Re: [PATCH 0/3] misc: fastrpc: fix memory corruption

From: Srinivas Kandagatla
Date: Fri Sep 02 2022 - 06:02:47 EST

Next message: Hans de Goede: "Re: [PATCH v3 2/3] ACPI: PMIC: Replace open coded be16_to_cpu()"
Previous message: Yu Kuai: "Re: [PATCH -next 2/3] md/raid10: convert resync_lock to use seqlock"
Next in thread: Johan Hovold: "Re: [PATCH 0/3] misc: fastrpc: fix memory corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Johan,

On 29/08/2022 09:05, Johan Hovold wrote:

The fastrpc driver uses a fixed-sized array to store its sessions but
missing and broken sanity checks could lead to memory beyond the array
being corrupted.

This specifically happens on SC8280XP platforms that use 14 sessions for
the compute DSP.

Thanks for doing this.

I see that we hit this issue once again, and the way we are fixing it is not really scalable. We should really get rid of FASTRPC_MAX_SESSIONS.

We should allocate the sessions dynamically based in the child node count and qcom,nsessions.

thanks,
Srini

These are all needed for 6.0.

Johan

Johan Hovold (3):
misc: fastrpc: fix memory corruption on probe
misc: fastrpc: fix memory corruption on open
misc: fastrpc: increase maximum session count

drivers/misc/fastrpc.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)

Next message: Hans de Goede: "Re: [PATCH v3 2/3] ACPI: PMIC: Replace open coded be16_to_cpu()"
Previous message: Yu Kuai: "Re: [PATCH -next 2/3] md/raid10: convert resync_lock to use seqlock"
Next in thread: Johan Hovold: "Re: [PATCH 0/3] misc: fastrpc: fix memory corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]