Revision da353fac65fede6b8b4cfe207f0d9408e3121105 authored by Daniel Jordan on 27 October 2021, 21:59:20 UTC, committed by David S. Miller on 28 October 2021, 13:41:20 UTC
sk->sk_err appears to expect a positive value, a convention that ktls
doesn't always follow and that leads to memory corruption in other code.
For instance,
[kworker]
tls_encrypt_done(..., err=<negative error from crypto request>)
tls_err_abort(.., err)
sk->sk_err = err;
[task]
splice_from_pipe_feed
...
tls_sw_do_sendpage
if (sk->sk_err) {
ret = -sk->sk_err; // ret is positive
splice_from_pipe_feed (continued)
ret = actor(...) // ret is still positive and interpreted as bytes
// written, resulting in underflow of buf->len and
// sd->len, leading to huge buf->offset and bogus
// addresses computed in later calls to actor()
Fix all tls_err_abort() callers to pass a negative error code
consistently and centralize the error-prone sign flip there, throwing in
a warning to catch future misuse and uninlining the function so it
really does only warn once.
Cc: stable@vger.kernel.org
Fixes: c46234ebb4d1e ("tls: RX path for ktls")
Reported-by: syzbot+b187b77c8474f9648fae@syzkaller.appspotmail.com
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent a32f07d
sof.h
/* SPDX-License-Identifier: (GPL-2.0-only OR BSD-3-Clause) */
/*
* This file is provided under a dual BSD/GPLv2 license. When using or
* redistributing this file, you may do so under either license.
*
* Copyright(c) 2018 Intel Corporation. All rights reserved.
*
* Author: Liam Girdwood <liam.r.girdwood@linux.intel.com>
*/
#ifndef __INCLUDE_SOUND_SOF_H
#define __INCLUDE_SOUND_SOF_H
#include <linux/pci.h>
#include <sound/soc.h>
#include <sound/soc-acpi.h>
struct snd_sof_dsp_ops;
/*
* SOF Platform data.
*/
struct snd_sof_pdata {
const struct firmware *fw;
const char *name;
const char *platform;
struct device *dev;
/* indicate how many first bytes shouldn't be loaded into DSP memory. */
size_t fw_offset;
/*
* notification callback used if the hardware initialization
* can take time or is handled in a workqueue. This callback
* can be used by the caller to e.g. enable runtime_pm
* or limit functionality until all low-level inits are
* complete.
*/
void (*sof_probe_complete)(struct device *dev);
/* descriptor */
const struct sof_dev_desc *desc;
/* firmware and topology filenames */
const char *fw_filename_prefix;
const char *fw_filename;
const char *tplg_filename_prefix;
const char *tplg_filename;
/* machine */
struct platform_device *pdev_mach;
const struct snd_soc_acpi_mach *machine;
void *hw_pdata;
};
/*
* Descriptor used for setting up SOF platform data. This is used when
* ACPI/PCI data is missing or mapped differently.
*/
struct sof_dev_desc {
/* list of machines using this configuration */
struct snd_soc_acpi_mach *machines;
/* alternate list of machines using this configuration */
struct snd_soc_acpi_mach *alt_machines;
bool use_acpi_target_states;
/* Platform resource indexes in BAR / ACPI resources. */
/* Must set to -1 if not used - add new items to end */
int resindex_lpe_base;
int resindex_pcicfg_base;
int resindex_imr_base;
int irqindex_host_ipc;
int resindex_dma_base;
/* DMA only valid when resindex_dma_base != -1*/
int dma_engine;
int dma_size;
/* IPC timeouts in ms */
int ipc_timeout;
int boot_timeout;
/* chip information for dsp */
const void *chip_info;
/* defaults for no codec mode */
const char *nocodec_tplg_filename;
/* defaults paths for firmware and topology files */
const char *default_fw_path;
const char *default_tplg_path;
/* default firmware name */
const char *default_fw_filename;
const struct snd_sof_dsp_ops *ops;
};
int sof_dai_get_mclk(struct snd_soc_pcm_runtime *rtd);
int sof_dai_get_bclk(struct snd_soc_pcm_runtime *rtd);
#endif
Computing file changes ...
