Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp1212732lqb; Thu, 30 May 2024 04:00:40 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXKj6zeNVnj3jxlH+nKxfm1Fa3AbSzGuItv3iiC42w/jYctFEWRrMtqftqrt1zr8ndrVJGTITa71fwqup2TesZsqF9z/mRBbB+zcQmxWw== X-Google-Smtp-Source: AGHT+IHyyi01EqTLlkhBfLpwpIL6Th6shsF7GkKUy5VUyLFR20hEvwKR850jkKRUnERk5jeVJ33K X-Received: by 2002:a50:cdc9:0:b0:578:6a0e:47f0 with SMTP id 4fb4d7f45d1cf-57a177c56cfmr1161448a12.11.1717066839888; Thu, 30 May 2024 04:00:39 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717066839; cv=pass; d=google.com; s=arc-20160816; b=sbeyvWLwAgC9H4/O7/9cUq8PfZZUSuFNFDoWKqpDYmbT5Z79Yjjf9ld+ygzEWyF5y/ wOzAo0BE5wcNGEGAqTPYtB0C4/RcMgJihK2Ezd4Q84960Df1hnHcAqyFOJOd7krk2j/I 3oMCqqDWVIQarDW+ANUAneMLtlBx3BI7kj00oSKcvcuj0TWq43qDK+S5N5Kwb0JQ9/t1 OaCUSQ9R7yXmQy2gEkROLuwAYTEpb76iDRYLSZWYKPJjYfYI696sEE+HezQn823gi4wH Xoe2H3cx9mau11fV3cOYO3SBLvqV/LrtcEzplAQHkhj6WODow/XZTcMEzfcZwOmGnPCY 201g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=ZLmMfTZOf1ncPAiMphJf/hzLTXpE5zXvNOVM9cB3vug=; fh=D574za8Vu7Wrdk7TkMdHch+lDltHKxpzpGdt997tbGE=; b=A6Gaf7FV2+8qhO1cj3IPmRkv2BJPg+u597Zq7wdUvXFKO5AZybT1gZWIxmQxwtBjvI G1Pkg80TLxPCA29aBu0lltWFwQ/Grn8zDD98V0mIwztwY7cMM3EJUXhdwLQ6e8AvHK84 hiu0o+QQONNyr6M3Cbqn1+b+FbS+GTk/e2aHThwc32fS7e6Z+TKUotxQVHXGX4PcQebv x8MI6JFVLGWYm/lZUwdu6DXv9R54hFdTB5GSEx4cfUlEY/XJ4BNZySa0NiYXixoRxAqq yiH91V9jaihE9DxWCs/+KfCQtojrUjQTXSlsFoRPnEdDJnFOx7SeQdUPMa/5Hw8BKTv6 REwQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=msmmZocF; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-195281-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-195281-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-579c6166f52si5506998a12.572.2024.05.30.04.00.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 04:00:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-195281-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=msmmZocF; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-195281-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-195281-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 993C61F22962 for ; Thu, 30 May 2024 11:00:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 38F8A16EC10; Thu, 30 May 2024 11:00:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="msmmZocF" Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com [209.85.208.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E5101078B for ; Thu, 30 May 2024 11:00:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.181 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717066832; cv=none; b=p/9dR4xfd3pZxLkwATy356YLtEYAIBarYNT/Z7OTPMYq+AaQ6sJX6Oh5rRr2MVyzS0N33WQika+VJqUmEl1Ma4sJPjnHZF6xZ88vQFC3NZ4v1xfHqfM/F+akqySHwnMd1Be2O9tNvi5UmkvDBfklWkUiYB9JkVvzaKS+CxSgFJI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717066832; c=relaxed/simple; bh=rEI9DBa1j4BnVdoajTpb+tL8h1oh0Y6i4rM4cqp3UDI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=FUGuFGy9J62m7G1KrTYWpzGo8UCZ94S+PvupiUVms5GeOOzeIk+27CObmqT84rMBd1QYz4YmLSjoI2sJGzi2jLMSy2WZlPOI/6z8hcJw6hAkhHKI+H50kjpXqlFCVGCEEJbMV14hW4ecepi5IA/N49XjeNjDgk/UKWGCVCWi5GI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=msmmZocF; arc=none smtp.client-ip=209.85.208.