From nobody Mon Jun 8 07:22:04 2026 Received: from mail-qk1-f181.google.com (mail-qk1-f181.google.com [209.85.222.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5E154217F33 for ; Fri, 5 Jun 2026 00:30:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780619444; cv=none; b=t2V//IVWN1qnax1SvbIYH3DUNgir+qNXHD5MXbcqOSBoDjU0yA8Jm6yMMC2/nHoytgs6MhtE7Lu1kysA8yKyRHC6dx9HIOTcpzshs2dFRoT+SG+VGJ8BitotPZhSMrKJhhsyE7Ut+ZoLqB+q5m27ynlCIWqQdmvTd5Cs6uXpGmU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780619444; c=relaxed/simple; bh=WLnt5hMn4fJaOlq+qLeEv5Bf+PnB/oXp65khjQKqBhM=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=GUZ8qLckVCLhX9VMmNq31GpSGI26kfXsTLikxW6Deux8i8P16fEsTcc5vvFXANV/ISKSyP9Zf/4Z3M7W0PtciE3XOjieKEXRpncpsISqBYMrFYtLqgBB9pgUUJP/wz9MO7TkTYLVG+exNGADLEYmJcKqaiQRG28OJ5imQzAmGkg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=trailofbits.com; spf=pass smtp.mailfrom=trailofbits.com; dkim=pass (2048-bit key) header.d=trailofbits.com header.i=@trailofbits.com header.b=AWbNN9Fg; arc=none smtp.client-ip=209.85.222.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=trailofbits.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=trailofbits.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=trailofbits.com header.i=@trailofbits.com header.b="AWbNN9Fg" Received: by mail-qk1-f181.google.com with SMTP id af79cd13be357-9157d3f2098so175852985a.3 for ; Thu, 04 Jun 2026 17:30:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trailofbits.com; s=google; t=1780619442; x=1781224242; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=IAFHbHWxgaxkcND6Q/YrRwQ1u6k3rSaArd44TkVtpEs=; b=AWbNN9Fg9SZBdSzb+WEUGGMv6e35tMk+2Vz2x2nOcyWSdEYPOfH5P8fRMuq7JDrWWk UuP6aL7+nEXJF8HSswx1i2YNxsDdxCw23Q1a1Q5LodG1kqboauU7ZX4R1akyWveZVCX5 ESeKQVo7HLIK+YP3jzJkVMh7lWvO4JRtow9rUL0JRSniSa9v3bxb1blO7v28AUtOs4j8 hkzTPoRLm6ccSno3CehsOH2xfZ74R7QnAa/Ivo3MRUQbrhFD3niTIycETAC4SguDky7m X3oyNGok1a3+qvzkcPQ4EJ9GqM9FwhJ/VqeW20SJZG0FGUpFE/IF1hvMK+BS3Th465DE u0BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780619442; x=1781224242; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=IAFHbHWxgaxkcND6Q/YrRwQ1u6k3rSaArd44TkVtpEs=; b=KB5ysk1AmkCvhlrLcEK5Mj8cQb4HyZ/6fYqQcacOk/hDXwzonMf8xfIVZGCp9lfOTv nHhdnsgDG4SEhK9s415E2sevmXnjddJWG+Nt2LgkgnxjGOrlRsQa35bF5mMQV0Uc7y9B qvdl33qAf3zDBYYi4G/lk8bljEF2MWncUrLWRwjSplxOE27GtUiK+qpoQuzaoyx6GVyH YW+UvbcR1TP/QBQLpSkAI0VuAgn7XudeDzFW9/zOvK2e0E9bdqHEESJQrwRlTXMO5Ec4 1LOdjc1KFXm3qeMu7JkaS7dhpdZIaXuPk1AGGmiIov5WDSCFjh1xvJFfQHYd5m0nHEFE tNtA== X-Forwarded-Encrypted: i=1; AFNElJ97cf4BaZObZEpApsMbOgktzXO+sgHfHi2KOfHFbzzpS6V1VsXtqZdjRPSEgLbPi9fj8XwjHyncOmraaCY=@vger.kernel.org X-Gm-Message-State: AOJu0YznPutYI3XH1RJEMkaAnsd7QZEUuYOoCljC9Lz5szEfMe2cqcRG CzUUl1fz1eM7MGrmkqEj/8KakNlfCvor3Y5ff1DCJi3U0eK4axuia8kBnN5znilXHVnxm9qR0Oj m80Vp X-Gm-Gg: Acq92OE6GplhwFTBUTzctUJ386nL7XmaGAumqwgnD0H8mTeAR/2W0UVvrMdTXPeT3MJ ySu4KVHuD9gsGBcx2QUcmi3Kb5imkfifSG+bkFzSkF7eOIe/ZZPOymDzJRTDlzsNbem8VIA/hU0 CbBzRJBOd2KKwYkbNNphCnzzWHl2uNurceoD0LXbjNxRR+dGqgxHNn5MTDjquRe+0IOx2Cg4m+K Fjo35OsZFi1e/RHfHooO0iyWu7sN3ViWrF42yF1ze8qv4pEGtu/mQ7NLbgNUyf0402gc2024MWD QyUzf8xDfKTyal0SYqhtxtTY4CH2nLZGwu3+r3nQ18LvoQKX3wkwKqOk6AaGoGvOYWc1DZhPf6y iO1kSR14s6GUYkVInQJF5hblcxK6e3XDyd+pUVKKeIGNjSLtZnNpYzY7Ed89HJ9fJBNk9JEt0pO 49JYaEhIA4z2QLGbiA/8ctBOXTB95PGMAxsJe/KiJPX13KcRf+ X-Received: by 2002:a05:620a:c54:b0:914:b65f:6abe with SMTP id af79cd13be357-915a9c29e62mr270359685a.5.1780619441961; Thu, 04 Jun 2026 17:30:41 -0700 (PDT) Received: from localhost ([161.35.96.86]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-8cecd051d61sm66290596d6.29.2026.06.04.17.30.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 04 Jun 2026 17:30:41 -0700 (PDT) From: Samuel Moelius To: Andrew Morton Cc: Samuel Moelius , linux-kernel@vger.kernel.org (open list:LIBRARY CODE) Subject: [PATCH] lib/test_firmware: allocate the configured into_buf size Date: Fri, 5 Jun 2026 00:30:37 +0000 Message-ID: <20260605003038.2005840-1-sam.moelius@trailofbits.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The batched into_buf test path allocates TEST_FIRMWARE_BUF_SIZE bytes unconditionally, but then passes test_fw_config->buf_size to request_firmware_into_buf() or request_partial_firmware_into_buf(). Userspace can set config_buf_size above TEST_FIRMWARE_BUF_SIZE before triggering a batched request. If the firmware file is large enough, the firmware loader writes past the end of the 1 KiB test buffer. Allocate the buffer with the same size that the test passes to the firmware API so config_buf_size remains the actual buffer size under test. Assisted-by: Codex:gpt-5.5-cyber-preview Signed-off-by: Samuel Moelius --- lib/test_firmware.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/test_firmware.c b/lib/test_firmware.c index b471d720879a..7459bba65444 100644 --- a/lib/test_firmware.c +++ b/lib/test_firmware.c @@ -867,7 +867,7 @@ static int test_fw_run_batch_request(void *data) if (test_fw_config->into_buf) { void *test_buf; =20 - test_buf =3D kzalloc(TEST_FIRMWARE_BUF_SIZE, GFP_KERNEL); + test_buf =3D kzalloc(test_fw_config->buf_size, GFP_KERNEL); if (!test_buf) return -ENOMEM; =20 --=20 2.43.0