[ciqlts8 6] CVE-2022-50050

[roxanan1996]

DESCRIPTION

Not a clean cherry pick due to missing
71778f7("ASoC: SOF: Intel: hda: Define rom_status_reg in sof_intel_dsp_desc").
Not added as a pre-req because it is part of a bigger patchset upstream.

https://lore.kernel.org/all/20220414184817.362215-14-pierre-louis.bossart@linux.intel.com/

Otherwise, the change is straightfoward.

COMMITS

ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()

jira VULN-70503
cve CVE-2022-50050
commit-author Takashi Iwai <tiwai@suse.de>
commit 94c1ceb043c1a002de9649bb630c8e8347645982
upstream-diff |
	Adjusted context due to missing commit
	71778f7940f0b("ASoC: SOF: Intel: hda: Define rom_status_reg in sof_intel_dsp_desc")

TESTING

BUILD

/home/rnicolescu/ciq/kernels/lts-8.6_CVE-2022-50050/kernel-src-tree
Running make mrproper...
[TIMER]{MRPROPER}: 3s
x86_64 architecture detected, copying config
'configs/kernel-x86_64.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-rnicolescu_ciqlts8_6_CVE-2022-50050-6f0e4f7a373d9"
Making olddefconfig
--
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf  --olddefconfig Kconfig
#
# configuration written to .config
#
Starting Build
scripts/kconfig/conf  --syncconfig Kconfig
  SYSTBL  arch/x86/include/generated/asm/syscalls_32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_32_ia32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_64_x32.h
  SYSTBL  arch/x86/include/generated/asm/syscalls_64.h
--
  LD [M]  sound/usb/usx2y/snd-usb-usx2y.ko
  LD [M]  sound/virtio/virtio_snd.ko
  LD [M]  sound/x86/snd-hdmi-lpe-audio.ko
  LD [M]  sound/xen/snd_xen_front.ko
  LD [M]  virt/lib/irqbypass.ko
[TIMER]{BUILD}: 1408s
Making Modules
  INSTALL arch/x86/crypto/blowfish-x86_64.ko
  INSTALL arch/x86/crypto/camellia-aesni-avx-x86_64.ko
  INSTALL arch/x86/crypto/camellia-x86_64.ko
  INSTALL arch/x86/crypto/camellia-aesni-avx2.ko
--
  INSTALL sound/virtio/virtio_snd.ko
  INSTALL sound/x86/snd-hdmi-lpe-audio.ko
  INSTALL sound/xen/snd_xen_front.ko
  INSTALL virt/lib/irqbypass.ko
  DEPMOD  4.18.0-rnicolescu_ciqlts8_6_CVE-2022-50050-6f0e4f7a373d9+
[TIMER]{MODULES}: 10s
Making Install
sh ./arch/x86/boot/install.sh 4.18.0-rnicolescu_ciqlts8_6_CVE-2022-50050-6f0e4f7a373d9+ arch/x86/boot/bzImage \
	System.map "/boot"
[TIMER]{INSTALL}: 31s
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-4.18.0-rnicolescu_ciqlts8_6_CVE-2022-50050-6f0e4f7a373d9+ and Index to 0
The default is /boot/loader/entries/336658a12ada47d39e3ab65e79f81195-4.18.0-rnicolescu_ciqlts8_6_CVE-2022-50050-6f0e4f7a373d9+.conf with index 0 and kernel /boot/vmlinuz-4.18.0-rnicolescu_ciqlts8_6_CVE-2022-50050-6f0e4f7a373d9+
The default is /boot/loader/entries/336658a12ada47d39e3ab65e79f81195-4.18.0-rnicolescu_ciqlts8_6_CVE-2022-50050-6f0e4f7a373d9+.conf with index 0 and kernel /boot/vmlinuz-4.18.0-rnicolescu_ciqlts8_6_CVE-2022-50050-6f0e4f7a373d9+
Generating grub configuration file ...
done
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 3s
[TIMER]{BUILD}: 1408s
[TIMER]{MODULES}: 10s
[TIMER]{INSTALL}: 31s
[TIMER]{TOTAL} 1456s
Rebooting in 10 seconds

Kselftests

./kselftest-before.log
212
./kselftest-after.log
212
Before: ./kselftest-before.log
After: ./kselftest-after.log
Diff:
No differences found.

Check_kernel_commits

> python3 /home/rnicolescu/ciq/kernel-src-tree-tools/check_kernel_commits.py --repo /home/rnicolescu/ciq/kernels/lts-8.6_CVE-2022-50050/kernel-src-tree --pr_branch {rnicolescu}_ciqlts8_6_CVE-2022-50050 --base_branch origin/ciqlts8_6 --check-cves
All referenced commits exist upstream and have no Fixes: tags.

