v2 2/3] soc: qcom: mdt_loader: Rename mdt_phdr_valid() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250610-mdt-loader-validation-and-fixes-v2-2-f7073e9ab899@oss.qualcomm.com> References: <20250610-mdt-loader-validation-and-fixes-v2-0-f7073e9ab899@oss.qualcomm.com> In-Reply-To: <20250610-mdt-loader-validation-and-fixes-v2-0-f7073e9ab899@oss.qualcomm.com> To: Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, Mukesh Ojha , Doug Anderson , Bjorn Andersson , Dmitry Baryshkov X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2179; i=bjorn.andersson@oss.qualcomm.com; h=from:subject:message-id; bh=Tq84tO28/ihL3VCn+xRUdAhQjrUgd8j1sFdAu9HULA8=; b=owEBgwJ8/ZANAwAIAQsfOT8Nma3FAcsmYgBoSPDc4wVmjoJsFrBJ245i0TjD3UoQWw+0wMjrm 3hxu2fVQP+JAkkEAAEIADMWIQQF3gPMXzXqTwlm1SULHzk/DZmtxQUCaEjw3BUcYW5kZXJzc29u QGtlcm5lbC5vcmcACgkQCx85Pw2ZrcVCSA//e0sVwVAchDT3X4CcbVrsKKgPUvslkgFpwmOx7yN xMsnQmBsofbHlFBmLq0t4TGoaojZ4ngWL3HnMMOH6+dgETJ2aZ4vBtu64ejcvBcoVmhLBaMtan2 ONHmIw10bDj+AVQvOls+sSY4EYcHIXBkr1/9pFFteLBQ2bKB7eeStBQ10eDyASzVRZtAFGfRSva AklEM/xbpHPIGh9CirHxnJ47lzeJusITmllIvSn7Oh+BgyQYuEsjIJAAioy7DCyKt4c8SSxk+0W JcQuu/bgEs6PnUdR+Yb7PDsJxFlDdFF6YXsyiMkrrJX/N1qEarQubfD96UI4oiAMV+8hUDYgFfY lsYVIX0WP/9WILXLwo7fr8ZaHxzZPoI5wmVeB1kPSqN+/Kc2qV8KN02XSroXXJRgZc9vcHiF9bt VcFVLu9KTMQLdVutQAGf2AYkXniXOfvRyoLo8+XM98IeWyMcZ+Z6+ZlzU/mKKj3h2Q9Qlj1uGdJ ensj+BgKMcwgVAIZHtlDNiR6tpfb0vX755XsPaO/O9vDCZR04bX68Ar4EGoae0iQLVke9mQDcJq VZb4oPrUlXK2wWBv2ZcvzHwpthCa9bMJpE4MPGv2czvIpF7TrLsPZFAp1SMrGoR4cUTa7xMgM00 2PW/g9yxHQKIdr4b31cHNFMQxI/ajIzgPINDRhKrIQUw= X-Developer-Key: i=bjorn.andersson@oss.qualcomm.com; a=openpgp; fpr=05DE03CC5F35EA4F0966D5250B1F393F0D99ADC5 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjExMDAyNSBTYWx0ZWRfX7nezWG672cZt UoaVNQ2ZLdrg7L17T9Qm8jljuzF5D5ewIim3Tv9wJi/3TH4cXvlUibLFigVWWuFQZ7YqXzSPxeS 2cMExbMvfToDHrl76qytPSNLjSko/z1gtpdYyE24xC86oWw0E+EnUB2tHEuKhW00/0PeXG4gAkP 4AiL9WR/oIJzZSDWRIl8uwtyRqA033lxAigKxNurk2sEvd4dpI4RZ7ZsKPS6yaTG51ixYOvovwE chQNYbPjHen2EXS+rTJWofYkY3+3/AAtRrpliR5T//CSr/g0hRThv2tMz2OOZQKGb6WT3k9j1rP 8NZE9sWQBrwjXKlf6VlnBY9/Ff1Nl/jzMNTglO623KznpyYICWfhHEObPwvXmvqUJlzSE7sUKZt vtsX1DyyryUgkIkguKfBjyeBf4FlHiAhMRsgj98R8MwgpIoyRNuWDp8HDd1jlD9yxeeJ0Mw/ X-Authority-Analysis: v=2.4 cv=Q7TS452a c=1 sm=1 tr=0 ts=6848f0e1 cx=c_pps a=nSjmGuzVYOmhOUYzIAhsAg==:117 a=DaeiM5VmU20ml6RIjrOvYw==:17 a=IkcTkHD0fZMA:10 a=6IFa9wvqVegA:10 a=EUspDBNiAAAA:8 a=KKqZDcqvNeJUIbkoXhUA:9 a=QEXdDO2ut3YA:10 a=1zu1i0D7hVQfj8NKfPKu:22 X-Proofpoint-GUID: uV1m3FTHtyf6TAuI0qAWpAlqfYRWhv00 X-Proofpoint-ORIG-GUID: uV1m3FTHtyf6TAuI0qAWpAlqfYRWhv00 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-11_01,2025-06-10_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 mlxscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 clxscore=1015 lowpriorityscore=0 adultscore=0 impostorscore=0 priorityscore=1501 malwarescore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506110025 The function checks if a program header refers to a PT_LOAD segment, that isn't a hash segment (which should be PT_LOAD in the first place), andwith non-zero size. That's not the definition of "valid", but rather if it's "loadable". Rename the function to reflect what it does. Reviewed-by: Dmitry Baryshkov Signed-off-by: Bjorn Andersson --- drivers/soc/qcom/mdt_loader.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index b2c9731b6f2afacf4acafe555dd36ca0657444a6..52f0c8bb7c5ee9f043009a274f1= 47128f0778151 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -49,7 +49,7 @@ static bool mdt_header_valid(const struct firmware *fw) return true; } =20 -static bool mdt_phdr_valid(const struct elf32_phdr *phdr) +static bool mdt_phdr_loadable(const struct elf32_phdr *phdr) { if (phdr->p_type !=3D PT_LOAD) return false; @@ -122,7 +122,7 @@ ssize_t qcom_mdt_get_size(const struct firmware *fw) for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; =20 - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; =20 if (phdr->p_paddr < min_addr) @@ -260,7 +260,7 @@ int qcom_mdt_pas_init(struct device *dev, const struct = firmware *fw, for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; =20 - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; =20 if (phdr->p_flags & QCOM_MDT_RELOCATABLE) @@ -360,7 +360,7 @@ static int __qcom_mdt_load(struct device *dev, const st= ruct firmware *fw, for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; =20 - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; =20 if (phdr->p_flags & QCOM_MDT_RELOCATABLE) @@ -387,7 +387,7 @@ static int __qcom_mdt_load(struct device *dev, const st= ruct firmware *fw, for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; =20 - if (!mdt_phdr_valid(phdr)) + if (!mdt_phdr_loadable(phdr)) continue; =20 offset =3D phdr->p_paddr - mem_reloc; --=20 2.49.0 From nobody Sat Oct 11 08:26:20 2025 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EED0522652D for ; Wed, 11 Jun 2025 02:58:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749610724; cv=none; b=od43hrmS62mCyDieNoWFvM+VmJfut2MHYG1LQu5b9Gsq9SnOMdkdWSif2fijZcLjnS6kYfbCaRz1IppskMRX4xoA57cHottsHGo/xTbWgeFQebWA7o7yXfhvCug7IdDwRtgADtSrgCIVH328uyO3P7hpxgEEnagEkCjSABWpiDU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749610724; c=relaxed/simple; bh=4U855dwdIaDRs3THDO+BKF/8/926zEfYRJi0F4N9KoY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZfNh0f3/GUJaSFnLLpD+oIMiD1dLwbGk2JRASL0z+PXZvGIQvbN3KTfKMxoRC5zFohWr/I4kaoU9nhKI+P+4zH4GsPCiF8EPHfCmFf2O3Jv0Eh1yBtNqrVx8xwhczcZe1Ou6OQkVOB3lvpZwsZtsT8/8WFDh0XWvPRKu7XJvc3k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=QJwxVALp; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="QJwxVALp" Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55AIPrgc030928 