[PATCH] firmware: arm_scmi: quirk: fix write to string constant

[PATCH] firmware: arm_scmi: quirk: fix write to string constant

[Johan Hovold]

The quirk version range is typically a string constant and must not be
modified (e.g. as it may be stored in read-only memory):

	Unable to handle kernel write to read-only memory at virtual
	address ffffc036d998a947

Fix the range parsing so that it operates on a copy of the version range
string, and mark all the quirk strings as const to reduce the risk of
introducing similar future issues.

Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220437
Fixes: 487c407d57d6 ("firmware: arm_scmi: Add common framework to handle firmware quirks")
Cc: stable@vger.kernel.org	# 6.16
Cc: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
---
 drivers/firmware/arm_scmi/quirks.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/drivers/firmware/arm_scmi/quirks.c b/drivers/firmware/arm_scmi/quirks.c
index 03960aca3610..e70823754b0b 100644
--- a/drivers/firmware/arm_scmi/quirks.c
+++ b/drivers/firmware/arm_scmi/quirks.c
@@ -89,9 +89,9 @@
 struct scmi_quirk {
 	bool enabled;
 	const char *name;
-	char *vendor;
-	char *sub_vendor_id;
-	char *impl_ver_range;
+	const char *vendor;
+	const char *sub_vendor_id;
+	const char *impl_ver_range;
 	u32 start_range;
 	u32 end_range;
 	struct static_key_false *key;
@@ -217,7 +217,7 @@ static unsigned int scmi_quirk_signature(const char *vend, const char *sub_vend)
 
 static int scmi_quirk_range_parse(struct scmi_quirk *quirk)
 {
-	const char *last, *first = quirk->impl_ver_range;
+	const char *last, *first;
 	size_t len;
 	char *sep;
 	int ret;
@@ -228,8 +228,12 @@ static int scmi_quirk_range_parse(struct scmi_quirk *quirk)
 	if (!len)
 		return 0;
 
+	first = kmemdup(quirk->impl_ver_range, len + 1, GFP_KERNEL);
+	if (!first)
+		return -ENOMEM;
+
 	last = first + len - 1;
-	sep = strchr(quirk->impl_ver_range, '-');
+	sep = strchr(first, '-');
 	if (sep)
 		*sep = '\0';
 
@@ -238,7 +242,7 @@ static int scmi_quirk_range_parse(struct scmi_quirk *quirk)
 	else /* X OR X- OR X-y */
 		ret = kstrtouint(first, 0, &quirk->start_range);
 	if (ret)
-		return ret;
+		goto out_free;
 
 	if (!sep)
 		quirk->end_range = quirk->start_range;
@@ -246,7 +250,9 @@ static int scmi_quirk_range_parse(struct scmi_quirk *quirk)
 		ret = kstrtouint(sep + 1, 0, &quirk->end_range);
 
 	if (quirk->start_range > quirk->end_range)
-		return -EINVAL;
+		ret = -EINVAL;
+out_free:
+	kfree(first);
 
 	return ret;
 }
-- 
2.49.1

Re: [PATCH] firmware: arm_scmi: quirk: fix write to string constant

[Johan Hovold]

On Fri, Aug 29, 2025 at 03:21:52PM +0200, Johan Hovold wrote:
> The quirk version range is typically a string constant and must not be
> modified (e.g. as it may be stored in read-only memory):
> 
> 	Unable to handle kernel write to read-only memory at virtual
> 	address ffffc036d998a947
> 
> Fix the range parsing so that it operates on a copy of the version range
> string, and mark all the quirk strings as const to reduce the risk of
> introducing similar future issues.

With Jan's permission, let's add:

Reported-by: Jan Palus <jpalus@fastmail.com>

> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220437
> Fixes: 487c407d57d6 ("firmware: arm_scmi: Add common framework to handle firmware quirks")
> Cc: stable@vger.kernel.org	# 6.16
> Cc: Cristian Marussi <cristian.marussi@arm.com>
> Signed-off-by: Johan Hovold <johan@kernel.org>

Johan

Re: [PATCH] firmware: arm_scmi: quirk: fix write to string constant

[Cristian Marussi]

On Fri, Aug 29, 2025 at 03:21:52PM +0200, Johan Hovold wrote:
> The quirk version range is typically a string constant and must not be
> modified (e.g. as it may be stored in read-only memory):
> 
> 	Unable to handle kernel write to read-only memory at virtual
> 	address ffffc036d998a947
> 
> Fix the range parsing so that it operates on a copy of the version range
> string, and mark all the quirk strings as const to reduce the risk of
> introducing similar future issues.

