diff --git a/projects/ROCKNIX/devices/SM8250/patches/linux/20250805_dan_carpenter_soc_qcom_mdt_loader_allow_empty_section_headers_in_mdt_header_valid.patch b/projects/ROCKNIX/devices/SM8250/patches/linux/20250805_dan_carpenter_soc_qcom_mdt_loader_allow_empty_section_headers_in_mdt_header_valid.patch deleted file mode 100644 index e2dc529ab3..0000000000 --- a/projects/ROCKNIX/devices/SM8250/patches/linux/20250805_dan_carpenter_soc_qcom_mdt_loader_allow_empty_section_headers_in_mdt_header_valid.patch +++ /dev/null @@ -1,54 +0,0 @@ -From git@z Thu Jan 1 00:00:00 1970 -Subject: [PATCH] soc: qcom: mdt_loader: Allow empty section headers in - mdt_header_valid() -From: Dan Carpenter -Date: Tue, 05 Aug 2025 12:29:00 +0300 -Message-Id: <5d392867c81da4b667f61430d3aa7065f61b7096.1754385120.git.dan.carpenter@linaro.org> -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 7bit - -The mdt_header_valid() function checks all the members for the elf -header to ensure that reading the firmware doesn't lead to a buffer -overflow or an integer overflow. However it has a bug, in that it -doesn't allow for firmware with no section headers and this prevents -the firmware from loading. - -I know from bug reports that there are firmwares which have zero -section headers, but the same logic applies to program headers. An -empty program header won't lead to a buffer overflow so it's safe to -allow it. - -Fixes: 9f35ab0e53cc ("soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()") -Cc: stable@vger.kernel.org -Reported-by: Val Packett -Reported-by: Neil Armstrong -Signed-off-by: Dan Carpenter ---- - drivers/soc/qcom/mdt_loader.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c -index 0ca268bdf1f8..d91c5cb325e3 100644 ---- a/drivers/soc/qcom/mdt_loader.c -+++ b/drivers/soc/qcom/mdt_loader.c -@@ -32,14 +32,14 @@ static bool mdt_header_valid(const struct firmware *fw) - if (memcmp(ehdr->e_ident, ELFMAG, SELFMAG)) - return false; - -- if (ehdr->e_phentsize != sizeof(struct elf32_phdr)) -+ if (ehdr->e_phentsize && ehdr->e_phentsize != sizeof(struct elf32_phdr)) - return false; - - phend = size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), ehdr->e_phoff); - if (phend > fw->size) - return false; - -- if (ehdr->e_shentsize != sizeof(struct elf32_shdr)) -+ if (ehdr->e_shentsize && ehdr->e_shentsize != sizeof(struct elf32_shdr)) - return false; - - shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff); --- -2.47.2 - diff --git a/projects/ROCKNIX/devices/SM8550/patches/linux/20250805_dan_carpenter_soc_qcom_mdt_loader_allow_empty_section_headers_in_mdt_header_valid.patch b/projects/ROCKNIX/devices/SM8550/patches/linux/20250805_dan_carpenter_soc_qcom_mdt_loader_allow_empty_section_headers_in_mdt_header_valid.patch deleted file mode 100644 index e2dc529ab3..0000000000 --- a/projects/ROCKNIX/devices/SM8550/patches/linux/20250805_dan_carpenter_soc_qcom_mdt_loader_allow_empty_section_headers_in_mdt_header_valid.patch +++ /dev/null @@ -1,54 +0,0 @@ -From git@z Thu Jan 1 00:00:00 1970 -Subject: [PATCH] soc: qcom: mdt_loader: Allow empty section headers in - mdt_header_valid() -From: Dan Carpenter -Date: Tue, 05 Aug 2025 12:29:00 +0300 -Message-Id: <5d392867c81da4b667f61430d3aa7065f61b7096.1754385120.git.dan.carpenter@linaro.org> -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 7bit - -The mdt_header_valid() function checks all the members for the elf -header to ensure that reading the firmware doesn't lead to a buffer -overflow or an integer overflow. However it has a bug, in that it -doesn't allow for firmware with no section headers and this prevents -the firmware from loading. - -I know from bug reports that there are firmwares which have zero -section headers, but the same logic applies to program headers. An -empty program header won't lead to a buffer overflow so it's safe to -allow it. - -Fixes: 9f35ab0e53cc ("soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()") -Cc: stable@vger.kernel.org -Reported-by: Val Packett -Reported-by: Neil Armstrong -Signed-off-by: Dan Carpenter ---- - drivers/soc/qcom/mdt_loader.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c -index 0ca268bdf1f8..d91c5cb325e3 100644 ---- a/drivers/soc/qcom/mdt_loader.c -+++ b/drivers/soc/qcom/mdt_loader.c -@@ -32,14 +32,14 @@ static bool mdt_header_valid(const struct firmware *fw) - if (memcmp(ehdr->e_ident, ELFMAG, SELFMAG)) - return false; - -- if (ehdr->e_phentsize != sizeof(struct elf32_phdr)) -+ if (ehdr->e_phentsize && ehdr->e_phentsize != sizeof(struct elf32_phdr)) - return false; - - phend = size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), ehdr->e_phoff); - if (phend > fw->size) - return false; - -- if (ehdr->e_shentsize != sizeof(struct elf32_shdr)) -+ if (ehdr->e_shentsize && ehdr->e_shentsize != sizeof(struct elf32_shdr)) - return false; - - shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff); --- -2.47.2 - diff --git a/projects/ROCKNIX/packages/linux/package.mk b/projects/ROCKNIX/packages/linux/package.mk index a5221c3c43..d9f69fcb83 100644 --- a/projects/ROCKNIX/packages/linux/package.mk +++ b/projects/ROCKNIX/packages/linux/package.mk @@ -32,7 +32,7 @@ case ${DEVICE} in *) case ${DEVICE} in SM8250|SM8550|H700) - PKG_VERSION="6.16.5" + PKG_VERSION="6.16.6" ;; *) PKG_VERSION="6.12.43"