for ; Wed, 11 Jun 2025 02:58:41 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= EfRQ7jMFsaHVSush77168FUGD1OlX8kIPHZjPyesHFA=; b=QJwxVALpj/k0xdcj AX/XlWaE73HleB+6Ec7PqMH7xV2+F3p1GXe8ZrlVOPyOfDSt4wFrTutg2QZR458C Ugqifx6xayshNUAvh6fypssudnKTJSQuBB7NSbYQQu6PhvVLLtODmj5NyUM0qpGJ wBv5WfENn19XGk+44mdZs6nMSyVgp67j+5o9NRSobQ+WoA8UT/oboG3QXRZYS6Ie 5oVIClY2Y8uFT/JXhOBsRVE07dvSJfPuT8WiPbp3ycCefNhP4AU3e0UNgD18gSua NSGSan5iX4AWlz9uZjGI+m/T20m/sb5aEabGNTe3cXrY7zgevkB2EW3BjiIsT/+r A8YtpA== Received: from mail-oa1-f72.google.com (mail-oa1-f72.google.com [209.85.160.72]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 475v2te47a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Wed, 11 Jun 2025 02:58:41 +0000 (GMT) Received: by mail-oa1-f72.google.com with SMTP id 586e51a60fabf-2d9e7fbfedaso5746764fac.3 for ; Tue, 10 Jun 2025 19:58:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749610721; x=1750215521; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EfRQ7jMFsaHVSush77168FUGD1OlX8kIPHZjPyesHFA=; b=gVlDZF+PO4Hbcqp8he8I0drYDTvcMc0x0etXB4TNiHrECOZie1BHY7/t4iyncNmFhv racmaSmCyoIWss6y8nIDyf7AkmKPsWh2PAvJnoOVwuLN4mfV7YzgHYqf0x8kFzJigP9c nKhadFGF0fDSamguQgRIzYHKAbtB7NZzRXRIU4igOez7rVJtn7Za3QalJJYZkHCY+0kx Du3jpzxHhPHPnP3dwufH69cwwng94QeOXX+YjTXIbB92gBEb8Xzgmi4K3tvJcEKbtbuQ aQ41jw3V37dkjpNE+yMplL8tPzWWJ4nzwy1GtKfhAuaFo6dlrP6axlbGpPYL/A+97o4v zj+A== X-Forwarded-Encrypted: i=1; AJvYcCXW1CBidmQCJIHyA3ojXOnvhnH1vdLFxjReGV9V3W5CzcFe646M+DshMz8w4Hiz9chOcjCldFSSIcMf7p8=@vger.kernel.org X-Gm-Message-State: AOJu0YxMj6sCR25NnltoP6o8b34SW1QayBQtnrpiHh4k49jwcsXq2UZh 4enU9JIbIopC9z8/q/DKagUJtd/TNoojcWF4rBlyNobXEG6fjzhv1rAbyXeC7NDoQHtwNKZvPl6 bH0qxvKRqf/OIo9LVPNkuPX+m8IzXmPluCFk9FEJjAYxIG8EeLBEIlgCrF9MmbbC+nr8= X-Gm-Gg: ASbGncvoZxA58noxYdHwg5J0b+JgOgLW60ouQJ6xClVYn0i8xH/X0/QPAfzsOGHJhfs cVAx09SbUx0OCTW6nRsKpEJ34Z9Wfmeg1qkxz67dMnwzg58ymIAruq+32KM2CtL8Xo839nxBvRr 6ifQiGpkuYycrFDXbn65j6ywQn1LYszBUszvBJuBm/h6czWj5ZfdGUMevVb8HuFks+L7P6B4IlT /GmQ795FIHmsOQPgK+Y0S41dsAmJr/WeLnROf1K1FGuJ/fgXt61zz8iz2WAXTWc4BMQqd1RFxHW VGtXCKR2pNAjfCbrrxK3WQrXFkLktOSHD3fSfc141nESzjg0BKGDJo56s+HIA6IUh53g3/T1BU3 +WSazaca3f9oV5QMz1li0rg== X-Received: by 2002:a05:6870:889a:b0:2d5:ba2d:80ed with SMTP id 586e51a60fabf-2ea96d59e8cmr998570fac.25.1749610720872; Tue, 10 Jun 2025 19:58:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE4LXIopvC651Fqau1Q+cTSxk2H6unb6c4wixhPbQ0obvdKGm0mKSE2Y52RYW81q9xfifCs5A== X-Received: by 2002:a05:6870:889a:b0:2d5:ba2d:80ed with SMTP id 586e51a60fabf-2ea96d59e8cmr998563fac.25.1749610720560; Tue, 10 Jun 2025 19:58:40 -0700 (PDT) Received: from [192.168.86.65] (104-57-184-186.lightspeed.austtx.sbcglobal.net. [104.57.184.186]) by smtp.gmail.com with ESMTPSA id 586e51a60fabf-2ea85fa2cbasm478059fac.8.2025.06.10.19.58.