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-lj1-f181.google.com with SMTP id 38308e7fff4ca-2e724bc46c4so7281341fa.2 for ; Thu, 30 May 2024 04:00:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1717066828; x=1717671628; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=ZLmMfTZOf1ncPAiMphJf/hzLTXpE5zXvNOVM9cB3vug=; b=msmmZocFtCm4QUEwY3pq9rrdLwHWZ/lOvoPZEpTGW+7BXtH66JjgRl6BtmNO/7sqQv nboy/tYqLqoWELVsz9YVLXfoPQf+RQGssuUF+dWMmRXCet1VbAjC3cE94FMFQrZGM0Wt MQUXP04AKwYt9kOh+OyKYWOmmZrknujCP8P3DAiez2qdCpOnwei1RY3VLGcO2Y0OTqNw WnKdI12qVQ+TlKGcS6vHw8/1V3XPGjrpa777HvmDZ4haZjsi78FT2NoibW+nweork3UZ 4Dfql/azY+F7D2RzjU5ogp7FfXVhjpa35rjet7hAh3ZKrxtLh7NB0vWGwbOu6o42yf5W 5qkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717066828; x=1717671628; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ZLmMfTZOf1ncPAiMphJf/hzLTXpE5zXvNOVM9cB3vug=; b=vvB074e6U8hH6llUzpv2C3M2MZV68VeAn9vx44mgvgIFH5x9KdMkLbhm05w4bpODC8 1IgxCHxSrT0G76ffYOjdeGW4VBOcnDHvqnTmqnA2XHMDhNDK/cOHhahhkLpx0ihaAwDc rLFWs6m+qYxG1ZeVovz7poyeQ8wZwqmaI1hU03eKB6gPzW62kyNE9leqJMkWMkIb5goI QzBNck7yNDJ/6inGSJnNWVx2tCY+2UF8qbk1jrJMs34TbhsCvrdI73QyEx2bCngMrnBN WaMRx55Dj+4D7PFwC6kJC4he/TGMRSJ5U9Xp4zCffrnf30m77e/GQ4uVSq9zeS8JbeLE UMCA== X-Forwarded-Encrypted: i=1; AJvYcCVxzFb/ayMlVqpeglo/jlIzYruPAWquSJ19FHtne7ZHTdc+GytXEGFkww7J8pczhANMEZzd+oQxRhV1U5dOJMc9ilI62CR9jKxp2J05 X-Gm-Message-State: AOJu0Yw1Mzcojvde4GY4yuRxvtb0F5AwxDTfafpPQuj3MvIpfNawgnMk 1K5SXgFG7Q+LWtQ2szVobODPX9ePmseO+bH97v4uA8ruLyT3KM7WCmKsBK7rNZU= X-Received: by 2002:a2e:9e44:0:b0:2df:907e:6de3 with SMTP id 38308e7fff4ca-2ea848844d3mr9698541fa.35.1717066827745; Thu, 30 May 2024 04:00:27 -0700 (PDT) Received: from eriador.lumag.spb.ru (dzdbxzyyyyyyyyyyyykxt-3.rev.dnainternet.fi. [2001:14ba:a0c3:3a00::227]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-2ea803cc73asm3191881fa.8.2024.05.30.04.00.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 04:00:27 -0700 (PDT) Date: Thu, 30 May 2024 14:00:25 +0300 From: Dmitry Baryshkov To: Ekansh Gupta Cc: srinivas.kandagatla@linaro.org, linux-arm-msm@vger.kernel.org, gregkh@linuxfoundation.org, quic_bkumar@quicinc.com, linux-kernel@vger.kernel.org, quic_chennak@quicinc.com, stable Subject: Re: [PATCH v3 3/9] misc: fastrpc: Fix memory corruption in DSP capabilities Message-ID: References: <20240530102032.27179-1-quic_ekangupt@quicinc.com> <20240530102032.27179-4-quic_ekangupt@quicinc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240530102032.27179-4-quic_ekangupt@quicinc.com> On Thu, May 30, 2024 at 03:50:21PM +0530, Ekansh Gupta wrote: > DSP capabilities request is sending bad size to utilities skel > call which is resulting in memory corruption. Pass proper size > to avoid the corruption. > > Fixes: 6c16fd8bdd40 ("misc: fastrpc: Add support to get DSP capabilities") > Cc: stable > Signed-off-by: Ekansh Gupta Should be squashed to the previous commit. > --- > drivers/misc/fastrpc.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c > index 61389795f498..3e1ab58038ed 100644 > --- a/drivers/misc/fastrpc.c > +++ b/drivers/misc/fastrpc.c > @@ -1695,6 +1695,7 @@ static int fastrpc_get_info_from_dsp(struct fastrpc_user *fl, uint32_t *dsp_attr > > /* Capability filled in userspace */ > dsp_attr_buf[0] = 0; > + dsp_attr_buf_len -= 1; > > args[0].ptr = (u64)(uintptr_t)&dsp_attr_buf_len; > args[0].length = sizeof(dsp_attr_buf_len); > -- > 2.43.0 > -- With best wishes Dmitry