Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp329266lqh; Fri, 31 May 2024 02:37:56 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUagNwoRvCqH6oDMQIyZTsuI3MnjyAF+PG3MTghU1USMTob57mW+a2O23aXODMjyd2v2pqRDpExShD03Ax2O4xOUBICh4/Ala36BmPzaQ== X-Google-Smtp-Source: AGHT+IFjNalq9R3YzsTCvHVjczR9cQcilv8zgKQpFoipQf500NW0+3IMqFMOK6j5QgfXFz2foE3Q X-Received: by 2002:a05:6a00:2343:b0:702:2f19:659c with SMTP id d2e1a72fcca58-702478c7cc2mr1326355b3a.31.1717148275758; Fri, 31 May 2024 02:37:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717148275; cv=pass; d=google.com; s=arc-20160816; b=ZOcQlv2y4KYnS8S6Y6SVDtIrEoyFIl5i6Jzt5tZ7YFpvh3ElJtHNCi/LJRqKP/7ktg Cw7/uRH24yXKzvQwK5iudWCoYFVEc+/B3KTgzXkRJDdLaGHG5n0xH369/I4Uqvf+GLMM pFYYxqv9+ivEVwBdGj6GtEnkiKjfLalWltrMhWxp2hluQ6xyGK5N0O9OW1UDaDIA4lve vsTtS3xeBP4XrmzZMHCD5NMK+EI2XRd+aK8OijHQO1//9V9dz3Vjc0afLTXCOKEn+Vci ARzkec17XsyxmxHVLeLoZDG7MrG1un4Zcru80j0mHrIqXmzUYfDVmf8jWUM2g2zBpSZ6 S32Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=rcdLBOINP87SaDpYnAUw0WSUnmkqMYhFo7uH6mOOQg4=; fh=SzL3bb5tWLoKyIxWijNoGGvCq9Z37GbSHhJQdpwVEeE=; b=esjQq8yzUPd/v1Y4cz37VZ3WZoUyIhFoOnuItVSdMXHwVoP8XHkPQnWqjzWDSv7kZn INfdSBuEq5kj+oNfi5wS/iTB4FiD1tQ+WsoVR8f4q/a2MmxDa2p5uIWypaQ3GXi0rn/r dKZ+cmvZJBZh2tsRJEx5Y71EqxQeKvZKWg5XWmmBc/N7TfSnP5qzA6a6CsvAxuU/ADxm FAGBjkdk78ukwGokSWoY4G+p8iag2v73EP13JVHUSG2Vzbts2F4AQjm/jrg7FLFETu0U JCn73P1BXNFPzEbKrjYxbfw0V8qDiWLCK8M4xExidjbw+y4CMkeER9/c4r9dWgIyC6bv VWmA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NGVNquEo; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-196601-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-196601-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d2e1a72fcca58-702425ecb3fsi1267207b3a.87.2024.05.31.02.37.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 May 2024 02:37:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-196601-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NGVNquEo; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-196601-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-196601-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 6145B284B38 for ; Fri, 31 May 2024 09:37:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 901EC140369; Fri, 31 May 2024 09:36:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="NGVNquEo" Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com [209.85.208.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 054A91420D0 for ; Fri, 31 May 2024 09:36:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.176 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717148191; cv=none; b=cXMbSxeX63q2xoNfks0oMSpA2i/0/Y2Gk9L9mU+dHtLE7+X/IQEnYSxZiDG2Yq1jctGe1k/4+FhIrAjsjumjlTx7lNd/NdoQBpjdYyWTMJ810fuZBcBGGQSvTMW9piGQ7Xb6wnNcrWfFl3/HY2PcLiIPdFfrHWjyoMj/1q05hac= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717148191; c=relaxed/simple; bh=ypzlDlyeD6OBpBGbfrvhK4Qr2DmtcCy4TkdN/A9qKAU=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=up7Y3bPA17wszQtVryRNzACwBBHF5TRODKcXw8zHob0AHvzWW6IzgIhFdQj4V8+XWJuN0XAYZzPFV/A+XfKMVlByYTxykfW7g1/H5uumZAvnuNnPh+yYrDPABru5ErMuQDgeDdcJe85A02qPlp/9Alzcf/uT4RD6eVhTvrWm9Lg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=NGVNquEo; arc=none smtp.client-ip=209.85.208.