Re: [PATCH] lib/test_firmware: allocate the configured into_buf size

Next message: patchwork-bot+netdevbpf: "Re: [PATCH v2,net] net: ena: PHC: Add missing barrier"
Previous message: Namjae Jeon: "Re: [PATCH v4 6/6] ntfs: validate resident index root values on lookup"
In reply to: Samuel Moelius: "[PATCH] lib/test_firmware: allocate the configured into_buf size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Morton

Date: Fri Jun 05 2026 - 21:45:03 EST

On Fri, 5 Jun 2026 00:30:37 +0000 Samuel Moelius <sam.moelius@xxxxxxxxxxxxxxx> wrote:

> The batched into_buf test path allocates TEST_FIRMWARE_BUF_SIZE bytes
> unconditionally, but then passes test_fw_config->buf_size to
> request_firmware_into_buf() or request_partial_firmware_into_buf().
>
> Userspace can set config_buf_size above TEST_FIRMWARE_BUF_SIZE before
> triggering a batched request. If the firmware file is large enough, the
> firmware loader writes past the end of the 1 KiB test buffer.
>
> Allocate the buffer with the same size that the test passes to the firmware
> API so config_buf_size remains the actual buffer size under test.

Cool, thanks.

> Assisted-by: Codex:gpt-5.5-cyber-preview

Sashiko evidently looked further:
https://sashiko.dev/#/patchset/20260605003038.2005840-1-sam.moelius@xxxxxxxxxxxxxxx

And appears to have found other bugs in test_firmware.c. Let me cc a
few people who have previously worked on this.