superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers
History
Tudor Ambarus f133bd4b5d firmware: samsung: acpm: Fix cross-thread RX length corruption 
Sashiko identified a cross-thread RX length corruption bug when
reviewing the thermal addition to ACPM [1].

When multiple threads concurrently send IPC requests, the ACPM polling
mechanism can encounter responses belonging to other threads. To drain
the queue, the driver saves these concurrent responses into an internal
cache (`rx_data->cmd`) to be retrieved later by the owning thread.

Previously, the driver incorrectly used `xfer->rxcnt` (the expected
receive length of the *current* polling thread) when copying data for
*other* threads into this cache. If the threads expected responses of
different lengths, this resulted in buffer underflows (leading to reads
of uninitialized memory) or potential buffer overflows.

Fix this by replacing the boolean `response` flag in
`struct acpm_rx_data` with `rxcnt`, caching the exact expected receive
length for each specific transaction during transfer preparation. Use
this cached length when saving concurrent responses.

Consequently, ensure that `xfer->rxcnt` is explicitly zeroed in driver
helpers (e.g., `acpm_dvfs_set_xfer`) for fire-and-forget messages to
prevent uninitialized stack garbage from being interpreted as a massive
expected receive length.

Cc: stable@vger.kernel.org
Fixes: a88927b534 ("firmware: add Exynos ACPM protocol driver")
Closes: https://sashiko.dev/#/patchset/20260420-acpm-tmu-v3-0-3dc8e93f0b26%40linaro.org [1]
Reported-by: Titouan Ameline de Cadeville <titouan.ameline@gmail.com>
Closes: https://lore.kernel.org/r/20260426210255.73674-1-titouan.ameline@gmail.com/
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Link: https://patch.msgid.link/20260505-acpm-fixes-sashiko-reports-v5-1-43b5ee7f1674@linaro.org
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
 		2026-05-14 18:54:34 +02:00
..
accel drm for v7.1-rc1 2026-04-15 08:45:00 -07:00
accessibility
acpi ACPI support fixes for 7.1-rc1 2026-04-23 12:29:22 -07:00
amba
android Char/Misc/IIO/and others driver updates for 7.1-rc1 2026-04-24 13:23:50 -07:00
ata ata changes for 7.1-rc1 2026-04-15 15:03:01 -07:00
atm net: remove unused ATM protocols and legacy ATM device drivers 2026-04-23 12:21:14 -07:00
auxdisplay
base regmap: Fixes for v7.1 2026-04-24 12:11:26 -07:00
bcma
block block-7.1-20260424 2026-04-24 15:06:55 -07:00
bluetooth Bluetooth: hci_qca: Fix missing wakeup during SSR memdump handling 2026-04-13 09:19:42 -04:00
bus Char/Misc/IIO/and others driver updates for 7.1-rc1 2026-04-24 13:23:50 -07:00
cache
cdrom
cdx
char Here are the accumulated fixes for 7.1-rc1 and a single structural worth of 2026-04-25 16:20:52 -07:00
clk One more fix for the merge window to avoid a boot hang on 2026-04-26 14:03:20 -07:00
clocksource
comedi Char/Misc/IIO/and others driver updates for 7.1-rc1 2026-04-24 13:23:50 -07:00
connector
counter Linux 7.0-rc7 2026-04-06 09:04:53 +02:00
cpufreq Devicetree updates for v7.1: 2026-04-17 14:09:02 -07:00
cpuidle powerpc updates for 7.1 2026-04-14 17:10:15 -07:00
