Re: [PATCH] ASoC: SOF: Intel: Check the bar size before remapping
From: Zheyu Ma
Date: Mon Apr 11 2022 - 21:55:47 EST
On Tue, Apr 12, 2022 at 12:23 AM Pierre-Louis Bossart
<pierre-louis.bossart@xxxxxxxxxxxxxxx> wrote:
>
>
>
> On 4/9/22 09:39, Zheyu Ma wrote:
> > The driver should use the pci_resource_len() to get the actual length of
> > pci bar, and compare it with the expect value. If the bar size is too
> > small (such as a broken device), the driver should return an error.
> >
> > Signed-off-by: Zheyu Ma <zheyuma97@xxxxxxxxx>
> > ---
> > sound/soc/sof/intel/pci-tng.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/sound/soc/sof/intel/pci-tng.c b/sound/soc/sof/intel/pci-tng.c
> > index 6efef225973f..7d502cc3ca80 100644
> > --- a/sound/soc/sof/intel/pci-tng.c
> > +++ b/sound/soc/sof/intel/pci-tng.c
> > @@ -75,7 +75,11 @@ static int tangier_pci_probe(struct snd_sof_dev *sdev)
> >
> > /* LPE base */
> > base = pci_resource_start(pci, desc->resindex_lpe_base) - IRAM_OFFSET;
> > - size = PCI_BAR_SIZE;
> > + size = pci_resource_len(pci, desc->resindex_lpe_base);
> > + if (size < PCI_BAR_SIZE) {
> > + dev_err(sdev->dev, "error: I/O region is too small.\n");
> > + return -ENODEV;
> > + }
>
> May I ask how you found this issue?
Actually, I tested this driver via fuzzing in a simulated environment
and got a crash. Hence, I try to propose a patch and ask for the help
of maintainers to determine whether this is an issue.
Thanks,
Zheyu Ma