Re: [Sound-open-firmware] [PATCH] ASoC: SOF: Intel: Check the bar size before remapping
On 4/9/22 09:39, Zheyu Ma wrote:
The driver should use the pci_resource_len() to get the actual length of pci bar, and compare it with the expect value. If the bar size is too small (such as a broken device), the driver should return an error.
Signed-off-by: Zheyu Ma zheyuma97@gmail.com
sound/soc/sof/intel/pci-tng.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/intel/pci-tng.c b/sound/soc/sof/intel/pci-tng.c index 6efef225973f..7d502cc3ca80 100644 --- a/sound/soc/sof/intel/pci-tng.c +++ b/sound/soc/sof/intel/pci-tng.c @@ -75,7 +75,11 @@ static int tangier_pci_probe(struct snd_sof_dev *sdev)
/* LPE base */ base = pci_resource_start(pci, desc->resindex_lpe_base) - IRAM_OFFSET;
- size = PCI_BAR_SIZE;
- size = pci_resource_len(pci, desc->resindex_lpe_base);
- if (size < PCI_BAR_SIZE) {
dev_err(sdev->dev, "error: I/O region is too small.\n");return -ENODEV;- }
May I ask how you found this issue?
I am not clear on why there's a patch dedicated for a single device, but the same pattern in hda.c and in the HDaudio legacy driver exists.
dev_dbg(sdev->dev, "LPE PHY base at 0x%x size 0x%x", base, size); sdev->bar[DSP_BAR] = devm_ioremap(sdev->dev, base, size);
On Tue, Apr 12, 2022 at 12:23 AM Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com wrote:
On 4/9/22 09:39, Zheyu Ma wrote:
The driver should use the pci_resource_len() to get the actual length of pci bar, and compare it with the expect value. If the bar size is too small (such as a broken device), the driver should return an error.
Signed-off-by: Zheyu Ma zheyuma97@gmail.com
sound/soc/sof/intel/pci-tng.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/intel/pci-tng.c b/sound/soc/sof/intel/pci-tng.c index 6efef225973f..7d502cc3ca80 100644 --- a/sound/soc/sof/intel/pci-tng.c +++ b/sound/soc/sof/intel/pci-tng.c @@ -75,7 +75,11 @@ static int tangier_pci_probe(struct snd_sof_dev *sdev)
/* LPE base */ base = pci_resource_start(pci, desc->resindex_lpe_base) - IRAM_OFFSET;
size = PCI_BAR_SIZE;
size = pci_resource_len(pci, desc->resindex_lpe_base);if (size < PCI_BAR_SIZE) {dev_err(sdev->dev, "error: I/O region is too small.\n");return -ENODEV;}May I ask how you found this issue?
Actually, I tested this driver via fuzzing in a simulated environment and got a crash. Hence, I try to propose a patch and ask for the help of maintainers to determine whether this is an issue.
Thanks, Zheyu Ma
participants (2)
-
Pierre-Louis Bossart -
Zheyu Ma