| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK+ZN9oaUh5PPBx5QPCya=hqDM42CQptD2-MrJvMZsypNuZ66A@mail.gmail.com>
Date: Fri, 30 Jan 2026 11:07:38 +0800
From: Xingjing Deng <micro6947@...il.com>
To: Dmitry Baryshkov <dmitry.baryshkov@....qualcomm.com>
Cc: srini@...nel.org, amahesh@....qualcomm.com, arnd@...db.de,
gregkh@...uxfoundation.org, dri-devel@...ts.freedesktop.org,
linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
Xingjing Deng <xjdeng@...a.edu.cn>, stable@...r.kernel.org
Subject: Re: [PATCH v7] misc: fastrpc: check qcom_scm_assign_mem() return in rpmsg_probe
Yes, I found that.
I will release patch v8.
Dmitry Baryshkov <dmitry.baryshkov@....qualcomm.com> 于2026年1月30日周五 10:38写道:
>
> On Fri, Jan 30, 2026 at 07:37:03AM +0800, Xingjing Deng wrote:
> > In the SDSP probe path, qcom_scm_assign_mem() is used to assign the
> > reserved memory to the configured VMIDs, but its return value was not checked.
> >
> > Fail the probe if the SCM call fails to avoid continuing with an
> > unexpected/incorrect memory permission configuration.
> >
> > This issue was found by an in-house analysis workflow that extracts AST-based
> > information and runs static checks, with LLM assistance for triage, and was
> > confirmed by manual code review.
> > No hardware testing was performed.
> >
> > Fixes: c3c0363bc72d4 ("misc: fastrpc: support complete DMA pool access to the DSP")
> > Cc: stable@...r.kernel.org # 6.11-rc1
> > Signed-off-by: Xingjing Deng <xjdeng@...a.edu.cn>
> > ---
> > v7:
> > - Add the detail description of how the tool detect.
> > - Link to v6: https://lore.kernel.org/linux-arm-msm/20260128033454.2614886-1-xjdeng@buaa.edu.cn/
> >
> > v6:
> > - Add description of the detection tool.
> > - Link to v5: https://lore.kernel.org/linux-arm-msm/20260117140351.875511-1-xjdeng@buaa.edu.cn/T/#u
> >
> > v5:
> > - Squash the functional change and indentation fix into a single patch.
> > - Link to v4: https://lore.kernel.org/linux-arm-msm/2026011637-statute-showy-2c3f@gregkh/T/#t
> >
> > v4:
> > - Format the indentation
> > - Link to v3: https://lore.kernel.org/linux-arm-msm/20260113084352.72itrloj5w7qb5o3@hu-mojha-hyd.qualcomm.com/T/#t
> >
> > v3:
> > - Add missing linux-kernel@...r.kernel.org to cc list.
> > - Standarlize changelog placement/format.
> > - Link to v2: https://lore.kernel.org/linux-arm-msm/20260113063618.e2ke47gy3hnfi67e@hu-mojha-hyd.qualcomm.com/T/#t
> >
> > v2:
> > - Add Fixes: and Cc: stable tags.
> > - Link to v1: https://lore.kernel.org/linux-arm-msm/20260113022550.4029635-1-xjdeng@buaa.edu.cn/T/#u
> > ---
> > drivers/misc/fastrpc.c | 5 ++++-
> > 1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> > index ee652ef01534..8bac2216cb20 100644
> > --- a/drivers/misc/fastrpc.c
> > +++ b/drivers/misc/fastrpc.c
> > @@ -2337,8 +2337,11 @@ static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev)
> > if (!err) {
> > src_perms = BIT(QCOM_SCM_VMID_HLOS);
> >
> > - qcom_scm_assign_mem(res.start, resource_size(&res), &src_perms,
> > + err = qcom_scm_assign_mem(res.start, resource_size(&res), &src_perms,
> > data->vmperms, data->vmcount);
> > + if (err) {
> > + goto err_free_data;
> > + }
>
> I think, checkpatch should warn here about unnecessary braces.
>
> > }
> >
> > }
> > --
> > 2.25.1
> >
>
> --
> With best wishes
> Dmitry
Powered by blists - more mailing lists