diff --git a/include/sound/sof.h b/include/sound/sof.h index a0cbca021230..969f554b0b7d 100644 --- a/include/sound/sof.h +++ b/include/sound/sof.h @@ -27,6 +27,9 @@ struct snd_sof_pdata { struct device *dev; + /* indicate how many first bytes shouldn't be loaded into DSP memory. */ + size_t fw_offset; + /* * notification callback used if the hardware initialization * can take time or is handled in a workqueue. This callback diff --git a/sound/soc/sof/intel/hda-loader.c b/sound/soc/sof/intel/hda-loader.c index e1550ccd0a49..1beaaf5879e2 100644 --- a/sound/soc/sof/intel/hda-loader.c +++ b/sound/soc/sof/intel/hda-loader.c @@ -293,8 +293,13 @@ int hda_dsp_cl_boot_firmware(struct snd_sof_dev *sdev) chip_info = desc->chip_info; - stripped_firmware.data = plat_data->fw->data; - stripped_firmware.size = plat_data->fw->size; + if (plat_data->fw->size < plat_data->fw_offset) { + dev_err(sdev->dev, "error: firmware size must be greater than firmware offset\n"); + return -EINVAL; + } + + stripped_firmware.data = plat_data->fw->data + plat_data->fw_offset; + stripped_firmware.size = plat_data->fw->size - plat_data->fw_offset; /* init for booting wait */ init_waitqueue_head(&sdev->boot_wait); diff --git a/sound/soc/sof/loader.c b/sound/soc/sof/loader.c index 312f7fffcb2c..89f35db2577d 100644 --- a/sound/soc/sof/loader.c +++ b/sound/soc/sof/loader.c @@ -379,12 +379,19 @@ int snd_sof_parse_module_memcpy(struct snd_sof_dev *sdev, } EXPORT_SYMBOL(snd_sof_parse_module_memcpy); -static int check_header(struct snd_sof_dev *sdev, const struct firmware *fw) +static int check_header(struct snd_sof_dev *sdev, const struct firmware *fw, + size_t fw_offset) { struct snd_sof_fw_header *header; + size_t fw_size = fw->size - fw_offset; + + if (fw->size < fw_offset) { + dev_err(sdev->dev, "error: firmware size must be greater than firmware offset\n"); + return -EINVAL; + } /* Read the header information from the data pointer */ - header = (struct snd_sof_fw_header *)fw->data; + header = (struct snd_sof_fw_header *)(fw->data + fw_offset); /* verify FW sig */ if (strncmp(header->sig, SND_SOF_FW_SIG, SND_SOF_FW_SIG_SIZE) != 0) { @@ -393,9 +400,9 @@ static int check_header(struct snd_sof_dev *sdev, const struct firmware *fw) } /* check size is valid */ - if (fw->size != header->file_size + sizeof(*header)) { + if (fw_size != header->file_size + sizeof(*header)) { dev_err(sdev->dev, "error: invalid filesize mismatch got 0x%zx expected 0x%zx\n", - fw->size, header->file_size + sizeof(*header)); + fw_size, header->file_size + sizeof(*header)); return -EINVAL; } @@ -406,7 +413,8 @@ static int check_header(struct snd_sof_dev *sdev, const struct firmware *fw) return 0; } -static int load_modules(struct snd_sof_dev *sdev, const struct firmware *fw) +static int load_modules(struct snd_sof_dev *sdev, const struct firmware *fw, + size_t fw_offset) { struct snd_sof_fw_header *header; struct snd_sof_mod_hdr *module; @@ -415,14 +423,15 @@ static int load_modules(struct snd_sof_dev *sdev, const struct firmware *fw) int ret, count; size_t remaining; - header = (struct snd_sof_fw_header *)fw->data; + header = (struct snd_sof_fw_header *)(fw->data + fw_offset); load_module = sof_ops(sdev)->load_module; if (!load_module) return -EINVAL; /* parse each module */ - module = (struct snd_sof_mod_hdr *)((u8 *)(fw->data) + sizeof(*header)); - remaining = fw->size - sizeof(*header); + module = (struct snd_sof_mod_hdr *)(fw->data + fw_offset + + sizeof(*header)); + remaining = fw->size - sizeof(*header) - fw_offset; /* check for wrap */ if (remaining > fw->size) { dev_err(sdev->dev, "error: fw size smaller than header size\n"); @@ -502,7 +511,7 @@ int snd_sof_load_firmware_memcpy(struct snd_sof_dev *sdev) return ret; /* make sure the FW header and file is valid */ - ret = check_header(sdev, plat_data->fw); + ret = check_header(sdev, plat_data->fw, plat_data->fw_offset); if (ret < 0) { dev_err(sdev->dev, "error: invalid FW header\n"); goto error; @@ -516,7 +525,7 @@ int snd_sof_load_firmware_memcpy(struct snd_sof_dev *sdev) } /* parse and load firmware modules to DSP */ - ret = load_modules(sdev, plat_data->fw); + ret = load_modules(sdev, plat_data->fw, plat_data->fw_offset); if (ret < 0) { dev_err(sdev->dev, "error: invalid FW modules\n"); goto error;