Run interdiff

> python3 /home/rnicolescu/ciq/kernel-src-tree-tools/run_interdiff.py --repo /home/rnicolescu/ciq/kernels/lts-8.6_CVE-2022-50050/kernel-src-tree --pr_branch {rnicolescu}_ciqlts8_6_CVE-2022-50050 --base_branch origin/ciqlts8_6
[DIFF] PR commit 6f0e4f7a373d9 (ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()) → upstream 94c1ceb043c1
Differences found:

  diff -u b/sound/soc/sof/intel/hda.c b/sound/soc/sof/intel/hda.c
  --- b/sound/soc/sof/intel/hda.c
  +++ b/sound/soc/sof/intel/hda.c
  @@ -533,7 +533,7 @@
  -	chip = get_chip_info(sdev->pdata);
  +
   	for (i = 0; i < HDA_EXT_ROM_STATUS_SIZE; i++) {
  -		value = snd_sof_dsp_read(sdev, HDA_DSP_BAR, chip->rom_status_reg + i * 0x4);
  +		value = snd_sof_dsp_read(sdev, HDA_DSP_BAR, HDA_DSP_SRAM_REG_ROM_STATUS + i * 0x4);
   		len += snprintf(msg + len, sizeof(msg) - len, " 0x%x", value);
   	}
   
  -	dev_printk(level, sdev->dev, "extended rom status: %s", msg);
  +	dev_err(sdev->dev, "extended rom status: %s", msg);
  @@ -536,7 +536,7 @@ INTERDIFF: rejected hunk from patch1, cannot diff context
   
   	for (i = 0; i < HDA_EXT_ROM_STATUS_SIZE; i++) {
   		value = snd_sof_dsp_read(sdev, HDA_DSP_BAR, HDA_DSP_SRAM_REG_ROM_STATUS + i * 0x4);
  -		len += snprintf(msg + len, sizeof(msg) - len, " 0x%x", value);
  +		len += scnprintf(msg + len, sizeof(msg) - len, " 0x%x", value);
   	}
   
   	dev_err(sdev->dev, "extended rom status: %s", msg);
  @@ -574,7 +574,7 @@ INTERDIFF: rejected hunk from patch2, cannot diff context
   	chip = get_chip_info(sdev->pdata);
   	for (i = 0; i < HDA_EXT_ROM_STATUS_SIZE; i++) {
   		value = snd_sof_dsp_read(sdev, HDA_DSP_BAR, chip->rom_status_reg + i * 0x4);
  -		len += snprintf(msg + len, sizeof(msg) - len, " 0x%x", value);
  +		len += scnprintf(msg + len, sizeof(msg) - len, " 0x%x", value);
   	}
   
   	dev_printk(level, sdev->dev, "extended rom status: %s", msg);

Check colordiff instead
colordiff.log

That's due tot missing commit
71778f7("ASoC: SOF: Intel: hda: Define rom_status_reg in sof_intel_dsp_desc").
Not added because it was part of a bigger patchset
https://lore.kernel.org/all/20220414184817.362215-14-pierre-louis.bossart@linux.intel.com/

And the last one is due to missing commit
34bfba9 ("ASoC: SOF: Intel: hda: Use DEBUG log level for optional prints").
Not revelant here.

Run jira_pr_check

> python3 /home/rnicolescu/ciq/kernel-src-tree-tools/jira_pr_check.py --kernel-src-tree /home/rnicolescu/ciq/kernels/lts-8.6_CVE-2022-50050/kernel-src-tree --merge-target {rnicolescu}_ciqlts8_6_CVE-2022-50050 --pr-branch origin/ciqlts8_6

## JIRA PR Check Results

✅ **No issues found!**


---
**Summary:** Checked 0 commit(s) total.

[github-actions]

🔍 Interdiff Analysis

• ⚠️ PR commit 6f0e4f7a373d (ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()) → upstream 94c1ceb043c1
  Differences found:

diff -u b/sound/soc/sof/intel/hda.c b/sound/soc/sof/intel/hda.c
--- b/sound/soc/sof/intel/hda.c
+++ b/sound/soc/sof/intel/hda.c
@@ -533,7 +533,7 @@
-	chip = get_chip_info(sdev->pdata);
+
 	for (i = 0; i < HDA_EXT_ROM_STATUS_SIZE; i++) {
-		value = snd_sof_dsp_read(sdev, HDA_DSP_BAR, chip->rom_status_reg + i * 0x4);
+		value = snd_sof_dsp_read(sdev, HDA_DSP_BAR, HDA_DSP_SRAM_REG_ROM_STATUS + i * 0x4);
 		len += snprintf(msg + len, sizeof(msg) - len, " 0x%x", value);
 	}
 
-	dev_printk(level, sdev->dev, "extended rom status: %s", msg);
+	dev_err(sdev->dev, "extended rom status: %s", msg);
@@ -536,7 +536,7 @@ INTERDIFF: rejected hunk from patch1, cannot diff context
 
 	for (i = 0; i < HDA_EXT_ROM_STATUS_SIZE; i++) {
 		value = snd_sof_dsp_read(sdev, HDA_DSP_BAR, HDA_DSP_SRAM_REG_ROM_STATUS + i * 0x4);
-		len += snprintf(msg + len, sizeof(msg) - len, " 0x%x", value);
+		len += scnprintf(msg + len, sizeof(msg) - len, " 0x%x", value);
 	}
 
 	dev_err(sdev->dev, "extended rom status: %s", msg);
@@ -574,7 +574,7 @@ INTERDIFF: rejected hunk from patch2, cannot diff context
 	chip = get_chip_info(sdev->pdata);
 	for (i = 0; i < HDA_EXT_ROM_STATUS_SIZE; i++) {
 		value = snd_sof_dsp_read(sdev, HDA_DSP_BAR, chip->rom_status_reg + i * 0x4);
-		len += snprintf(msg + len, sizeof(msg) - len, " 0x%x", value);
+		len += scnprintf(msg + len, sizeof(msg) - len, " 0x%x", value);
 	}
 
 	dev_printk(level, sdev->dev, "extended rom status: %s", msg);

This is an automated interdiff check for backported commits.

[bmastbergen]

🥌

[PlaidCat]