[PATCH 6.6 113/341] platform/x86/intel/ifs: Validate image size

6.6-stable review patch. If anyone has any objections, please let me know.

------------------

From: Jithu Joseph jithu.joseph@intel.com

[ Upstream commit 25a76dbb36dd58ad4df7f6a4dc43061a10b0d817 ]

Perform additional validation prior to loading IFS image.

Error out if the size of the file being loaded doesn't match the size specified in the header.

Signed-off-by: Jithu Joseph jithu.joseph@intel.com Reviewed-by: Tony Luck tony.luck@intel.com Reviewed-by: Ilpo Järvinen ilpo.jarvinen@linux.intel.com Tested-by: Pengfei Xu pengfei.xu@intel.com Link: https://lore.kernel.org/r/20231005195137.3117166-6-jithu.joseph@intel.com Signed-off-by: Ilpo Järvinen ilpo.jarvinen@linux.intel.com Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/platform/x86/intel/ifs/load.c | 8 ++++++++ 1 file changed, 8 insertions(+)

diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c index cefd0d886cfd4..ae52de138a6ea 100644 --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -260,6 +260,7 @@ int ifs_load_firmware(struct device *dev) { const struct ifs_test_caps *test = ifs_get_test_caps(dev); struct ifs_data *ifsd = ifs_get_data(dev); + unsigned int expected_size; const struct firmware *fw; char scan_path[64]; int ret = -EINVAL; @@ -274,6 +275,13 @@ int ifs_load_firmware(struct device *dev) goto done; }

+ expected_size = ((struct microcode_header_intel *)fw->data)->totalsize; + if (fw->size != expected_size) { + dev_err(dev, "File size mismatch (expected %u, actual %zu). Corrupted IFS image.\n", + expected_size, fw->size); + return -EINVAL; + } + ret = image_sanity_check(dev, (struct microcode_header_intel *)fw->data); if (ret) goto release;