Patch "ALSA: hda: ignore invalid NHLT table" has been added to the 5.11-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Thu, 25 Mar 2021 16:17:07 -0400

This is a note to let you know that I've just added the patch titled

    ALSA: hda: ignore invalid NHLT table

to the 5.11-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     alsa-hda-ignore-invalid-nhlt-table.patch
and it can be found in the queue-5.11 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 60f4e6696a1294b339b9f8ea86b77109e6ea0d79
Author: Mark Pearson <markpearson@xxxxxxxxxx>
Date:   Tue Mar 2 09:10:03 2021 -0500

    ALSA: hda: ignore invalid NHLT table
    
    [ Upstream commit a14a6219996ee6f6e858d83b11affc7907633687 ]
    
    On some Lenovo systems if the microphone is disabled in the BIOS
    only the NHLT table header is created, with no data. This means
    the endpoints field is not correctly set to zero - leading to an
    unintialised variable and hence invalid descriptors are parsed
    leading to page faults.
    
    The Lenovo firmware team is addressing this, but adding a check
    preventing invalid tables being parsed is worthwhile.
    
    Tested on a Lenovo T14.
    
    Tested-by: Philipp Leskovitz <philipp.leskovitz@xxxxxxxxxxx>
    Reported-by: Philipp Leskovitz <philipp.leskovitz@xxxxxxxxxxx>
    Signed-off-by: Mark Pearson <markpearson@xxxxxxxxxx>
    Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@xxxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20210302141003.7342-1-markpearson@xxxxxxxxxx
    Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/sound/hda/intel-nhlt.c b/sound/hda/intel-nhlt.c
index d053beccfaec..e2237239d922 100644
--- a/sound/hda/intel-nhlt.c
+++ b/sound/hda/intel-nhlt.c
@@ -39,6 +39,11 @@ int intel_nhlt_get_dmic_geo(struct device *dev, struct nhlt_acpi_table *nhlt)
 	if (!nhlt)
 		return 0;
 
+	if (nhlt->header.length <= sizeof(struct acpi_table_header)) {
+		dev_warn(dev, "Invalid DMIC description table\n");
+		return 0;
+	}
+
 	for (j = 0, epnt = nhlt->desc; j < nhlt->endpoint_count; j++,
 	     epnt = (struct nhlt_endpoint *)((u8 *)epnt + epnt->length)) {
 






