This series brings some missing validation for the IPI buffer size
that is read from the firmware retrieved from userspace: if the FW
declares IPI buffer offset starting at an out of range address, the
driver doesn't do any validation and naively goes on with IO R/W
operation.
That poses various risks which I believe I really don't need to
describe, leaving it to the reader's imagination :-)
Please note that the first fix is URGENT.
P.S.: Of course, this was tested OK on multiple MTK platforms.
AngeloGioacchino Del Regno (2):
remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
remoteproc: mediatek: Don't parse extraneous subnodes for multi-core
drivers/remoteproc/mtk_scp.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
--
2.44.0