Hi,

indeed when implementing this I was a bit doubtful about the in-place
overwrite approach that I used during the ranges parsing...but since
each quirk was indeed initialized once and its range parsed once, it
seemed fair to use the string itself as a sort of scratch area while
parsing it into integers and avoid the local copy...just I haven't
considered the possibility that such strings could be stored in a RO
segment...and I got no error on my setup....

Anyway, good catch, it is certainly better to operate on a copy.

LGTM.

Reviewed-by: Cristian Marussi <cristian.marussi@arm.com>

Thanks,
Cristian

Re: [PATCH] firmware: arm_scmi: quirk: fix write to string constant

[Johan Hovold]

Hi Sudeep,

On Fri, Aug 29, 2025 at 04:29:48PM +0200, Johan Hovold wrote:
> On Fri, Aug 29, 2025 at 03:21:52PM +0200, Johan Hovold wrote:
> > The quirk version range is typically a string constant and must not be
> > modified (e.g. as it may be stored in read-only memory):
> > 
> > 	Unable to handle kernel write to read-only memory at virtual
> > 	address ffffc036d998a947
> > 
> > Fix the range parsing so that it operates on a copy of the version range
> > string, and mark all the quirk strings as const to reduce the risk of
> > introducing similar future issues.
> 
> With Jan's permission, let's add:
> 
> Reported-by: Jan Palus <jpalus@fastmail.com>
> 
> > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220437
> > Fixes: 487c407d57d6 ("firmware: arm_scmi: Add common framework to handle firmware quirks")
> > Cc: stable@vger.kernel.org	# 6.16
> > Cc: Cristian Marussi <cristian.marussi@arm.com>
> > Signed-off-by: Johan Hovold <johan@kernel.org>

I noticed that you picked up this fix yesterday but also that you
rewrote the commit message and switched using cleanup helpers.

Please don't do such (non-trivial) changes without making that clear
in the commit message before your Signed-off-by tag:

	[ sudeep: rewrite commit message; switch to cleanup helpers ]

In this case, you also changed the meaning so that the commit message
now reads like the sole reason that writing to string constants is wrong
is that they may reside in read-only memory.

I used "e.g." on purpose instead of listing further reasons like the
fact that string constants may be shared so that parsing of one quirk
can subtly break a later one.

Johan

Re: [PATCH] firmware: arm_scmi: quirk: fix write to string constant

[Sudeep Holla]

On Tue, Sep 02, 2025 at 11:59:24AM +0200, Johan Hovold wrote:
> Hi Sudeep,
> 
> On Fri, Aug 29, 2025 at 04:29:48PM +0200, Johan Hovold wrote:
> > On Fri, Aug 29, 2025 at 03:21:52PM +0200, Johan Hovold wrote:
> > > The quirk version range is typically a string constant and must not be
> > > modified (e.g. as it may be stored in read-only memory):
> > > 
> > > 	Unable to handle kernel write to read-only memory at virtual
> > > 	address ffffc036d998a947
> > > 
> > > Fix the range parsing so that it operates on a copy of the version range
> > > string, and mark all the quirk strings as const to reduce the risk of
> > > introducing similar future issues.
> > 
> > With Jan's permission, let's add:
> > 
> > Reported-by: Jan Palus <jpalus@fastmail.com>
> > 

I was hoping to hear back, but I assume silence is kind of acceptance.

> > > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220437
> > > Fixes: 487c407d57d6 ("firmware: arm_scmi: Add common framework to handle firmware quirks")
> > > Cc: stable@vger.kernel.org	# 6.16
> > > Cc: Cristian Marussi <cristian.marussi@arm.com>
> > > Signed-off-by: Johan Hovold <johan@kernel.org>
> 
> I noticed that you picked up this fix yesterday but also that you
> rewrote the commit message and switched using cleanup helpers.
> 
> Please don't do such (non-trivial) changes without making that clear
> in the commit message before your Signed-off-by tag:
> 
> 	[ sudeep: rewrite commit message; switch to cleanup helpers ]
> 

Sorry I meant to do that when I replied and asked you if you are OK
with cleanup helpers. Also yes I planned to add a line like something
above before finalizing.

