On Thu, Jan 22, 2026 at 11:24:43AM +0800, Peng Fan (OSS) wrote: > From: Peng Fan <[email protected]> > > When starting a firmware without a resource table after previously running > one that had a resource table, imx_rproc_elf_find_loaded_rsc_table() may > incorrectly return a valid device memory pointer (priv->rsc_table). > > In this case rproc->cached_table is NULL because the current firmware does > not contain a resource table, but the remoteproc core still interprets the > non-NULL return value as a loaded resource table and attempts to memcpy() > from rproc->cached_table, leading to a NULL pointer dereference and kernel > panic. > > Fix this by returning NULL from imx_rproc_elf_find_loaded_rsc_table() when > there is no cached resource table for the current firmware. This ensures > that a loaded resource table is only reported when a valid cached_table > exists, which matches the remoteproc core expectations. > > This issue can be reproduced by: > 1) start a firmware with a resource table > 2) stop the remote processor > 3) start a firmware without a resource table > > With this change, starting a firmware without a resource table no longer > causes kernel dump. > > Fixes: e954a1bd1610 ("remoteproc: imx_rproc: Use imx specific hook for > find_loaded_rsc_table") > Cc: [email protected] > Signed-off-by: Peng Fan <[email protected]> > ---
Reviewed-by: Frank Li <[email protected]> > drivers/remoteproc/imx_rproc.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/remoteproc/imx_rproc.c b/drivers/remoteproc/imx_rproc.c > index > 375de79168a1c8d11b87ac1bd63774a3feac106d..cf044b385b58fe1e17d0fc440c243d76ecf020ae > 100644 > --- a/drivers/remoteproc/imx_rproc.c > +++ b/drivers/remoteproc/imx_rproc.c > @@ -729,6 +729,10 @@ imx_rproc_elf_find_loaded_rsc_table(struct rproc *rproc, > const struct firmware * > { > struct imx_rproc *priv = rproc->priv; > > + /* No resource table in the firmware */ > + if (!rproc->cached_table) > + return NULL; > + > if (priv->rsc_table) > return (struct resource_table *)priv->rsc_table; > > > --- > base-commit: e3b32dcb9f23e3c3927ef3eec6a5842a988fb574 > change-id: 20260122-imx-rproc-fix-e206f8e6e477 > > Best regards, > -- > Peng Fan <[email protected]> >
