On Tue, Jun 02, 2026 at 03:17:48PM +0800, Jianping Li wrote:
> Audio PD static process creation assumes that a reserved-memory
> region is defined in DT and exposed via cctx->remote_heap.
>
> If reserved-memory is missing or incomplete, the driver may pass
> invalid address/size information to the DSP, leading to undefined
> behavior or crashes.
>
> Add explicit validation for remote_heap presence and size before
> sending the memory to DSP, and fail early if the configuration is
> invalid.
>
> Fixes: 0871561055e66 ("misc: fastrpc: Add support for audiopd")
> Cc: [email protected]
> Signed-off-by: Jianping Li <[email protected]>
> ---
> drivers/misc/fastrpc.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> index a8a58f889d07..f46a8f53970d 100644
> --- a/drivers/misc/fastrpc.c
> +++ b/drivers/misc/fastrpc.c
> @@ -1354,6 +1354,13 @@ static int fastrpc_init_create_static_process(struct
> fastrpc_user *fl,
> } inbuf;
> u32 sc;
>
> + if (!fl->cctx->remote_heap ||
> + !fl->cctx->remote_heap->dma_addr ||
> + !fl->cctx->remote_heap->size) {
> + err = -ENOMEM;
> + dev_dbg(fl->sctx->dev, "remote heap memory region is not
> added\n");
> + return err;
> + }
Won't this check without the next commit break the kernel? I don't see
where else the remote heap is being allocated.
> args = kzalloc_objs(*args, FASTRPC_CREATE_STATIC_PROCESS_NARGS);
> if (!args)
> return -ENOMEM;
> --
> 2.43.0
>
--
With best wishes
Dmitry
