Re: [PATCH -next] firmware: imx: secure-enclave: bound read copy by user buffer size

Next message: Ian Rogers: "Re: [RFT PATCH v2 1/7] perf stat: Check color's length instead of the pointer"
Previous message: Ben Horgan: "[PATCH 0/3] arm_mpam: NRDY fixes"
In reply to: Pankaj Gupta: "[PATCH -next] firmware: imx: secure-enclave: bound read copy by user buffer size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Frank Li

Date: Thu May 07 2026 - 11:33:46 EST

On Thu, 07 May 2026 19:00:16 +0530, Pankaj Gupta wrote:
> se_if_fops_read() copied the full received message to userspace without
> checking the size of the user-provided buffer. If the receive message
> was larger than the buffer passed to read(), this could overflow user
> memory.
>
> Fix this by limiting the copy length to the minimum of the userspace
> buffer size and the received message size. Also drop logging on
> copy_to_user() failure, as returning -EFAULT is sufficient.
>
> [...]

Applied, thanks!

[1/1] firmware: imx: secure-enclave: bound read copy by user buffer size
change min_t() to min() and squash to
4de71839142b ("firmware: drivers: imx: adds miscdev")

Best regards,
--
Frank Li <Frank.Li@xxxxxxx>