crypto crypto: ccp - copy IV using skcipher ivsize 2026-04-16 17:37:03 +08:00
cxl CXL changes for v7.1 2026-04-17 15:52:58 -07:00
dax dax changes for 7.1 2026-04-21 14:12:01 -07:00
dca
devfreq PM / devfreq: tegra30-devfreq: add support for Tegra114 2026-04-04 03:15:39 +09:00
dibs
dio
dma dmaengine updates for v7.1 2026-04-17 10:29:01 -07:00
dma-buf drm fixes for 7.1-rc1 2026-04-24 11:44:52 -07:00
dpll dpll: zl3073x: add ref-sync pair support 2026-04-12 08:27:34 -07:00
edac - Add new AMD MCA bank names and types to the MCA code, preceded by a clean 2026-04-14 15:32:39 -07:00
eisa
extcon
firewire
firmware firmware: samsung: acpm: Fix cross-thread RX length corruption 2026-05-14 18:54:34 +02:00
fpga
fsi
fwctl fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal 2026-04-10 11:21:06 -03:00
gnss
gpib Linux 7.0-rc7 2026-04-06 09:04:53 +02:00
gpio gpio fixes for v7.1-rc1 2026-04-24 11:59:46 -07:00
gpu drm fixes for 7.1-rc1 2026-04-24 11:44:52 -07:00
greybus greybus: gb-beagleplay: bound bootloader receive buffering 2026-04-02 15:55:09 +02:00
hid Input updates for v7.1-rc0 2026-04-22 18:36:40 -07:00
hsi HSI: omap_ssi_port: remove depends on ARM 2026-04-02 22:33:44 +02:00
hte hte: tegra194: Add Tegra264 GTE support 2026-04-12 23:29:31 -07:00
hv drm fixes for 7.1-rc1 2026-04-24 11:44:52 -07:00
hwmon hwmon updates for 7.1 2026-04-15 14:37:32 -07:00
hwspinlock hwspinlock: u8500: delete driver 2026-04-06 09:43:18 -05:00
hwtracing Char/Misc/IIO/and others driver updates for 7.1-rc1 2026-04-24 13:23:50 -07:00
i2c i2c-host for v7.1, part 2 2026-04-20 00:03:38 +02:00
i3c i3c: mipi-i3c-hci: fix IBI payload length calculation for final status 2026-04-12 22:06:02 +02:00
idle
iio Char/Misc/IIO/and others driver updates for 7.1-rc1 2026-04-24 13:23:50 -07:00
infiniband SCSI misc on 20260421 2026-04-21 08:22:18 -07:00
input Input updates for v7.1-rc0 2026-04-22 18:36:40 -07:00
interconnect This pull request contains the interconnect changes for the 7.1-rc1 2026-04-07 10:06:50 +02:00
iommu dma-mapping updates for Linux 7.0: 2026-04-17 11:12:42 -07:00
ipack
irqchip Arm: 2026-04-17 07:18:03 -07:00
leds leds: class: Make led_remove_lookup() NULL-aware 2026-04-09 13:49:19 +01:00
macintosh
mailbox
mcb
md Device Mapper patches for 7.1 2026-04-15 15:11:05 -07:00
media rpmsg updates for v7.1 2026-04-17 14:18:55 -07:00
memory dma-mapping updates for Linux 7.0: 2026-04-17 11:12:42 -07:00
memstick
message
mfd MFD for v7.1 2026-04-20 11:31:01 -07:00
misc Char/Misc/IIO/and others driver updates for 7.1-rc1 2026-04-24 13:23:50 -07:00
mmc mmc: sdhci-msm: Fix the wrapped key handling 2026-04-10 10:29:58 +02:00
most most: usb: Use kzalloc_objs for endpoint address array 2026-04-02 17:06:09 +02:00
mtd * MTD changes 2026-04-17 17:57:04 -07:00
mux Char/Misc/IIO/and others driver updates for 7.1-rc1 2026-04-24 13:23:50 -07:00
net Delete some obsolete networking code 2026-04-24 09:41:58 -07:00
nfc gpio updates for v7.1-rc1 2026-04-13 20:10:58 -07:00
ntb pci-v7.1-changes 2026-04-15 14:41:21 -07:00
nubus
nvdimm vfs-7.1-rc1.integrity 2026-04-13 10:40:26 -07:00
nvme for-7.1/io_uring-20260411 2026-04-13 16:22:30 -07:00
