On 6/8/2026 2:11 PM, Dmitry Baryshkov wrote:
On Tue, Jun 02, 2026 at 03:17:48PM +0800, Jianping Li wrote:Audio PD static process creation assumes that a reserved-memory region is defined in DT and exposed via cctx->remote_heap. If reserved-memory is missing or incomplete, the driver may pass invalid address/size information to the DSP, leading to undefined behavior or crashes. Add explicit validation for remote_heap presence and size before sending the memory to DSP, and fail early if the configuration is invalid. Fixes: 0871561055e66 ("misc: fastrpc: Add support for audiopd") Cc: [email protected] Signed-off-by: Jianping Li <[email protected]> --- drivers/misc/fastrpc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index a8a58f889d07..f46a8f53970d 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -1354,6 +1354,13 @@ static int fastrpc_init_create_static_process(struct fastrpc_user *fl, } inbuf; u32 sc;+ if (!fl->cctx->remote_heap ||+ !fl->cctx->remote_heap->dma_addr || + !fl->cctx->remote_heap->size) { + err = -ENOMEM; + dev_dbg(fl->sctx->dev, "remote heap memory region is not added\n"); + return err; + }Won't this check without the next commit break the kernel? I don't see where else the remote heap is being allocated.
Yes, this check depends on remote_heap being populated during rpmsg probe from the reserved-memory region, introduced in a subsequent patch in this series. If there is no dependency on the next series, the remote_heap allocation here after the if check. The logic will be wrong.
args = kzalloc_objs(*args, FASTRPC_CREATE_STATIC_PROCESS_NARGS); if (!args) return -ENOMEM; -- 2.43.0
