lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230109223801.1706213-1-quic_bjorande@quicinc.com>
Date:   Mon, 9 Jan 2023 14:38:01 -0800
From:   Bjorn Andersson <quic_bjorande@...cinc.com>
To:     Bjorn Andersson <andersson@...nel.org>,
        Mathieu Poirier <mathieu.poirier@...aro.org>
CC:     Sricharan Ramabadhran <quic_srichara@...cinc.com>,
        Arun Kumar Neelakantam <quic_aneelaka@...cinc.com>,
        <linux-arm-msm@...r.kernel.org>,
        <linux-remoteproc@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH] rpmsg: glink: Avoid infinite loop on intent for missing channel

In the event that an intent advertisement arrives on an unknown channel
the fifo is not advanced, resulting in the same message being handled
over and over.

Fixes: dacbb35e930f ("rpmsg: glink: Receive and store the remote intent buffers")
Signed-off-by: Bjorn Andersson <quic_bjorande@...cinc.com>
---
 drivers/rpmsg/qcom_glink_native.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c
index f36740cb6866..7b1320b1579e 100644
--- a/drivers/rpmsg/qcom_glink_native.c
+++ b/drivers/rpmsg/qcom_glink_native.c
@@ -946,12 +946,12 @@ static void qcom_glink_handle_intent(struct qcom_glink *glink,
 	spin_unlock_irqrestore(&glink->idr_lock, flags);
 	if (!channel) {
 		dev_err(glink->dev, "intents for non-existing channel\n");
-		return;
+		goto advance_rx;
 	}
 
 	msg = kmalloc(msglen, GFP_ATOMIC);
 	if (!msg)
-		return;
+		goto advance_rx;
 
 	qcom_glink_rx_peak(glink, msg, 0, msglen);
 
@@ -973,6 +973,7 @@ static void qcom_glink_handle_intent(struct qcom_glink *glink,
 	}
 
 	kfree(msg);
+advance_rx:
 	qcom_glink_rx_advance(glink, ALIGN(msglen, 8));
 }
 
-- 
2.37.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