From: Ekansh Gupta <quic_ekangupt@xxxxxxxxxxx>
commit e7f0be3f09c6e955dc8009129862b562d8b64513 upstream.
User is passing capability ioctl structure(argp) to get DSP
capabilities. This argp is copied to a local structure to get domain
and attribute_id information. After getting the capability, only
capability value is getting copied to user argp which will not be
useful if the use is trying to get the capability by checking the
capability member of fastrpc_ioctl_capability structure. Copy the
complete capability structure so that user can get the capability
value from the expected member of the structure.
Fixes: 6c16fd8bdd40 ("misc: fastrpc: Add support to get DSP capabilities")
Cc: stable <stable@xxxxxxxxxx>
Signed-off-by: Ekansh Gupta <quic_ekangupt@xxxxxxxxxxx>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx>
Reviewed-by: Caleb Connolly <caleb.connolly@xxxxxxxxxx>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20240628114501.14310-3-srinivas.kandagatla@xxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/misc/fastrpc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -1787,7 +1787,7 @@ static int fastrpc_get_dsp_info(struct f
if (err)
return err;
- if (copy_to_user(argp, &cap.capability, sizeof(cap.capability)))
+ if (copy_to_user(argp, &cap, sizeof(cap)))
return -EFAULT;
return 0;
Patches currently in stable-queue which might be from quic_ekangupt@xxxxxxxxxxx are
queue-6.9/misc-fastrpc-fix-memory-leak-in-audio-daemon-attach-operation.patch
queue-6.9/misc-fastrpc-avoid-updating-pd-type-for-capability-request.patch
queue-6.9/misc-fastrpc-restrict-untrusted-app-to-attach-to-privileged-pd.patch
queue-6.9/misc-fastrpc-fix-dsp-capabilities-request.patch
queue-6.9/misc-fastrpc-fix-ownership-reassignment-of-remote-heap.patch
queue-6.9/misc-fastrpc-copy-the-complete-capability-structure-to-user.patch
