From: Cristian Marussi <cristian.marussi@arm.com>
To: Artem Shimko <a.shimko.dev@gmail.com>
Cc: Sudeep Holla <sudeep.holla@arm.com>,
Cristian Marussi <cristian.marussi@arm.com>,
arm-scmi@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] scmi: reset: validate number of reset domains
Date: Thu, 13 Nov 2025 10:51:42 +0000 [thread overview]
Message-ID: <aRW4PpPjVw1-melm@pluto> (raw)
In-Reply-To: <20251103161044.2269377-1-a.shimko.dev@gmail.com>
On Mon, Nov 03, 2025 at 07:10:43PM +0300, Artem Shimko wrote:
> Add validation to reject zero reset domains during protocol initialization.
>
Hi Artem,
> The fix adds an explicit check for zero domains in
> scmi_reset_protocol_init(), returning -EINVAL early during protocol
> initialization. This prevents the driver from proceeding with a
> non-functional state and avoids potential kernel panics in functions
> like scmi_reset_domain_reset() and scmi_reset_notify_supported() that
> assume dom_info is always valid.
Indeed, this was alreay spotted/reported/fixed in other protocols, but
the preferred solution is NOT to bail-out when there are ZERO domains,
but to carry-on WITHOUT crashing of course: the reason for this is
testing scenarios in which you can have a platform/FW reply with ZERO
domains.
>
> The change is minimal and safe, affecting only the error case while
> preserving all existing functionality for valid configurations.
> The existing -ENOMEM handling for memory allocation remains unchanged
> and sufficient.
>
In fact if you look at the code there are already a lot of places in
reset.c where the code path is anyway guarded by num_domains so it is
NOT problematic.
There are, though, other places where the dom-> dereference is NOT
protected and those could be probelematic.
Have you seen any crash related to this for real when zero num_domains
are reported ?
Anyway, it would be good to harden the protocol code as already done
a bit in other protocols in the past, but I advise you to lookup in
perf.c the scmi_perf_domain_lookup() helper as an example and see
how it used across perf to address a similar scenario and adopt the
same solution for reset in order to harden the code while preserving
the possibility to initialize the protocol even with ZERO domains for
testing purposes.
Thanks,
Cristian
next prev parent reply other threads:[~2025-11-13 10:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-03 16:10 [PATCH v2] scmi: reset: validate number of reset domains Artem Shimko
2025-11-13 10:51 ` Cristian Marussi [this message]
2025-11-22 18:38 ` [PATCH v3] firmware: arm_scmi: refactor reset domain handling Artem Shimko
2025-11-23 16:35 ` [PATCH v4] " Artem Shimko
2025-12-04 16:16 ` Sudeep Holla
2025-12-05 10:36 ` Artem Shimko
2025-12-05 12:14 ` Sudeep Holla
2025-12-05 14:16 ` Artem Shimko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aRW4PpPjVw1-melm@pluto \
--to=cristian.marussi@arm.com \
--cc=a.shimko.dev@gmail.com \
--cc=arm-scmi@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sudeep.holla@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).