[PATCH] ALSA: hda: ignore invalid NHLT table
On some Lenovo systems if the microphone is disabled in the BIOS only the NHLT table header is created, with no data. This means the endpoints field is not correctly set to zero - leading to an unintialised variable and hence invalid descriptors are parsed leading to page faults.
The Lenovo firmware team is addressing this, but adding a check preventing invalid tables being parsed is worthwhile.
Tested on a Lenovo T14.
Tested-by: Philipp Leskovitz philipp.leskovitz@secunet.com Reported-by: Philipp Leskovitz philipp.leskovitz@secunet.com Signed-off-by: Mark Pearson markpearson@lenovo.com --- sound/hda/intel-nhlt.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/sound/hda/intel-nhlt.c b/sound/hda/intel-nhlt.c index 059aaf04f..0889f2cc5 100644 --- a/sound/hda/intel-nhlt.c +++ b/sound/hda/intel-nhlt.c @@ -37,6 +37,11 @@ int intel_nhlt_get_dmic_geo(struct device *dev, struct nhlt_acpi_table *nhlt) if (!nhlt) return 0;
+ if (nhlt->header.length <= sizeof(struct acpi_table_header)) { + dev_warn(dev, "Invalid DMIC description table\n"); + return 0; + } + epnt = (struct nhlt_endpoint *)nhlt->desc;
for (j = 0; j < nhlt->endpoint_count; j++) {
Adding Mark, Takashi, Jaroslav and Cezary in Cc:
On 3/2/21 8:10 AM, Mark Pearson wrote:
On some Lenovo systems if the microphone is disabled in the BIOS only the NHLT table header is created, with no data. This means the endpoints field is not correctly set to zero - leading to an unintialised variable and hence invalid descriptors are parsed leading to page faults.
The Lenovo firmware team is addressing this, but adding a check preventing invalid tables being parsed is worthwhile.
Tested on a Lenovo T14.
Tested-by: Philipp Leskovitz philipp.leskovitz@secunet.com Reported-by: Philipp Leskovitz philipp.leskovitz@secunet.com Signed-off-by: Mark Pearson markpearson@lenovo.com
The change looks good to me
Reviewed-by: Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com
Out of curiosity, does this impact Kabylake or CometLake+ systems?
Thanks!
sound/hda/intel-nhlt.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/sound/hda/intel-nhlt.c b/sound/hda/intel-nhlt.c index 059aaf04f..0889f2cc5 100644 --- a/sound/hda/intel-nhlt.c +++ b/sound/hda/intel-nhlt.c @@ -37,6 +37,11 @@ int intel_nhlt_get_dmic_geo(struct device *dev, struct nhlt_acpi_table *nhlt) if (!nhlt) return 0;
if (nhlt->header.length <= sizeof(struct acpi_table_header)) {
dev_warn(dev, "Invalid DMIC description table\n");return 0;}
epnt = (struct nhlt_endpoint *)nhlt->desc;
for (j = 0; j < nhlt->endpoint_count; j++) {
Hi Pierre-Louis,
On 02/03/2021 09:46, Pierre-Louis Bossart wrote:
Adding Mark, Takashi, Jaroslav and Cezary in Cc:
Thanks - I wasn't sure who needed to be on this :)
On 3/2/21 8:10 AM, Mark Pearson wrote:
On some Lenovo systems if the microphone is disabled in the BIOS only the NHLT table header is created, with no data. This means the endpoints field is not correctly set to zero - leading to an unintialised variable and hence invalid descriptors are parsed leading to page faults.
The Lenovo firmware team is addressing this, but adding a check preventing invalid tables being parsed is worthwhile.
Tested on a Lenovo T14.
Tested-by: Philipp Leskovitz philipp.leskovitz@secunet.com Reported-by: Philipp Leskovitz philipp.leskovitz@secunet.com Signed-off-by: Mark Pearson markpearson@lenovo.com
The change looks good to me
Reviewed-by: Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com
Out of curiosity, does this impact Kabylake or CometLake+ systems?
We've seen it on some of our CometLake systems so far. T14 & T15 are confirmed, but it will take a while to cycle through all the platforms. We're unlikely to catch any non-Linux certified systems that folk still put Linux on - I'd like to have this available for them too.
Thanks!
sound/hda/intel-nhlt.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/sound/hda/intel-nhlt.c b/sound/hda/intel-nhlt.c index 059aaf04f..0889f2cc5 100644 --- a/sound/hda/intel-nhlt.c +++ b/sound/hda/intel-nhlt.c @@ -37,6 +37,11 @@ int intel_nhlt_get_dmic_geo(struct device *dev, struct nhlt_acpi_table *nhlt) if (!nhlt) return 0; + if (nhlt->header.length <= sizeof(struct acpi_table_header)) { + dev_warn(dev, "Invalid DMIC description table\n"); + return 0; + }
epnt = (struct nhlt_endpoint *)nhlt->desc; for (j = 0; j < nhlt->endpoint_count; j++) {
On Tue, 02 Mar 2021 16:57:43 +0100, Mark Pearson wrote:
Hi Pierre-Louis,
On 02/03/2021 09:46, Pierre-Louis Bossart wrote:
Adding Mark, Takashi, Jaroslav and Cezary in Cc:
Thanks - I wasn't sure who needed to be on this :)
Thanks, applied now.
Unfortunately the patch conflicted slightly with the recent change by Pierre, so I corrected in my side. Please check it later.
Takashi
On 04/03/2021 03:27, Takashi Iwai wrote:
On Tue, 02 Mar 2021 16:57:43 +0100, Mark Pearson wrote:
Hi Pierre-Louis,
On 02/03/2021 09:46, Pierre-Louis Bossart wrote:
Adding Mark, Takashi, Jaroslav and Cezary in Cc:
Thanks - I wasn't sure who needed to be on this :)
Thanks, applied now.
Unfortunately the patch conflicted slightly with the recent change by Pierre, so I corrected in my side. Please check it later.
Will do.
Thanks! Mark
participants (3)
-
Mark Pearson -
Pierre-Louis Bossart -
Takashi Iwai