This series brings some missing validation for the IPI buffer size that is read from the firmware retrieved from userspace: if the FW declares IPI buffer offset starting at an out of range address, the driver doesn't do any validation and naively goes on with IO R/W operation. That poses various risks which I believe I really don't need to describe, leaving it to the reader's imagination :-) Please note that the first fix is URGENT. P.S.: Of course, this was tested OK on multiple MTK platforms. AngeloGioacchino Del Regno (2): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM remoteproc: mediatek: Don't parse extraneous subnodes for multi-core drivers/remoteproc/mtk_scp.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) -- 2.44.0
