Skip to content

llext: check number of module entries in libraries#10924

Open
lyakh wants to merge 2 commits into
thesofproject:mainfrom
lyakh:llext-nmod
Open

llext: check number of module entries in libraries#10924
lyakh wants to merge 2 commits into
thesofproject:mainfrom
lyakh:llext-nmod

Conversation

@lyakh

@lyakh lyakh commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Validate module entry number to avoid out of boundary memory access.

Copilot AI review requested due to automatic review settings June 16, 2026 12:40
Copilot AI reviewed Jun 16, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to harden LLEXT library loading by validating manifest/module-entry bounds to prevent out-of-bounds memory access when enumerating module entries, and by propagating initialization failures back to the library loader.

Changes:

  • Add overflow/bounds checks in llext_manager_mod_init() when computing library size and the end of the module-entry array.
  • Propagate llext_manager_mod_init() failures in llext_manager_add_library() instead of ignoring them.
  • Refactor llext_manager_add_library() to reuse a single ret variable for llext_manager_link_single() calls.

Comment thread src/library_manager/llext_manager.c Outdated
Comment thread src/library_manager/llext_manager.c
@lyakh

lyakh commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator Author

@lrudyX random HDA DMA again...

lgirdwood
lgirdwood approved these changes Jun 17, 2026
View reviewed changes
Comment thread src/library_manager/llext_manager.c Outdated
uintptr_t img_end_addr = (uintptr_t)desc - SOF_MAN_ELF_TEXT_OFFSET + lib_size;

if (mod_end_addr < (uintptr_t)mod_array || img_end_addr < (uintptr_t)desc ||
mod_end_addr >= img_end_addr)

@lgirdwood lgirdwood Jun 17, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for future: we need unique LOG here and above EOVERFLOW to assist debug.

kv2019i
kv2019i approved these changes Jun 18, 2026
View reviewed changes

@kv2019i kv2019i left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One inline comment to check before merge. But this anyways errs on side of caution, so I'm good to merge.

Comment thread src/library_manager/llext_manager.c Outdated
size_t offs;

if (size_mul_overflow(desc->header.preload_page_count, PAGE_SZ, &lib_size))
return -EOVERFLOW;

@kv2019i kv2019i Jun 18, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lyakh @lgirdwood Just noticed in #10931 the overflow was not checked. Here we check? Is this needed or not, do we have check elsewhere to guarantee lib_size cannot overflow in u32?

@lyakh lyakh Jun 18, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kv2019i ok, you win, let's do it right

lyakh added 2 commits June 18, 2026 10:21
@lyakh
lib-manager: check total claimed library size when loading
a63d283 
A corrupted or malformed library can provide the required page count
that overflows 32-bit multiplication. Check once when loading.

Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
@lyakh
llext: check number of module entries in libraries
941a438 
Validate module entry number to avoid out of boundary memory access.

Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lgirdwood lgirdwood lgirdwood approved these changes

@kv2019i kv2019i kv2019i approved these changes

@plbossart plbossart Awaiting requested review from plbossart plbossart is a code owner

@mmaka1 mmaka1 Awaiting requested review from mmaka1 mmaka1 is a code owner

@lbetlej lbetlej Awaiting requested review from lbetlej lbetlej is a code owner

@dbaluta dbaluta Awaiting requested review from dbaluta dbaluta is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lyakh @lgirdwood @kv2019i