summaryrefslogtreecommitdiff
path: root/include/linux
diff options
context:
space:
mode:
authorMark Brown <broonie@kernel.org>2026-06-09 20:41:15 +0300
committerMark Brown <broonie@kernel.org>2026-06-09 20:41:15 +0300
commit9f0b311829eb58e0a0541d356f651ba4399aa765 (patch)
tree60e76846d0d70f9fdecf159170b5dd0d4d0d3dae /include/linux
parent60a1646b38d4d03e4fbdcc2c3fbff8096f5ff406 (diff)
parentfd46668d538993218eea19c6925c868ac0f2630c (diff)
downloadlinux-9f0b311829eb58e0a0541d356f651ba4399aa765.tar.xz
ASoC: SOF: ipc3/ipc4-control: harden kcontrol payload handling
Peter Ujfalusi <peter.ujfalusi@linux.intel.com> says: This series hardens SOF kcontrol data paths for both IPC3 and IPC4 by fixing size-handling bugs in put/get/update flows and tightening bounds checks around firmware/user-provided payload lengths. The changes include: Fix TOCTOU-style size misuse in IPC3/IPC4 bytes put paths by validating and using the incoming payload size. Add notification/update payload size validation before parsing control data. Use overflow-checked arithmetic when computing expected IPC3 control sizes. Ensure update/copy bounds are validated against actual allocation limits. Fix IPC3 bytes_ext bounds checks to account for struct header offset, closing a heap overflow/over-read issue from unprivileged userspace TLV access. Overall, the series makes control payload processing robust against malformed or inconsistent sizes and prevents out-of-bounds accesses. Link: https://patch.msgid.link/20260609083458.31193-1-peter.ujfalusi@linux.intel.com
Diffstat (limited to 'include/linux')
0 files changed, 0 insertions, 0 deletions