On Thu, Jun 25, 2026 at 10:56:57AM +0200, Yousef Alhouseen wrote: > FastRPC keeps invoke and mmap buffer sizes in u64 fields, but coherent > DMA allocation takes a size_t. On 32-bit builds, a size above SIZE_MAX > can be truncated before allocation while the larger value is still used > in the message sent to the DSP. > > Reject sizes that cannot fit in size_t before allocating the DMA buffer. > Also make the inline payload alignment step overflow-aware so a > near-U64_MAX accumulator cannot wrap before the later bounds checks. > > Signed-off-by: Yousef Alhouseen <[email protected]> > --- > drivers/misc/fastrpc.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) >
Are you forgetting to include the tool information that you used to find/fix all of these issues? And how are they being tested? thanks, greg k-h
