Patch "platform/x86/intel/ifs: Validate image size" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Tue, 20 Aug 2024 08:01:20 -0400

This is a note to let you know that I've just added the patch titled

    platform/x86/intel/ifs: Validate image size

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     platform-x86-intel-ifs-validate-image-size.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 16a87a359d58b5a898e493a11d831a488e1a65ee
Author: Jithu Joseph <jithu.joseph@xxxxxxxxx>
Date:   Thu Oct 5 12:51:33 2023 -0700

    platform/x86/intel/ifs: Validate image size
    
    [ Upstream commit 25a76dbb36dd58ad4df7f6a4dc43061a10b0d817 ]
    
    Perform additional validation prior to loading IFS image.
    
    Error out if the size of the file being loaded doesn't match the size
    specified in the header.
    
    Signed-off-by: Jithu Joseph <jithu.joseph@xxxxxxxxx>
    Reviewed-by: Tony Luck <tony.luck@xxxxxxxxx>
    Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx>
    Tested-by: Pengfei Xu <pengfei.xu@xxxxxxxxx>
    Link: https://lore.kernel.org/r/20231005195137.3117166-6-jithu.joseph@xxxxxxxxx
    Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
index cefd0d886cfd4..ae52de138a6ea 100644
--- a/drivers/platform/x86/intel/ifs/load.c
+++ b/drivers/platform/x86/intel/ifs/load.c
@@ -260,6 +260,7 @@ int ifs_load_firmware(struct device *dev)
 {
 	const struct ifs_test_caps *test = ifs_get_test_caps(dev);
 	struct ifs_data *ifsd = ifs_get_data(dev);
+	unsigned int expected_size;
 	const struct firmware *fw;
 	char scan_path[64];
 	int ret = -EINVAL;
@@ -274,6 +275,13 @@ int ifs_load_firmware(struct device *dev)
 		goto done;
 	}
 
+	expected_size = ((struct microcode_header_intel *)fw->data)->totalsize;
+	if (fw->size != expected_size) {
+		dev_err(dev, "File size mismatch (expected %u, actual %zu). Corrupted IFS image.\n",
+			expected_size, fw->size);
+		return -EINVAL;
+	}
+
 	ret = image_sanity_check(dev, (struct microcode_header_intel *)fw->data);
 	if (ret)
 		goto release;







