mbox series

[0/6] ASoC: codecs: wcd93xx/wsa88xx: Correct Soundwire ports mask

Message ID 20240726-asoc-wcd-wsa-swr-ports-genmask-v1-0-d4d7a8b56f05@linaro.org
Headers show
Series ASoC: codecs: wcd93xx/wsa88xx: Correct Soundwire ports mask | expand

Message

Krzysztof Kozlowski July 26, 2024, 2:10 p.m. UTC
Hi,

Incorrect mask of Soundwire ports - one bit too long/big - was passed.

Theoretically, too wide mask could cause an out of bounds read in
sdw_get_slave_dpn_prop() in stream.c, however only in the case of buggy
driver, e.g. adding incorrect number of ports via
sdw_stream_add_slave().

Not adding Cc-stable because I don't think the issue can lead to real
out-of-bounds read.

Best regards,
Krzysztof

---
Krzysztof Kozlowski (6):
      ASoC: codecs: wcd937x-sdw: Correct Soundwire ports mask
      ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
      ASoC: codecs: wcd939x-sdw: Correct Soundwire ports mask
      ASoC: codecs: wsa881x: Correct Soundwire ports mask
      ASoC: codecs: wsa883x: Correct Soundwire ports mask
      ASoC: codecs: wsa884x: Correct Soundwire ports mask

 sound/soc/codecs/wcd937x-sdw.c | 4 ++--
 sound/soc/codecs/wcd938x-sdw.c | 4 ++--
 sound/soc/codecs/wcd939x-sdw.c | 4 ++--
 sound/soc/codecs/wsa881x.c     | 2 +-
 sound/soc/codecs/wsa883x.c     | 2 +-
 sound/soc/codecs/wsa884x.c     | 2 +-
 6 files changed, 9 insertions(+), 9 deletions(-)
---
base-commit: 864b1099d16fc7e332c3ad7823058c65f890486c
change-id: 20240726-asoc-wcd-wsa-swr-ports-genmask-868239f9682f

Best regards,

Comments

Dmitry Baryshkov July 27, 2024, 10:55 a.m. UTC | #1
On Fri, Jul 26, 2024 at 04:10:40PM GMT, Krzysztof Kozlowski wrote:
> Hi,
> 
> Incorrect mask of Soundwire ports - one bit too long/big - was passed.
> 
> Theoretically, too wide mask could cause an out of bounds read in
> sdw_get_slave_dpn_prop() in stream.c, however only in the case of buggy
> driver, e.g. adding incorrect number of ports via
> sdw_stream_add_slave().

Well, granted that sdw_stream_add_slave() crashes on RB3, we know that
the driver is buggy.

> Not adding Cc-stable because I don't think the issue can lead to real
> out-of-bounds read.