Re: [PATCH v4 3/4] misc: fastrpc: Allocate entire reserved memory for Audio PD in probe

[Dmitry Baryshkov]

On Sun, 19 Apr 2026 at 13:06, Jianping Li <jianping.li@xxxxxxxxxxxxxxxx> wrote:
>
>
> On 4/18/2026 2:31 AM, Dmitry Baryshkov wrote:
> > On Thu, Apr 09, 2026 at 02:26:16PM +0800, Jianping Li wrote:
> >> Allocating and freeing Audio PD memory from userspace is unsafe because
> >> the kernel cannot reliably determine when the DSP has finished using the
> >> memory. Userspace may free buffers while they are still in use by the DSP,
> >> and remote free requests cannot be safely trusted.
> >>
> >> Allocate the entire Audio PD reserved-memory region upfront during rpmsg
> >> probe and tie its lifetime to the rpmsg channel. This avoids userspace-
> >> controlled alloc/free and ensures memory is reclaimed only when the DSP
> >> shuts down.
> >>
> >> Signed-off-by: Jianping Li <jianping.li@xxxxxxxxxxxxxxxx>
> >> ---
> >>   drivers/misc/fastrpc.c | 104 +++++++++++++++++++++--------------------
> >>   1 file changed, 53 insertions(+), 51 deletions(-)
> >>
> >> diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> >> index 148085c3b61a..a67ae991c0b0 100644
> >> --- a/drivers/misc/fastrpc.c
> >> +++ b/drivers/misc/fastrpc.c
> >> @@ -276,6 +276,8 @@ struct fastrpc_channel_ctx {
> >>      struct kref refcount;
> >>      /* Flag if dsp attributes are cached */
> >>      bool valid_attributes;
> >> +    /* Flag if audio PD init mem was allocated */
> >> +    bool audio_init_mem;
> >>      u32 dsp_attributes[FASTRPC_MAX_DSP_ATTRIBUTES];
> >>      struct fastrpc_device *secure_fdevice;
> >>      struct fastrpc_device *fdevice;
> >> @@ -1295,15 +1297,16 @@ static int fastrpc_init_create_static_process(struct fastrpc_user *fl,
> >>      struct fastrpc_init_create_static init;
> >>      struct fastrpc_invoke_args *args;
> >>      struct fastrpc_phy_page pages[1];
> >> +    struct fastrpc_channel_ctx *cctx = fl->cctx;
> > What was the base for this series? It doesn't apply to linux-next. The
> > code here is different.
>
> This series is based on the patch submitted last month. I will redo the next version of
> the patch based on the latest linux-next submission.

Please switch to b4 and use `b4 prep --edit-deps` to specify base
commit and dependencies.

>
> Thanks,
> Jianping.
>
> >
> >>      char *name;
> >>      int err;
> >> -    bool scm_done = false;
> >>      struct {
> >>              int client_id;
> >>              u32 namelen;
> >>              u32 pageslen;
> > This struct is way bigger.
>
> In the fastrpc_init_create_static_process function, the
> inbuf structure has only three members; it only becomes bigger in the
> fastrpc_init_create_process function.
>
> >
> >>      } inbuf;
> >>      u32 sc;
> >> +    unsigned long flags;
> >>
> >>      args = kzalloc_objs(*args, FASTRPC_CREATE_STATIC_PROCESS_NARGS);
> >>      if (!args)



-- 
With best wishes
Dmitry