1. Patchew
  2. linux
  3. View series

[PATCH] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()

Dan Carpenter posted 1 patch 3 months, 2 weeks ago 
drivers/soc/qcom/mdt_loader.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
Posted by Dan Carpenter 3 months, 2 weeks ago 
This function is supposed to return true for valid headers and false for
invalid.  In a couple places it returns -EINVAL instead which means the
invalid headers are counted as true.  Change it to return false.

Fixes: 9f9967fed9d0 ("soc: qcom: mdt_loader: Ensure we don't read past the ELF header")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 drivers/soc/qcom/mdt_loader.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c
index 1b4ebae458f3..0ca268bdf1f8 100644
--- a/drivers/soc/qcom/mdt_loader.c
+++ b/drivers/soc/qcom/mdt_loader.c
@@ -33,14 +33,14 @@ static bool mdt_header_valid(const struct firmware *fw)
 		return false;
 
 	if (ehdr->e_phentsize != sizeof(struct elf32_phdr))
-		return -EINVAL;
+		return false;
 
 	phend = size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), ehdr->e_phoff);
 	if (phend > fw->size)
 		return false;
 
 	if (ehdr->e_shentsize != sizeof(struct elf32_shdr))
-		return -EINVAL;
+		return false;
 
 	shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff);
 	if (shend > fw->size)
-- 
2.47.2
Re: [PATCH] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
Posted by neil.armstrong@linaro.org 2 months, 2 weeks ago 
Hi,

On 25/06/2025 17:22, Dan Carpenter wrote:
> This function is supposed to return true for valid headers and false for
> invalid.  In a couple places it returns -EINVAL instead which means the
> invalid headers are counted as true.  Change it to return false.
> 
> Fixes: 9f9967fed9d0 ("soc: qcom: mdt_loader: Ensure we don't read past the ELF header")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
>   drivers/soc/qcom/mdt_loader.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c
> index 1b4ebae458f3..0ca268bdf1f8 100644
> --- a/drivers/soc/qcom/mdt_loader.c
> +++ b/drivers/soc/qcom/mdt_loader.c
> @@ -33,14 +33,14 @@ static bool mdt_header_valid(const struct firmware *fw)
>   		return false;
>   
>   	if (ehdr->e_phentsize != sizeof(struct elf32_phdr))
> -		return -EINVAL;
> +		return false;
>   
>   	phend = size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), ehdr->e_phoff);
>   	if (phend > fw->size)
>   		return false;
>   
>   	if (ehdr->e_shentsize != sizeof(struct elf32_shdr))
> -		return -EINVAL;
> +		return false;
>   
>   	shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff);
>   	if (shend > fw->size)

This patch on linux-next breaks loading DSP firmwares on at least SM8550, SM8650, X1E8:

[    7.572665] remoteproc remoteproc1: Booting fw image qcom/sm8550/adsp.mbn, size 28342616
[    7.615176] remoteproc remoteproc1: Failed to load program segments: -22

CI runs:
https://git.codelinaro.org/linaro/qcomlt/ci/staging/cdba-tester/-/jobs/248846#L1323
https://git.codelinaro.org/linaro/qcomlt/ci/staging/cdba-tester/-/jobs/248850#L2037

