Re: [PATCH v2] remoteproc: qcom: Fix minidump out-of-bounds access on subsystems array

Next message: Eliot Courtney: "Re: [PATCH v10 01/21] gpu: nova-core: gsp: Return GspStaticInfo from boot()"
Previous message: Xu Yang: "Re: [PATCH] usb: chipidea: udc: reject non-control requests while controller is suspended"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Konrad Dybcio

Date: Wed Apr 01 2026 - 04:38:40 EST

On 3/31/26 7:12 PM, Mukesh Ojha wrote:
> MAX_NUM_OF_SS was hardcoded to 10 in the minidump_global_toc struct,
> which is a direct overlay on an SMEM item allocated by the firmware.
> Newer Qualcomm SoC firmware allocates space for more subsystems, while
> older firmware only allocates space for 10. Bumping the constant would
> cause Linux to read/write beyond the SMEM item boundary on older
> platforms.
>
> Fix this by converting subsystems[] to a flexible array member and
> deriving the actual number of subsystems at runtime from the size
> returned by qcom_smem_get(). Add a bounds check on minidump_id against
> the derived count before indexing into the array.
>
> Signed-off-by: Mukesh Ojha <mukesh.ojha@xxxxxxxxxxxxxxxx>
> ---

Acked-by: Konrad Dybcio <konrad.dybcio@xxxxxxxxxxxxxxxx>

Konrad