From: Peng Fan <[email protected]>
When starting a firmware without a resource table after previously running
one that had a resource table, imx_rproc_elf_find_loaded_rsc_table() may
incorrectly return a valid device memory pointer (priv->rsc_table).
In this case rproc->cached_table is NULL because the current firmware does
not contain a resource table, but the remoteproc core still interprets the
non-NULL return value as a loaded resource table and attempts to memcpy()
from rproc->cached_table, leading to a NULL pointer dereference and kernel
panic.
Fix this by returning NULL from imx_rproc_elf_find_loaded_rsc_table() when
there is no cached resource table for the current firmware. This ensures
that a loaded resource table is only reported when a valid cached_table
exists, which matches the remoteproc core expectations.
This issue can be reproduced by:
1) start a firmware with a resource table
2) stop the remote processor
3) start a firmware without a resource table
With this change, starting a firmware without a resource table no longer
causes kernel dump.
Fixes: e954a1bd1610 ("remoteproc: imx_rproc: Use imx specific hook for
find_loaded_rsc_table")
Cc: [email protected]
Signed-off-by: Peng Fan <[email protected]>
---
drivers/remoteproc/imx_rproc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/remoteproc/imx_rproc.c b/drivers/remoteproc/imx_rproc.c
index
375de79168a1c8d11b87ac1bd63774a3feac106d..cf044b385b58fe1e17d0fc440c243d76ecf020ae
100644
--- a/drivers/remoteproc/imx_rproc.c
+++ b/drivers/remoteproc/imx_rproc.c
@@ -729,6 +729,10 @@ imx_rproc_elf_find_loaded_rsc_table(struct rproc *rproc,
const struct firmware *
{
struct imx_rproc *priv = rproc->priv;
+ /* No resource table in the firmware */
+ if (!rproc->cached_table)
+ return NULL;
+
if (priv->rsc_table)
return (struct resource_table *)priv->rsc_table;
---
base-commit: e3b32dcb9f23e3c3927ef3eec6a5842a988fb574
change-id: 20260122-imx-rproc-fix-e206f8e6e477
Best regards,
--
Peng Fan <[email protected]>