Bisect log:
# bad: [a933d3dc1968fcfb0ab72879ec304b1971ed1b9a] Add linux-next specific files for 20250723
# good: [89be9a83ccf1f88522317ce02f854f30d6115c41] Linux 6.16-rc7
git bisect start 'a933d3dc1968fcfb0ab72879ec304b1971ed1b9a' 'v6.16-rc7'
# bad: [a56f8f8967ad980d45049973561b89dcd9e37e5d] Merge branch 'main' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git
git bisect bad a56f8f8967ad980d45049973561b89dcd9e37e5d
# bad: [f6a8dede4030970707e9bae5b3ae76f60df4b75a] Merge branch 'fs-next' of linux-next
git bisect bad f6a8dede4030970707e9bae5b3ae76f60df4b75a
# bad: [b863560c5a26fbcf164f5759c98bb5e72e26848d] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc.git
git bisect bad b863560c5a26fbcf164f5759c98bb5e72e26848d
# good: [6fe8797df6f2e3a7e3c736d5bd4862915a06a690] Merge branch 'for-next/core' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
git bisect good 6fe8797df6f2e3a7e3c736d5bd4862915a06a690
# good: [c522d00e1b4b00c5224c2acb9c2738bcc9c04ff5] Merge tag 'ti-k3-dt-for-v6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/ti/linux into soc/dt
git bisect good c522d00e1b4b00c5224c2acb9c2738bcc9c04ff5
# good: [6a323f22a8b925f3646c884e2f9c733c79393f1d] Merge branch 'soc/drivers' into for-next
git bisect good 6a323f22a8b925f3646c884e2f9c733c79393f1d
# good: [5d8b3562faac8030b5c26efc1cd739a41c4db722] Merge branch 'soc/dt' into for-next
git bisect good 5d8b3562faac8030b5c26efc1cd739a41c4db722
# bad: [b79c0d780e519d760c2529f0bf849111b9270192] Merge tag 'apple-soc-drivers-6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/sven/linux into soc/drivers
git bisect bad b79c0d780e519d760c2529f0bf849111b9270192
# good: [9841d92754d0f3846977a39844c3395ee2463381] Merge tag 'memory-controller-drv-6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-mem-ctrl into soc/drivers
git bisect good 9841d92754d0f3846977a39844c3395ee2463381
# good: [64a026dd896e423a177fe87e11aa69bf5348c27b] soc: qcom: socinfo: Add support to retrieve TME build details
git bisect good 64a026dd896e423a177fe87e11aa69bf5348c27b
# good: [9cea10a4f5a39fde32bf7b8addfa5f9175174e0e] dt-bindings: sram: qcom,imem: Add a number of missing compatibles
git bisect good 9cea10a4f5a39fde32bf7b8addfa5f9175174e0e
# good: [0445eee835d6e59d635e242ba1d9273f168035fa] soc: apple: rtkit: Make shmem_destroy optional
git bisect good 0445eee835d6e59d635e242ba1d9273f168035fa
# bad: [5b8141596b06fba7313cdfbd5f589649d7fde662] Merge tag 'qcom-drivers-for-6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into soc/drivers
git bisect bad 5b8141596b06fba7313cdfbd5f589649d7fde662
# bad: [9f35ab0e53ccbea57bb9cbad8065e0406d516195] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
git bisect bad 9f35ab0e53ccbea57bb9cbad8065e0406d516195
# first bad commit: [9f35ab0e53ccbea57bb9cbad8065e0406d516195] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()

Neil
Re: [PATCH] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
Posted by Neil Armstrong 2 months, 2 weeks ago 
On 23/07/2025 16:46, neil.armstrong@linaro.org wrote:
> Hi,
> 
> On 25/06/2025 17:22, Dan Carpenter wrote:
>> This function is supposed to return true for valid headers and false for
>> invalid.  In a couple places it returns -EINVAL instead which means the
>> invalid headers are counted as true.  Change it to return false.
>>
>> Fixes: 9f9967fed9d0 ("soc: qcom: mdt_loader: Ensure we don't read past the ELF header")
>> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
>> ---
>>   drivers/soc/qcom/mdt_loader.c | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c
>> index 1b4ebae458f3..0ca268bdf1f8 100644
>> --- a/drivers/soc/qcom/mdt_loader.c
>> +++ b/drivers/soc/qcom/mdt_loader.c
>> @@ -33,14 +33,14 @@ static bool mdt_header_valid(const struct firmware *fw)
>>           return false;
>>       if (ehdr->e_phentsize != sizeof(struct elf32_phdr))
>> -        return -EINVAL;
>> +        return false;
>>       phend = size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), ehdr->e_phoff);
>>       if (phend > fw->size)
>>           return false;
>>       if (ehdr->e_shentsize != sizeof(struct elf32_shdr))
>> -        return -EINVAL;
>> +        return false;
>>       shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff);
>>       if (shend > fw->size)
> 
> This patch on linux-next breaks loading DSP firmwares on at least SM8550, SM8650, X1E8:
> 
> [    7.572665] remoteproc remoteproc1: Booting fw image qcom/sm8550/adsp.mbn, size 28342616
> [    7.615176] remoteproc remoteproc1: Failed to load program segments: -22

It also breaks GMU loading on the same platforms:
[    7.418330] msm_dpu ae01000.display-controller: [drm:adreno_load_gpu [msm]] *ERROR* gpu hw init failed: -22

