[alsa-devel] [Sound-open-firmware] [PATCH v3 09/14] ASoC: SOF: Add firmware loader support

[Pierre-Louis Bossart]

On 12/12/18 5:23 AM, Takashi Iwai wrote:
> On Tue, 11 Dec 2018 22:23:13 +0100,
> Pierre-Louis Bossart wrote:
>> +/* generic module parser for mmaped DSPs */
>> +int snd_sof_parse_module_memcpy(struct snd_sof_dev *sdev,
>> +				struct snd_sof_mod_hdr *module)
>> +{
>> +	struct snd_sof_blk_hdr *block;
>> +	int count;
>> +	u32 offset;
>> +
>> +	dev_dbg(sdev->dev, "new module size 0x%x blocks 0x%x type 0x%x\n",
>> +		module->size, module->num_blocks, module->type);
>> +
>> +	block = (void *)module + sizeof(*module);
>> +
>> +	for (count = 0; count < module->num_blocks; count++) {
> Need a sanity check that it won't go beyond the actual firmware size.
> User may pass a malicious module data, e.g. with extra large
> num_blocks.
Good point, will check.
>
>> +		if (block->size == 0) {
>> +			dev_warn(sdev->dev,
>> +				 "warning: block %d size zero\n", count);
>> +			dev_warn(sdev->dev, " type 0x%x offset 0x%x\n",
>> +				 block->type, block->offset);
>> +			continue;
>> +		}
>> +
>> +		switch (block->type) {
>> +		case SOF_BLK_IMAGE:
>> +		case SOF_BLK_CACHE:
>> +		case SOF_BLK_REGS:
>> +		case SOF_BLK_SIG:
>> +		case SOF_BLK_ROM:
>> +			continue;	/* not handled atm */
>> +		case SOF_BLK_TEXT:
>> +		case SOF_BLK_DATA:
>> +			offset = block->offset;
>> +			break;
>> +		default:
>> +			dev_err(sdev->dev, "error: bad type 0x%x for block 0x%x\n",
>> +				block->type, count);
>> +			return -EINVAL;
>> +		}
>> +
>> +		dev_dbg(sdev->dev,
>> +			"block %d type 0x%x size 0x%x ==>  offset 0x%x\n",
>> +			count, block->type, block->size, offset);
>> +
>> +		snd_sof_dsp_block_write(sdev, offset,
>> +					(void *)block + sizeof(*block),
>> +					block->size);
>> +
>> +		/* next block */
>> +		block = (void *)block + sizeof(*block) + block->size;
> This may lead to an unaligned access.
> Also how is the endianess guaranteed?
Will check, valid points.