This is a note to let you know that I've just added the patch titled
ASoC: Intel: avs: Fix theoretical infinite loop
to the 6.12-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
asoc-intel-avs-fix-theoretical-infinite-loop.patch
and it can be found in the queue-6.12 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 8705f333d110a852f2c1b2ecc6be0038995a688f
Author: Cezary Rojewski <cezary.rojewski@xxxxxxxxx>
Date: Thu Jan 9 13:22:06 2025 +0100
ASoC: Intel: avs: Fix theoretical infinite loop
[ Upstream commit cf4d74256fe103ece7b2647550e6c063048e5682 ]
While 'stack_dump_size' is a u32 bitfield of 16 bits, u32 has a bigger
upper bound than the type u16 of loop counter 'offset' what in theory
may lead to infinite loop condition.
Found out by Coverity static analyzer.
Fixes: c8c960c10971 ("ASoC: Intel: avs: APL-based platforms support")
Signed-off-by: Cezary Rojewski <cezary.rojewski@xxxxxxxxx>
Link: https://patch.msgid.link/20250109122216.3667847-4-cezary.rojewski@xxxxxxxxx
Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/sound/soc/intel/avs/apl.c b/sound/soc/intel/avs/apl.c
index 27516ef571859..d443fe8d51aee 100644
--- a/sound/soc/intel/avs/apl.c
+++ b/sound/soc/intel/avs/apl.c
@@ -125,7 +125,7 @@ int avs_apl_coredump(struct avs_dev *adev, union avs_notify_msg *msg)
struct avs_apl_log_buffer_layout layout;
void __iomem *addr, *buf;
size_t dump_size;
- u16 offset = 0;
+ u32 offset = 0;
u8 *dump, *pos;
dump_size = AVS_FW_REGS_SIZE + msg->ext.coredump.stack_dump_size;
