git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ekansh Gupta <quic_ekangupt@quicinc.com>
	Fri, 10 Jan 2025 13:42:38 +0000 (13:42 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 21 Feb 2025 12:49:52 +0000 (13:49 +0100)
commit	9c37be4abf7feb9e7bc9e6e6b7b65a24f87ca609
tree	d003e1239f444c4e341965cae6fa8946d5e0589c	tree \| snapshot
parent	894efd31d02a4d432ddc1b87420e0a20fbbde4ac	commit \| diff

misc: fastrpc: Fix registered buffer page address

commit 6ca4ea1f88a06a04ed7b2c9c6bf9f00833b68214 upstream.

For registered buffers, fastrpc driver sends the buffer information
to remote subsystem. There is a problem with current implementation
where the page address is being sent with an offset leading to
improper buffer address on DSP. This is leads to functional failures
as DSP expects base address in page information and extracts offset
information from remote arguments. Mask the offset and pass the base
page address to DSP.

This issue is observed is a corner case when some buffer which is registered
with fastrpc framework is passed with some offset by user and then the DSP
implementation tried to read the data. As DSP expects base address and takes
care of offsetting with remote arguments, passing an offsetted address will
result in some unexpected data read in DSP.

All generic usecases usually pass the buffer as it is hence is problem is
not usually observed. If someone tries to pass offsetted buffer and then
tries to compare data at HLOS and DSP end, then the ambiguity will be observed.

Fixes: 80f3afd72bd4 ("misc: fastrpc: consider address offset before sending to DSP")
Cc: stable@kernel.org
Signed-off-by: Ekansh Gupta <quic_ekangupt@quicinc.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20250110134239.123603-3-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>