Hi Greg, I found these by auditing the FastRPC ioctl and invoke paths after Konrad pointed out that the related fixes should be grouped.
Testing was limited to git diff --check and checkpatch. I don't have FastRPC hardware, and I could not do an object build in this tree because bc is missing here. I'll hold off on more FastRPC changes unless I can back them with a tighter review and test story. Thanks, Yousef On Thu, 25 Jun 2026 10:48:00 +0100, Greg Kroah-Hartman <[email protected]> wrote: > On Thu, Jun 25, 2026 at 10:56:57AM +0200, Yousef Alhouseen wrote: > > FastRPC keeps invoke and mmap buffer sizes in u64 fields, but coherent > > DMA allocation takes a size_t. On 32-bit builds, a size above SIZE_MAX > > can be truncated before allocation while the larger value is still used > > in the message sent to the DSP. > > > > Reject sizes that cannot fit in size_t before allocating the DMA buffer. > > Also make the inline payload alignment step overflow-aware so a > > near-U64_MAX accumulator cannot wrap before the later bounds checks. > > > > Signed-off-by: Yousef Alhouseen <[email protected]> > > --- > > drivers/misc/fastrpc.c | 13 +++++++++++-- > > 1 file changed, 11 insertions(+), 2 deletions(-) > > > > Are you forgetting to include the tool information that you used to > find/fix all of these issues? And how are they being tested? > > thanks, > > greg k-h