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-lj1-f176.google.com with SMTP id 38308e7fff4ca-2e73359b979so9990431fa.1 for ; Fri, 31 May 2024 02:36:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1717148188; x=1717752988; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=rcdLBOINP87SaDpYnAUw0WSUnmkqMYhFo7uH6mOOQg4=; b=NGVNquEoTCylOpy4qwRLeNXGpUeOOF1OTWLNeVC+CKFM1RQrpn4ggVx7hFinEl6KFz z69NVkq9J3bs6uM/0yAUC5eR95E79Mz7VWC47YolVjbOJLSqWvBh2h6pGifaSbgD8c6v eNMI1dtYsXw3Do96CmMKB6ZLiQK3OgAoqeeAeYEQuTmp7Wf4gHGBautxUTI/YWHAWY+t B7vclE7q9TO3G82rKOBg9h7sFB3wqarZ3iQmtGjlpmIlfsRsuyYtTJslQLhZT7Rhr2jF CrWaCuDgxNVPUpKpCTo7ceiFlNsH4UF4No8+/HnVfrqK6F2In6mbYOGNqTOKb0PF/4PS uv2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717148188; x=1717752988; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rcdLBOINP87SaDpYnAUw0WSUnmkqMYhFo7uH6mOOQg4=; b=CA1s9TwnXG4Kgrr1iCK3cmZlVoHPtika4LEkgibBvZPb5m6syE+oTpqlDbZykIGb0O okjo0S6Oy4EF2j8qdHusWsyK1yQqwq9dF43dOUzMq2fYkSUQIkUtAoPMuJs5tOJJQmru L4ZQjSF1D7Wx4I0f8Djnr35BQzm0ftqbRDjgeXIa0NJaBAOPKGqOnBzZVgcOhXySQF5/ y5pVB3oFHMVkObzhhSdZk7YI0u/cn7IUbBAOmsMkgmNZUVd/CyaRTQC2aQNXyfa3ligR 5gpeynySDGkcy/pHq+c2YxEkIdpAlfaO4v7WTfsCMuaMHpL+nLun+sIUbA4LolHqLuh6 s/rg== X-Forwarded-Encrypted: i=1; AJvYcCWLbqq6GDlvkHoPjLdJXadUsR39BT+lHcGv4i+XzWQ04iRqnLUqZDM2VH0BgIfwxfbB/eb5AgeLvd86CISJTEwbi98rz2r4yKUuXNjP X-Gm-Message-State: AOJu0Yy7E90EP+44SQ3I41tFf1+aH4Z8XOso70ZFBiux2NVvgd4Rx/Pf rzUzi7ILIVwCQfMGh0cibv0U0KBCHCKSI3R6mgrDUQxEZ4vyYTni/cDMwEiu0yuGPZVMYRcrRNG r X-Received: by 2002:a2e:870d:0:b0:2e9:8a16:fe31 with SMTP id 38308e7fff4ca-2ea950aee36mr10497401fa.2.1717148188184; Fri, 31 May 2024 02:36:28 -0700 (PDT) Received: from [192.168.86.191] ([5.133.47.210]) by smtp.googlemail.com with ESMTPSA id 5b1f17b1804b1-4212b838b83sm19727145e9.10.2024.05.31.02.36.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 31 May 2024 02:36:27 -0700 (PDT) Message-ID: <6bdd3a9e-2c02-4b65-89ac-918a1157b120@linaro.org> Date: Fri, 31 May 2024 10:36:27 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 3/9] misc: fastrpc: Fix memory corruption in DSP capabilities To: Ekansh Gupta , linux-arm-msm@vger.kernel.org Cc: gregkh@linuxfoundation.org, quic_bkumar@quicinc.com, linux-kernel@vger.kernel.org, quic_chennak@quicinc.com, stable References: <20240530102032.27179-1-quic_ekangupt@quicinc.com> <20240530102032.27179-4-quic_ekangupt@quicinc.com> Content-Language: en-US From: Srinivas Kandagatla In-Reply-To: <20240530102032.27179-4-quic_ekangupt@quicinc.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 30/05/2024 11:20, Ekansh Gupta wrote: > DSP capabilities request is sending bad size to utilities skel What you exactly mean by this? Curretly driver is sending 1024 bytes of buffer, why is DSP not happy with this size? > call which is resulting in memory corruption. Pass proper size What does proper size mean? > to avoid the corruption. > > Fixes: 6c16fd8bdd40 ("misc: fastrpc: Add support to get DSP capabilities") > Cc: stable > Signed-off-by: Ekansh Gupta > --- > drivers/misc/fastrpc.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c > index 61389795f498..3e1ab58038ed 100644 > --- a/drivers/misc/fastrpc.c > +++ b/drivers/misc/fastrpc.c > @@ -1695,6 +1695,7 @@ static int fastrpc_get_info_from_dsp(struct fastrpc_user *fl, uint32_t *dsp_attr > > /* Capability filled in userspace */ > dsp_attr_buf[0] = 0; > + dsp_attr_buf_len -= 1; is DSP expecting 255 *4 bytes instead of 256 *4? --srini > > args[0].ptr = (u64)(uintptr_t)&dsp_attr_buf_len; > args[0].length = sizeof(dsp_attr_buf_len);