Neil

> 
> CI runs:
> https://git.codelinaro.org/linaro/qcomlt/ci/staging/cdba-tester/-/jobs/248846#L1323
> https://git.codelinaro.org/linaro/qcomlt/ci/staging/cdba-tester/-/jobs/248850#L2037
> 
> Bisect log:
> # bad: [a933d3dc1968fcfb0ab72879ec304b1971ed1b9a] Add linux-next specific files for 20250723
> # good: [89be9a83ccf1f88522317ce02f854f30d6115c41] Linux 6.16-rc7
> git bisect start 'a933d3dc1968fcfb0ab72879ec304b1971ed1b9a' 'v6.16-rc7'
> # bad: [a56f8f8967ad980d45049973561b89dcd9e37e5d] Merge branch 'main' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git
> git bisect bad a56f8f8967ad980d45049973561b89dcd9e37e5d
> # bad: [f6a8dede4030970707e9bae5b3ae76f60df4b75a] Merge branch 'fs-next' of linux-next
> git bisect bad f6a8dede4030970707e9bae5b3ae76f60df4b75a
> # bad: [b863560c5a26fbcf164f5759c98bb5e72e26848d] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc.git
> git bisect bad b863560c5a26fbcf164f5759c98bb5e72e26848d
> # good: [6fe8797df6f2e3a7e3c736d5bd4862915a06a690] Merge branch 'for-next/core' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
> git bisect good 6fe8797df6f2e3a7e3c736d5bd4862915a06a690
> # good: [c522d00e1b4b00c5224c2acb9c2738bcc9c04ff5] Merge tag 'ti-k3-dt-for-v6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/ti/linux into soc/dt
> git bisect good c522d00e1b4b00c5224c2acb9c2738bcc9c04ff5
> # good: [6a323f22a8b925f3646c884e2f9c733c79393f1d] Merge branch 'soc/drivers' into for-next
> git bisect good 6a323f22a8b925f3646c884e2f9c733c79393f1d
> # good: [5d8b3562faac8030b5c26efc1cd739a41c4db722] Merge branch 'soc/dt' into for-next
> git bisect good 5d8b3562faac8030b5c26efc1cd739a41c4db722
> # bad: [b79c0d780e519d760c2529f0bf849111b9270192] Merge tag 'apple-soc-drivers-6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/sven/linux into soc/drivers
> git bisect bad b79c0d780e519d760c2529f0bf849111b9270192
> # good: [9841d92754d0f3846977a39844c3395ee2463381] Merge tag 'memory-controller-drv-6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-mem-ctrl into soc/drivers
> git bisect good 9841d92754d0f3846977a39844c3395ee2463381
> # good: [64a026dd896e423a177fe87e11aa69bf5348c27b] soc: qcom: socinfo: Add support to retrieve TME build details
> git bisect good 64a026dd896e423a177fe87e11aa69bf5348c27b
> # good: [9cea10a4f5a39fde32bf7b8addfa5f9175174e0e] dt-bindings: sram: qcom,imem: Add a number of missing compatibles
> git bisect good 9cea10a4f5a39fde32bf7b8addfa5f9175174e0e
> # good: [0445eee835d6e59d635e242ba1d9273f168035fa] soc: apple: rtkit: Make shmem_destroy optional
> git bisect good 0445eee835d6e59d635e242ba1d9273f168035fa
> # bad: [5b8141596b06fba7313cdfbd5f589649d7fde662] Merge tag 'qcom-drivers-for-6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into soc/drivers
> git bisect bad 5b8141596b06fba7313cdfbd5f589649d7fde662
> # bad: [9f35ab0e53ccbea57bb9cbad8065e0406d516195] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
> git bisect bad 9f35ab0e53ccbea57bb9cbad8065e0406d516195
> # first bad commit: [9f35ab0e53ccbea57bb9cbad8065e0406d516195] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
> 
> Neil
Re: [PATCH] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
Posted by Akhil P Oommen 2 months, 2 weeks ago 
On 7/23/2025 9:16 PM, Neil Armstrong wrote:
> On 23/07/2025 16:46, neil.armstrong@linaro.org wrote:
>> Hi,
>>
>> On 25/06/2025 17:22, Dan Carpenter wrote:
>>> This function is supposed to return true for valid headers and false for
>>> invalid.  In a couple places it returns -EINVAL instead which means the
>>> invalid headers are counted as true.  Change it to return false.
>>>
>>> Fixes: 9f9967fed9d0 ("soc: qcom: mdt_loader: Ensure we don't read
>>> past the ELF header")
>>> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
>>> ---
>>>   drivers/soc/qcom/mdt_loader.c | 4 ++--
>>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/
>>> mdt_loader.c
>>> index 1b4ebae458f3..0ca268bdf1f8 100644
>>> --- a/drivers/soc/qcom/mdt_loader.c
>>> +++ b/drivers/soc/qcom/mdt_loader.c
>>> @@ -33,14 +33,14 @@ static bool mdt_header_valid(const struct
>>> firmware *fw)
>>>           return false;
>>>       if (ehdr->e_phentsize != sizeof(struct elf32_phdr))
>>> -        return -EINVAL;
>>> +        return false;
>>>       phend = size_add(size_mul(sizeof(struct elf32_phdr), ehdr-
>>> >e_phnum), ehdr->e_phoff);
>>>       if (phend > fw->size)
>>>           return false;
>>>       if (ehdr->e_shentsize != sizeof(struct elf32_shdr))
>>> -        return -EINVAL;
>>> +        return false;
>>>       shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr-
>>> >e_shnum), ehdr->e_shoff);
>>>       if (shend > fw->size)
>>
>> This patch on linux-next breaks loading DSP firmwares on at least
>> SM8550, SM8650, X1E8:
>>
>> [    7.572665] remoteproc remoteproc1: Booting fw image qcom/sm8550/
>> adsp.mbn, size 28342616
>> [    7.615176] remoteproc remoteproc1: Failed to load program
>> segments: -22
> 
> It also breaks GMU loading on the same platforms:

