This is a note to let you know that I've just added the patch titled
iwlwifi: pnvm: read EFI data only if long enough
to the 5.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
iwlwifi-pnvm-read-efi-data-only-if-long-enough.patch
and it can be found in the queue-5.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 52e7a05bcccfa44787877a9c8fbedfbd2acf6ee3
Author: Johannes Berg <johannes.berg@xxxxxxxxx>
Date: Sat Oct 16 11:43:58 2021 +0300
iwlwifi: pnvm: read EFI data only if long enough
[ Upstream commit e864a77f51d0d8113b49cf7d030bc9dc911c8176 ]
If the data we get from EFI is not even long enough for
the package struct we expect then ignore it entirely.
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Fixes: a1a6a4cf49ec ("iwlwifi: pnvm: implement reading PNVM from UEFI")
Signed-off-by: Luca Coelho <luciano.coelho@xxxxxxxxx>
Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/iwlwifi.20211016114029.33feba783518.I54a5cf33975d0330792b3d208b225d479e168f32@changeid
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c b/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c
index 512c512eefc71..24de6e5eb6a4c 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c
@@ -284,9 +284,13 @@ int iwl_pnvm_load(struct iwl_trans *trans,
/* First attempt to get the PNVM from BIOS */
package = iwl_uefi_get_pnvm(trans, &len);
if (!IS_ERR_OR_NULL(package)) {
- /* we need only the data */
- len -= sizeof(*package);
- data = kmemdup(package->data, len, GFP_KERNEL);
+ if (len >= sizeof(*package)) {
+ /* we need only the data */
+ len -= sizeof(*package);
+ data = kmemdup(package->data, len, GFP_KERNEL);
+ } else {
+ data = NULL;
+ }
/* free package regardless of whether kmemdup succeeded */
kfree(package);
