From patchwork Fri Sep 29 07:42:38 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ekansh Gupta <quic_ekangupt@quicinc.com>
X-Patchwork-Id: 727663
Return-Path: <linux-arm-msm-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by smtp.lore.kernel.org (Postfix) with ESMTP id E3C2BE743F1
 for <linux-arm-msm@archiver.kernel.org>;
 Fri, 29 Sep 2023 07:42:58 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S229754AbjI2Hm6 (ORCPT
 <rfc822;linux-arm-msm@archiver.kernel.org>);
 Fri, 29 Sep 2023 03:42:58 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44634 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S232666AbjI2Hm6 (ORCPT
 <rfc822;linux-arm-msm@vger.kernel.org>);
 Fri, 29 Sep 2023 03:42:58 -0400
Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com
 [205.220.180.131])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C938B1A8;
 Fri, 29 Sep 2023 00:42:55 -0700 (PDT)
Received: from pps.filterd (m0279868.ppops.net [127.0.0.1])
 by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 38T7gqhX029961; Fri, 29 Sep 2023 07:42:52 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-type; s=qcppdkim1;
 bh=0rGGk5TlG7sve1jYkAhgjG+txIkMX8x3vOh+Kmoblfo=;
 b=HKXOtQP4Rk4qT7DGg6gqFbmWB59JyfgTvq15e6b+F3gFmJQuCL13Vbo09x9PmSBKcRjl
 CFC97MVHIkJ9IbG7caIGU2I5VNxkXuMYGaGAnDTp+frrs1oUzvSNmiPCoam3H3HUcs8D
 iAOZuNFGxwQtR+82hU5lDLgT7gCPty4hF1MVIkkgQhbOBTYk1vn97b7P7zP56TwuzqBN
 S+hkfZpR0h96Q6sxK2ouXen5nJJpDk5APSXQn1YPRM0gTFJonemiEMVDSQjTip7o8En1
 ru5P0KRmGQ/7pjCxllhunt5ARUuxDPhIaO5M2/7bcpoIjGi8aiW5gMCEiEGhEvHU+BSq BA==
Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com
 [129.46.96.20])
 by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3tda4c1t0r-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=NOT); Fri, 29 Sep 2023 07:42:51 +0000
Received: from nalasex01b.na.qualcomm.com (nalasex01b.na.qualcomm.com
 [10.47.209.197])
 by NALASPPMTA01.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id
 38T7goiL018442
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=NOT); Fri, 29 Sep 2023 07:42:50 GMT
Received: from ekangupt-linux.qualcomm.com (10.80.80.8) by
 nalasex01b.na.qualcomm.com (10.47.209.197) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1118.36; Fri, 29 Sep 2023 00:42:47 -0700
From: Ekansh Gupta <quic_ekangupt@quicinc.com>
To: <srinivas.kandagatla@linaro.org>, <linux-arm-msm@vger.kernel.org>
CC: Ekansh Gupta <quic_ekangupt@quicinc.com>,
 <ekangupt@qti.qualcomm.com>, <gregkh@linuxfoundation.org>,
 <linux-kernel@vger.kernel.org>,
 <fastrpc.upstream@qti.qualcomm.com>, stable <stable@kernel.org>
Subject: [PATCH v1 1/3] misc: fastrpc: Reset metadata buffer to avoid
 incorrect free
Date: Fri, 29 Sep 2023 13:12:38 +0530
Message-ID: <1695973360-14369-2-git-send-email-quic_ekangupt@quicinc.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1695973360-14369-1-git-send-email-quic_ekangupt@quicinc.com>
References: <1695973360-14369-1-git-send-email-quic_ekangupt@quicinc.com>
MIME-Version: 1.0
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To
 nalasex01b.na.qualcomm.com (10.47.209.197)
X-QCInternal: smtphost
X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800
 signatures=585085
X-Proofpoint-GUID: v0axPEQ6M4hpPFkmv_5rN9qqgsl7ITmy
X-Proofpoint-ORIG-GUID: v0axPEQ6M4hpPFkmv_5rN9qqgsl7ITmy
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2023-09-29_05,2023-09-28_03,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 suspectscore=0 phishscore=0
 mlxlogscore=999 lowpriorityscore=0 spamscore=0 adultscore=0 bulkscore=0
 priorityscore=1501 clxscore=1011 mlxscore=0 impostorscore=0 malwarescore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000
 definitions=main-2309290064
Precedence: bulk
List-ID: <linux-arm-msm.vger.kernel.org>
X-Mailing-List: linux-arm-msm@vger.kernel.org

Metadata buffer is allocated during get_args for any remote call.
This buffer carries buffers, fdlists and other payload information
for the call. If the buffer is not reset, put_args might find some
garbage FDs in the fdlist which might have an existing mapping in
the list. This could result in improper freeing of FD map when DSP
might still be using the buffer. Added change to reset the metadata
buffer after allocation.

Fixes: 8f6c1d8c4f0c ("misc: fastrpc: Add fdlist implementation")
Cc: stable <stable@kernel.org>
Signed-off-by: Ekansh Gupta <quic_ekangupt@quicinc.com>
---
 drivers/misc/fastrpc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index a66b7c1..fb92197 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -958,6 +958,7 @@ static int fastrpc_get_args(u32 kernel, struct fastrpc_invoke_ctx *ctx)
 	if (err)
 		return err;
 
+	memset(ctx->buf->virt, 0, pkt_size);
 	rpra = ctx->buf->virt;
 	list = fastrpc_invoke_buf_start(rpra, ctx->nscalars);
 	pages = fastrpc_phy_page_start(list, ctx->nscalars);