we don't use mdt_loader for GMU fw. This must be due to the zap fw
loading has some issues with this change.

-Akhil

> [    7.418330] msm_dpu ae01000.display-controller: [drm:adreno_load_gpu
> [msm]] *ERROR* gpu hw init failed: -22
> 
> Neil
> 
>>
>> CI runs:
>> https://git.codelinaro.org/linaro/qcomlt/ci/staging/cdba-tester/-/
>> jobs/248846#L1323
>> https://git.codelinaro.org/linaro/qcomlt/ci/staging/cdba-tester/-/
>> jobs/248850#L2037
>>
>> Bisect log:
>> # bad: [a933d3dc1968fcfb0ab72879ec304b1971ed1b9a] Add linux-next
>> specific files for 20250723
>> # good: [89be9a83ccf1f88522317ce02f854f30d6115c41] Linux 6.16-rc7
>> git bisect start 'a933d3dc1968fcfb0ab72879ec304b1971ed1b9a' 'v6.16-rc7'
>> # bad: [a56f8f8967ad980d45049973561b89dcd9e37e5d] Merge branch 'main'
>> of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git
>> git bisect bad a56f8f8967ad980d45049973561b89dcd9e37e5d
>> # bad: [f6a8dede4030970707e9bae5b3ae76f60df4b75a] Merge branch 'fs-
>> next' of linux-next
>> git bisect bad f6a8dede4030970707e9bae5b3ae76f60df4b75a
>> # bad: [b863560c5a26fbcf164f5759c98bb5e72e26848d] Merge branch 'for-
>> next' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc.git
>> git bisect bad b863560c5a26fbcf164f5759c98bb5e72e26848d
>> # good: [6fe8797df6f2e3a7e3c736d5bd4862915a06a690] Merge branch 'for-
>> next/core' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
>> git bisect good 6fe8797df6f2e3a7e3c736d5bd4862915a06a690
>> # good: [c522d00e1b4b00c5224c2acb9c2738bcc9c04ff5] Merge tag 'ti-k3-
>> dt-for-v6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/ti/
>> linux into soc/dt
>> git bisect good c522d00e1b4b00c5224c2acb9c2738bcc9c04ff5
>> # good: [6a323f22a8b925f3646c884e2f9c733c79393f1d] Merge branch 'soc/
>> drivers' into for-next
>> git bisect good 6a323f22a8b925f3646c884e2f9c733c79393f1d
>> # good: [5d8b3562faac8030b5c26efc1cd739a41c4db722] Merge branch 'soc/
>> dt' into for-next
>> git bisect good 5d8b3562faac8030b5c26efc1cd739a41c4db722
>> # bad: [b79c0d780e519d760c2529f0bf849111b9270192] Merge tag 'apple-
>> soc-drivers-6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/
>> sven/linux into soc/drivers
>> git bisect bad b79c0d780e519d760c2529f0bf849111b9270192
>> # good: [9841d92754d0f3846977a39844c3395ee2463381] Merge tag 'memory-
>> controller-drv-6.17' of https://git.kernel.org/pub/scm/linux/kernel/
>> git/krzk/linux-mem-ctrl into soc/drivers
>> git bisect good 9841d92754d0f3846977a39844c3395ee2463381
>> # good: [64a026dd896e423a177fe87e11aa69bf5348c27b] soc: qcom: socinfo:
>> Add support to retrieve TME build details
>> git bisect good 64a026dd896e423a177fe87e11aa69bf5348c27b
>> # good: [9cea10a4f5a39fde32bf7b8addfa5f9175174e0e] dt-bindings: sram:
>> qcom,imem: Add a number of missing compatibles
>> git bisect good 9cea10a4f5a39fde32bf7b8addfa5f9175174e0e
>> # good: [0445eee835d6e59d635e242ba1d9273f168035fa] soc: apple: rtkit:
>> Make shmem_destroy optional
>> git bisect good 0445eee835d6e59d635e242ba1d9273f168035fa
>> # bad: [5b8141596b06fba7313cdfbd5f589649d7fde662] Merge tag 'qcom-
>> drivers-for-6.17' of https://git.kernel.org/pub/scm/linux/kernel/git/
>> qcom/linux into soc/drivers
>> git bisect bad 5b8141596b06fba7313cdfbd5f589649d7fde662
>> # bad: [9f35ab0e53ccbea57bb9cbad8065e0406d516195] soc: qcom:
>> mdt_loader: Fix error return values in mdt_header_valid()
>> git bisect bad 9f35ab0e53ccbea57bb9cbad8065e0406d516195
>> # first bad commit: [9f35ab0e53ccbea57bb9cbad8065e0406d516195] soc:
>> qcom: mdt_loader: Fix error return values in mdt_header_valid()
>>
>> Neil
> 
>
Re: [PATCH] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
Posted by Val Packett 2 months, 2 weeks ago 
Hi,

