From: Johan Hovold <johan@kernel.org>
To: Sudeep Holla <sudeep.holla@arm.com>
Cc: Cristian Marussi <cristian.marussi@arm.com>,
arm-scmi@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, Johan Hovold <johan@kernel.org>,
stable@vger.kernel.org
Subject: [PATCH] firmware: arm_scmi: quirk: fix write to string constant
Date: Fri, 29 Aug 2025 15:21:52 +0200 [thread overview]
Message-ID: <20250829132152.28218-1-johan@kernel.org> (raw)
The quirk version range is typically a string constant and must not be
modified (e.g. as it may be stored in read-only memory):
Unable to handle kernel write to read-only memory at virtual
address ffffc036d998a947
Fix the range parsing so that it operates on a copy of the version range
string, and mark all the quirk strings as const to reduce the risk of
introducing similar future issues.
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220437
Fixes: 487c407d57d6 ("firmware: arm_scmi: Add common framework to handle firmware quirks")
Cc: stable@vger.kernel.org # 6.16
Cc: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
---
drivers/firmware/arm_scmi/quirks.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/drivers/firmware/arm_scmi/quirks.c b/drivers/firmware/arm_scmi/quirks.c
index 03960aca3610..e70823754b0b 100644
--- a/drivers/firmware/arm_scmi/quirks.c
+++ b/drivers/firmware/arm_scmi/quirks.c
@@ -89,9 +89,9 @@
struct scmi_quirk {
bool enabled;
const char *name;
- char *vendor;
- char *sub_vendor_id;
- char *impl_ver_range;
+ const char *vendor;
+ const char *sub_vendor_id;
+ const char *impl_ver_range;
u32 start_range;
u32 end_range;
struct static_key_false *key;
@@ -217,7 +217,7 @@ static unsigned int scmi_quirk_signature(const char *vend, const char *sub_vend)
static int scmi_quirk_range_parse(struct scmi_quirk *quirk)
{
- const char *last, *first = quirk->impl_ver_range;
+ const char *last, *first;
size_t len;
char *sep;
int ret;
@@ -228,8 +228,12 @@ static int scmi_quirk_range_parse(struct scmi_quirk *quirk)
if (!len)
return 0;
+ first = kmemdup(quirk->impl_ver_range, len + 1, GFP_KERNEL);
+ if (!first)
+ return -ENOMEM;
+
last = first + len - 1;
- sep = strchr(quirk->impl_ver_range, '-');
+ sep = strchr(first, '-');
if (sep)
*sep = '\0';
@@ -238,7 +242,7 @@ static int scmi_quirk_range_parse(struct scmi_quirk *quirk)
else /* X OR X- OR X-y */
ret = kstrtouint(first, 0, &quirk->start_range);
if (ret)
- return ret;
+ goto out_free;
if (!sep)
quirk->end_range = quirk->start_range;
@@ -246,7 +250,9 @@ static int scmi_quirk_range_parse(struct scmi_quirk *quirk)
ret = kstrtouint(sep + 1, 0, &quirk->end_range);
if (quirk->start_range > quirk->end_range)
- return -EINVAL;
+ ret = -EINVAL;
+out_free:
+ kfree(first);
return ret;
}
--
2.49.1
next reply other threads:[~2025-08-29 13:23 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-29 13:21 Johan Hovold [this message]
2025-08-29 14:29 ` [PATCH] firmware: arm_scmi: quirk: fix write to string constant Johan Hovold
2025-09-02 9:59 ` Johan Hovold
2025-09-02 10:16 ` Sudeep Holla
2025-09-02 10:27 ` Johan Hovold
2025-09-02 11:18 ` Sudeep Holla
2025-08-29 21:13 ` Cristian Marussi
2025-09-08 10:17 ` Sudeep Holla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250829132152.28218-1-johan@kernel.org \
--to=johan@kernel.org \
--cc=arm-scmi@vger.kernel.org \
--cc=cristian.marussi@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=sudeep.holla@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.