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Jun 2025 19:58:40 -0700 (PDT) From: Bjorn Andersson Date: Tue, 10 Jun 2025 21:58:30 -0500 Subject: [PATCH v2 3/3] soc: qcom: mdt_loader: Actually use the e_phoff Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250610-mdt-loader-validation-and-fixes-v2-3-f7073e9ab899@oss.qualcomm.com> References: <20250610-mdt-loader-validation-and-fixes-v2-0-f7073e9ab899@oss.qualcomm.com> In-Reply-To: <20250610-mdt-loader-validation-and-fixes-v2-0-f7073e9ab899@oss.qualcomm.com> To: Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, Mukesh Ojha , Doug Anderson , Bjorn Andersson , Dmitry Baryshkov X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2321; i=bjorn.andersson@oss.qualcomm.com; h=from:subject:message-id; bh=4U855dwdIaDRs3THDO+BKF/8/926zEfYRJi0F4N9KoY=; b=owEBgwJ8/ZANAwAIAQsfOT8Nma3FAcsmYgBoSPDc9yC0BngA/zq7XYJEQefoq4inas4po2LHv RFT7u85wb2JAkkEAAEIADMWIQQF3gPMXzXqTwlm1SULHzk/DZmtxQUCaEjw3BUcYW5kZXJzc29u QGtlcm5lbC5vcmcACgkQCx85Pw2ZrcUpqw//dLfBpAc2XzLA1OvZY+odkbdvrrKy6Xi5RyCyTdo 4xfxDjlbCPFJky/naVrN3EmZrfASgiptFVrmfyDaYW1xLm8E9U9FC4vPJ4yvjPF6qGDGZkLEebi 7Ksr3FjR1uQvk0AHYEEYB2lMfW/bf7s3GgGbTDnKM4ceLA41nrhOl5Iva5hrEtau2p1ocgPf19D iG/Tp3+S1PSSptmEDps54cLi8yaPojY9mQJ8wmCkXd2xfuUR2aDLf2HgRYfTwf9ERbytdoLgCpA mUFZVfiqQrA2cqAn/tBalTjMEDXqm6x5ByJKehzKVA47AMBt15IQvq4z4IoO0EP3f9gwaHf3/yz upQqdiufiXWfUex3H6LE0FcCgc98qVXIcfQMSU1sxQ80Jmf4xLmwX+uWWtlE7wg+Mj6+mSXfKiN w8cTPvBijwkBYwiKRL/EyoH6WM49nS2tpObLoskUxa3ukFGxlKESHHmszy6h8CrS1piPp3MhL/9 n283Gr961n98yddCzFxns/o88uCON5TZAlS24WReY+6EsxYrGOWriXVWWwUwV44Ri9ZGyMSSXt4 B8SfxMDAajJ8+4XEVK8GLS3uL7Jyoo8udf4cYQ05Ohqd3fPxYUG0HYNGEqD693YWwrjExH+jw+l UptHuy+Z2iDb4i0iv8E7cPqJHJ2Ga+4i4EBlj1R3VGNs= X-Developer-Key: i=bjorn.andersson@oss.qualcomm.com; a=openpgp; fpr=05DE03CC5F35EA4F0966D5250B1F393F0D99ADC5 X-Proofpoint-GUID: I6Yz-0b_KR487ChGiQXnhQuG_Lp4txIp X-Authority-Analysis: v=2.4 cv=GoxC+l1C c=1 sm=1 tr=0 ts=6848f0e1 cx=c_pps a=Z3eh007fzM5o9awBa1HkYQ==:117 a=DaeiM5VmU20ml6RIjrOvYw==:17 a=IkcTkHD0fZMA:10 a=6IFa9wvqVegA:10 a=EUspDBNiAAAA:8 a=KKqZDcqvNeJUIbkoXhUA:9 a=QEXdDO2ut3YA:10 a=eBU8X_Hb5SQ8N-bgNfv4:22 X-Proofpoint-ORIG-GUID: I6Yz-0b_KR487ChGiQXnhQuG_Lp4txIp X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjExMDAyNSBTYWx0ZWRfX0qD2mveWZnf2 EwHuIEyr9n3GqJYAFZPCKtxZJbcAqVoKXhV1ENM4zGVmnMSZ9B4/YbDt8WlsGGhTKznE8KVemyk 3FoW7GECnJVt07ux4dL77SU8ffuaqVN1pAprlEPC6IWqPCZ8zXzzrBdD93aMqntQj89XY9i2+tJ X3205ewZGjOH9nd4POFFO8DEB4r3W9lcQO3btVPYJphyi6pjSAvJC+vRxQmPENl0KeIEOWChc8G 17ACJk5YtkTflLjTi/TxL42T7yOdDc+Gat2EwxbcQz4aAiMJo1FPAvA+WXK/driavg1J5mBAxzS uzSAFYpTf78hThushb+yVmPpBilQbu6aPv5htMIntTF8McVO3v7I1ON7DhoyX+2LTQXA4dtL1Sq 3k5qBT6VxBI5SuGNf8418lOtWUAn+17wx1T2CikT3E6iDJWcT9wUgqIFtj9YPtudD/fLQx3t X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-11_01,2025-06-10_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 adultscore=0 impostorscore=0 malwarescore=0 mlxscore=0 suspectscore=0 phishscore=0 priorityscore=1501 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506110025 Rather than relying/assuming that the tools generating the firmware places the program headers immediately following the ELF header, use e_phoff as intended to find the program headers. Reviewed-by: Dmitry Baryshkov Signed-off-by: Bjorn Andersson --- drivers/soc/qcom/mdt_loader.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index 52f0c8bb7c5ee9f043009a274f147128f0778151..1b4ebae458f3e0e37ce40afeaea= 2e0fa3568c8dd 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -117,7 +117,7 @@ ssize_t qcom_mdt_get_size(const struct firmware *fw) return -EINVAL; =20 ehdr =3D (struct elf32_hdr *)fw->data; - phdrs =3D (struct elf32_phdr *)(ehdr + 1); + phdrs =3D (struct elf32_phdr *)(fw->data + ehdr->e_phoff); =20 for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; @@ -172,7 +172,7 @@ void *qcom_mdt_read_metadata(const struct firmware *fw,= size_t *data_len, return ERR_PTR(-EINVAL); =20 ehdr =3D (struct elf32_hdr *)fw->data; - phdrs =3D (struct elf32_phdr *)(ehdr + 1); + phdrs =3D (struct elf32_phdr *)(fw->data + ehdr->e_phoff); =20 if (ehdr->e_phnum < 2) return ERR_PTR(-EINVAL); @@ -255,7 +255,7 @@ int qcom_mdt_pas_init(struct device *dev, const struct = firmware *fw, return -EINVAL; =20 ehdr =3D (struct elf32_hdr *)fw->data; - phdrs =3D (struct elf32_phdr *)(ehdr + 1); + phdrs =3D (struct elf32_phdr *)(fw->data + ehdr->e_phoff); =20 for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; @@ -310,7 +310,7 @@ static bool qcom_mdt_bins_are_split(const struct firmwa= re *fw, const char *fw_na int i; =20 ehdr =3D (struct elf32_hdr *)fw->data; - phdrs =3D (struct elf32_phdr *)(ehdr + 1); + phdrs =3D (struct elf32_phdr *)(fw->data + ehdr->e_phoff); =20 for (i =3D 0; i < ehdr->e_phnum; i++) { /* @@ -355,7 +355,7 @@ static int __qcom_mdt_load(struct device *dev, const st= ruct firmware *fw, =20 is_split =3D qcom_mdt_bins_are_split(fw, fw_name); ehdr =3D (struct elf32_hdr *)fw->data; - phdrs =3D (struct elf32_phdr *)(ehdr + 1); + phdrs =3D (struct elf32_phdr *)(fw->data + ehdr->e_phoff); =20 for (i =3D 0; i < ehdr->e_phnum; i++) { phdr =3D &phdrs[i]; --=20 2.49.0