Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp4004386rdh;
        Fri, 29 Sep 2023 08:30:04 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHIs10cQSNF95f8SXvsvKS4QwgIvKnchiGAAF/G7TJbn24twtmvQszrexBjbk3ybC7k48hr
X-Received: by 2002:a17:902:ecd2:b0:1c4:65d5:34ce with SMTP id a18-20020a170902ecd200b001c465d534cemr7771387plh.31.1696001403662;
        Fri, 29 Sep 2023 08:30:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696001403; cv=none;
        d=google.com; s=arc-20160816;
        b=JAHM1/03uuTj84H76SDR+ht1IS+cjnGPJqDrGirpFr9qTLI5UshrkYmijuDFLroo4i
         dGKj1vUF7h9y0NaCGV6a8rLosGqU6yTDXZXNB3CDRNaFMauzZfCrAXE7uQso1bKEmd7f
         WVUxkc7aDfIqIkySTdPH8q5RVfC3NYz2oi1Scbpc2G3G92lNkYD6COss4MeleQqg3sE3
         65Wx/uf9n48eHD1xUGH8E8oSpsJBehoZOSfxByfPO9xCOkGsIbtOoCY34xR+hEuInCVc
         L5my40uAASulJ4nUbquQa8mTrCm8kOEGUv5EQGwnPeNjuWxEcEVAj2I/WQbXaotaHRFu
         FKZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=0rGGk5TlG7sve1jYkAhgjG+txIkMX8x3vOh+Kmoblfo=;
        fh=A6NNGgejDd0F81I6I/9zWdWOtBqD0woImsi6PTqxbkw=;
        b=yxbJVyc6aESWIJZruaWEwnWILX0BDaMutesGV5m7LaodG3ko7VwcjkPjcmTEZmjcjr
         Jqh/eMZxzwM0UOCg5rCQk5+j8wgVeoN7ifTv6kFyAmtivxZvlUc+H1IVyWmlTeuyziEv
         iiI8CZCSGKX2hgZ8AHWjlOILKKNT84GTUVVyBJA8hU/aorWy7ANNfkPa8I72d2cfxp+U
         lc63xRjMF1HOHdL6AGb3SKajCMtbTm0g6Esm20VlSMMNjvECnEg5cCnYMg2OcaAjSp6J
         SKiXbsiMCqj3Vbi8YFmiqHYUZym99Pw24a62oyT9MKgqvsdruFMt/BEczzzmVI8/xdhY
         IAVw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=HKXOtQP4;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from snail.vger.email (snail.vger.email. [23.128.96.37])
        by mx.google.com with ESMTPS id c29-20020a63725d000000b00565e509dc75si9849364pgn.359.2023.09.29.08.30.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 29 Sep 2023 08:30:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=HKXOtQP4;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by snail.vger.email (Postfix) with ESMTP id D60E180941F1;
	Fri, 29 Sep 2023 00:43:07 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232748AbjI2Hm7 (ORCPT <rfc822;yangyccccc@gmail.com> + 99 others);
        Fri, 29 Sep 2023 03:42:59 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44634 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232666AbjI2Hm6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 29 Sep 2023 03:42:58 -0400
Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C938B1A8;
        Fri, 29 Sep 2023 00:42:55 -0700 (PDT)
Received: from pps.filterd (m0279868.ppops.net [127.0.0.1])
        by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 38T7gqhX029961;
        Fri, 29 Sep 2023 07:42:52 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-type; s=qcppdkim1;
 bh=0rGGk5TlG7sve1jYkAhgjG+txIkMX8x3vOh+Kmoblfo=;
 b=HKXOtQP4Rk4qT7DGg6gqFbmWB59JyfgTvq15e6b+F3gFmJQuCL13Vbo09x9PmSBKcRjl
 CFC97MVHIkJ9IbG7caIGU2I5VNxkXuMYGaGAnDTp+frrs1oUzvSNmiPCoam3H3HUcs8D
 iAOZuNFGxwQtR+82hU5lDLgT7gCPty4hF1MVIkkgQhbOBTYk1vn97b7P7zP56TwuzqBN
 S+hkfZpR0h96Q6sxK2ouXen5nJJpDk5APSXQn1YPRM0gTFJonemiEMVDSQjTip7o8En1
 ru5P0KRmGQ/7pjCxllhunt5ARUuxDPhIaO5M2/7bcpoIjGi8aiW5gMCEiEGhEvHU+BSq BA== 
Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20])
        by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3tda4c1t0r-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Fri, 29 Sep 2023 07:42:51 +0000
Received: from nalasex01b.na.qualcomm.com (nalasex01b.na.qualcomm.com [10.47.209.197])
        by NALASPPMTA01.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 38T7goiL018442
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Fri, 29 Sep 2023 07:42:50 GMT
Received: from ekangupt-linux.qualcomm.com (10.80.80.8) by
 nalasex01b.na.qualcomm.com (10.47.209.197) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1118.36; Fri, 29 Sep 2023 00:42:47 -0700
From:   Ekansh Gupta <quic_ekangupt@quicinc.com>
To:     <srinivas.kandagatla@linaro.org>, <linux-arm-msm@vger.kernel.org>
CC:     Ekansh Gupta <quic_ekangupt@quicinc.com>,
        <ekangupt@qti.qualcomm.com>, <gregkh@linuxfoundation.org>,
        <linux-kernel@vger.kernel.org>,
        <fastrpc.upstream@qti.qualcomm.com>, stable <stable@kernel.org>
Subject: [PATCH v1 1/3] misc: fastrpc: Reset metadata buffer to avoid incorrect free
Date:   Fri, 29 Sep 2023 13:12:38 +0530
Message-ID: <1695973360-14369-2-git-send-email-quic_ekangupt@quicinc.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1695973360-14369-1-git-send-email-quic_ekangupt@quicinc.com>
References: <1695973360-14369-1-git-send-email-quic_ekangupt@quicinc.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To
 nalasex01b.na.qualcomm.com (10.47.209.197)
X-QCInternal: smtphost
X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085
X-Proofpoint-GUID: v0axPEQ6M4hpPFkmv_5rN9qqgsl7ITmy
X-Proofpoint-ORIG-GUID: v0axPEQ6M4hpPFkmv_5rN9qqgsl7ITmy
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2023-09-29_05,2023-09-28_03,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0
 mlxlogscore=999 lowpriorityscore=0 spamscore=0 adultscore=0 bulkscore=0
 priorityscore=1501 clxscore=1011 mlxscore=0 impostorscore=0 malwarescore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000
 definitions=main-2309290064
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Fri, 29 Sep 2023 00:43:08 -0700 (PDT)

Metadata buffer is allocated during get_args for any remote call.
This buffer carries buffers, fdlists and other payload information
for the call. If the buffer is not reset, put_args might find some
garbage FDs in the fdlist which might have an existing mapping in
the list. This could result in improper freeing of FD map when DSP
might still be using the buffer. Added change to reset the metadata
buffer after allocation.

Fixes: 8f6c1d8c4f0c ("misc: fastrpc: Add fdlist implementation")
Cc: stable <stable@kernel.org>
Signed-off-by: Ekansh Gupta <quic_ekangupt@quicinc.com>
---
 drivers/misc/fastrpc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index a66b7c1..fb92197 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -958,6 +958,7 @@ static int fastrpc_get_args(u32 kernel, struct fastrpc_invoke_ctx *ctx)
 	if (err)
 		return err;
 
+	memset(ctx->buf->virt, 0, pkt_size);
 	rpra = ctx->buf->virt;
 	list = fastrpc_invoke_buf_start(rpra, ctx->nscalars);
 	pages = fastrpc_phy_page_start(list, ctx->nscalars);
-- 
2.7.4