nvmem Linux 7.0-rc7 2026-04-06 09:04:53 +02:00
of memblock: updates for 7.0-rc1 2026-04-18 11:29:14 -07:00
opp
parisc parisc: led: fix reference leak on failed device registration 2026-04-17 15:46:46 +02:00
parport parport: Remove completed item from to-do list 2026-04-02 17:05:56 +02:00
pci LoongArch changes for v7.1 2026-04-24 09:54:45 -07:00
pcmcia PCMCIA fixes and cleanups for v7.1 2026-04-23 11:22:16 -07:00
peci
perf arm64 updates for 7.1: 2026-04-14 16:48:56 -07:00
phy phy-for-7.1 2026-04-17 10:22:08 -07:00
pinctrl Pin control changes for the v7.1 kernel cycle: 2026-04-18 16:59:09 -07:00
platform platform-drivers-x86 for v7.1-1 2026-04-20 12:02:24 -07:00
pmdomain pmdomain: qcom: rpmhpd: Add power domains for Hawi SoC 2026-04-08 12:01:37 +02:00
pnp
power USB / Thunderbolt changes for 7.1-rc1 2026-04-19 08:47:40 -07:00
powercap
pps pps: change pps_class to a const struct 2026-04-02 16:33:00 +02:00
ps3
ptp
pwm pwm: Two driver fixes 2026-04-23 08:37:07 -07:00
rapidio
ras
regulator regulator: Fix for v7.1 2026-04-24 13:06:25 -07:00
remoteproc rpmsg updates for v7.1 2026-04-17 14:18:55 -07:00
resctrl arm64 updates for 7.1 (second round): 2026-04-20 16:46:22 -07:00
reset soc: late changes for 7.1 2026-04-23 08:57:24 -07:00
rpmsg rpmsg: Constify buffer passed to send API 2026-04-06 09:37:51 -05:00
rtc RTC for 7.1 2026-04-25 16:39:03 -07:00
s390 s390 updates for 7.1 merge window 2026-04-22 11:13:45 -07:00
sbus
scsi SCSI misc on 20260421 2026-04-21 08:22:18 -07:00
sh
siox
slimbus
soc rpmsg updates for v7.1 2026-04-17 14:18:55 -07:00
soundwire soundwire updates for 7.1 2026-04-17 10:16:53 -07:00
spi spi: Fixes for v7.1 2026-04-24 13:16:36 -07:00
spmi
ssb
staging Char/Misc/IIO/and others driver updates for 7.1-rc1 2026-04-24 13:23:50 -07:00
target SCSI misc on 20260421 2026-04-21 08:22:18 -07:00
tc
tee soc: drivers for 7.1 2026-04-16 20:34:34 -07:00
thermal bitmap updates for v7.1 2026-04-14 08:55:18 -07:00
thunderbolt thunderbolt: Changes for v7.1 merge window 2026-04-10 13:10:28 +02:00
tty TTY/Serial changes for 7.1-rc1 2026-04-19 08:44:41 -07:00
ufs scsi: ufs: core: Disable timestamp for Kioxia THGJFJT0E25BAIP 2026-04-08 22:27:16 -04:00
uio uio: replace deprecated mmap hook with mmap_prepare in uio_info 2026-04-05 13:53:44 -07:00
usb SCSI misc on 20260421 2026-04-21 08:22:18 -07:00
vdpa vdpa: use generic driver_override infrastructure 2026-04-04 00:47:50 +02:00
vfio vfio/cdx: Consolidate MSI configured state onto cdx_irqs 2026-04-21 12:01:22 -06:00
vhost Including fixes from Netfilter. 2026-04-23 16:50:42 -07:00
video fbdev: hgafb: Request memory region before ioremap 2026-04-22 17:02:55 +02:00
virt tsm for 7.1 2026-04-26 09:51:29 -07:00
virtio mm.git review status for linus..mm-stable 2026-04-15 12:59:16 -07:00
w1 w1: ds2490: drop redundant device reference 2026-04-03 10:55:12 +02:00
watchdog watchdog: ni903x_wdt: Convert to a platform driver 2026-04-07 21:06:59 +02:00
xen SCSI misc on 20260421 2026-04-21 08:22:18 -07:00
zorro
Kconfig net: remove ISDN subsystem and Bluetooth CMTP 2026-04-23 10:24:02 -07:00
Makefile net: remove ISDN subsystem and Bluetooth CMTP 2026-04-23 10:24:02 -07:00