On 6/25/25 12:22 PM, Dan Carpenter wrote:
> This function is supposed to return true for valid headers and false for
> invalid.  In a couple places it returns -EINVAL instead which means the
> invalid headers are counted as true.  Change it to return false.
[..]
>   	if (ehdr->e_shentsize != sizeof(struct elf32_shdr))
> -		return -EINVAL;
> +		return false;
>   
>   	shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff);
>   	if (shend > fw->size)

this has broken all firmware loading on my x1e laptop (Dell Latitude 7455).

Apparently e_shentsize is always 0 in Qualcomm firmware files.

Confirmed externally with readelf:

% readelf --all 
/lib/firmware/qcom/x1e80100/dell/latitude-7455/qcadsp8380.mbn
[..]
   Start of program headers:          52 (bytes into file)
   Start of section headers:          0 (bytes into file)
   Flags:                             0x73
   Size of this header:               52 (bytes)
   Size of program headers:           32 (bytes)
   Number of program headers:         58
   Size of section headers:           0 (bytes)
   Number of section headers:         0
   Section header string table index: 0

There are no sections in this file.

There are no section groups in this file.


(Not just with my files, also readelf'd the Lenovo ones committed to 
linux-firmware, same deal.)

Thanks,
~val
Re: [PATCH] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
Posted by Dan Carpenter 2 months ago 
On Mon, Jul 21, 2025 at 08:35:22PM -0300, Val Packett wrote:
> Hi,
> 
> On 6/25/25 12:22 PM, Dan Carpenter wrote:
> > This function is supposed to return true for valid headers and false for
> > invalid.  In a couple places it returns -EINVAL instead which means the
> > invalid headers are counted as true.  Change it to return false.
> [..]
> >   	if (ehdr->e_shentsize != sizeof(struct elf32_shdr))
> > -		return -EINVAL;
> > +		return false;
> >   	shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff);
> >   	if (shend > fw->size)
> 
> this has broken all firmware loading on my x1e laptop (Dell Latitude 7455).
> 
> Apparently e_shentsize is always 0 in Qualcomm firmware files.
> 
> Confirmed externally with readelf:
> 
> % readelf --all
> /lib/firmware/qcom/x1e80100/dell/latitude-7455/qcadsp8380.mbn
> [..]
>   Start of program headers:          52 (bytes into file)
>   Start of section headers:          0 (bytes into file)
>   Flags:                             0x73
>   Size of this header:               52 (bytes)
>   Size of program headers:           32 (bytes)
>   Number of program headers:         58
>   Size of section headers:           0 (bytes)
>   Number of section headers:         0
>   Section header string table index: 0
> 
> There are no sections in this file.
> 
> There are no section groups in this file.
> 
> 
> (Not just with my files, also readelf'd the Lenovo ones committed to
> linux-firmware, same deal.)

Thanks Val,

What a great bug report!  Could you please try the patch I just sent.

Neil, I forgot to CC you.  Sorry!
https://lore.kernel.org/all/5d392867c81da4b667f61430d3aa7065f61b7096.1754385120.git.dan.carpenter@linaro.org/

regards,
dan carpenter
Re: [PATCH] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
Posted by Konrad Dybcio 3 months, 2 weeks ago 
On 6/25/25 5:22 PM, Dan Carpenter wrote:
> This function is supposed to return true for valid headers and false for
> invalid.  In a couple places it returns -EINVAL instead which means the
> invalid headers are counted as true.  Change it to return false.
> 
> Fixes: 9f9967fed9d0 ("soc: qcom: mdt_loader: Ensure we don't read past the ELF header")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---

Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>

Konrad

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.