> In this case, you also changed the meaning so that the commit message
> now reads like the sole reason that writing to string constants is wrong
> is that they may reside in read-only memory.
> 

Ah, I didn't realise that it changes the meaning now.

> I used "e.g." on purpose instead of listing further reasons like the
> fact that string constants may be shared so that parsing of one quirk
> can subtly break a later one.
>

I see your point, will revert to your commit message.

-- 
Regards,
Sudeep

Re: [PATCH] firmware: arm_scmi: quirk: fix write to string constant

[Johan Hovold]

On Tue, Sep 02, 2025 at 11:16:46AM +0100, Sudeep Holla wrote:
> On Tue, Sep 02, 2025 at 11:59:24AM +0200, Johan Hovold wrote:
> > On Fri, Aug 29, 2025 at 04:29:48PM +0200, Johan Hovold wrote:
> > > On Fri, Aug 29, 2025 at 03:21:52PM +0200, Johan Hovold wrote:

> > > > The quirk version range is typically a string constant and must not be
> > > > modified (e.g. as it may be stored in read-only memory):
> > > > 
> > > > 	Unable to handle kernel write to read-only memory at virtual
> > > > 	address ffffc036d998a947
> > > > 
> > > > Fix the range parsing so that it operates on a copy of the version range
> > > > string, and mark all the quirk strings as const to reduce the risk of
> > > > introducing similar future issues.
> > > 
> > > With Jan's permission, let's add:
> > > 
> > > Reported-by: Jan Palus <jpalus@fastmail.com>
> > > 
> 
> I was hoping to hear back, but I assume silence is kind of acceptance.

I sent the reply with the tag after making sure off-list that Jan was OK
with it. Sorry if that was not clear.

> > Please don't do such (non-trivial) changes without making that clear
> > in the commit message before your Signed-off-by tag:
> > 
> > 	[ sudeep: rewrite commit message; switch to cleanup helpers ]
> > 
> 
> Sorry I meant to do that when I replied and asked you if you are OK
> with cleanup helpers. Also yes I planned to add a line like something
> above before finalizing.

Sounds like a mail has gotten lost since I never saw that question from
you.

I'm fine with using the helpers here even if I'm not generally a fan of
them (e.g. due to declarations in middle of functions).

> > In this case, you also changed the meaning so that the commit message
> > now reads like the sole reason that writing to string constants is wrong
> > is that they may reside in read-only memory.
> 
> Ah, I didn't realise that it changes the meaning now.
> 
> > I used "e.g." on purpose instead of listing further reasons like the
> > fact that string constants may be shared so that parsing of one quirk
> > can subtly break a later one.
> 
> I see your point, will revert to your commit message.

Thanks!

Johan

Re: [PATCH] firmware: arm_scmi: quirk: fix write to string constant

[Sudeep Holla]

On Tue, Sep 02, 2025 at 12:27:45PM +0200, Johan Hovold wrote:
> On Tue, Sep 02, 2025 at 11:16:46AM +0100, Sudeep Holla wrote:
> > On Tue, Sep 02, 2025 at 11:59:24AM +0200, Johan Hovold wrote:
> > > On Fri, Aug 29, 2025 at 04:29:48PM +0200, Johan Hovold wrote:
> > > > On Fri, Aug 29, 2025 at 03:21:52PM +0200, Johan Hovold wrote:
> 
> > > > > The quirk version range is typically a string constant and must not be
> > > > > modified (e.g. as it may be stored in read-only memory):
> > > > > 
> > > > > 	Unable to handle kernel write to read-only memory at virtual
> > > > > 	address ffffc036d998a947
> > > > > 
> > > > > Fix the range parsing so that it operates on a copy of the version range
> > > > > string, and mark all the quirk strings as const to reduce the risk of
> > > > > introducing similar future issues.
> > > > 
> > > > With Jan's permission, let's add:
> > > > 
> > > > Reported-by: Jan Palus <jpalus@fastmail.com>
> > > > 
> > 
> > I was hoping to hear back, but I assume silence is kind of acceptance.
> 
> I sent the reply with the tag after making sure off-list that Jan was OK
> with it. Sorry if that was not clear.
> 
> > > Please don't do such (non-trivial) changes without making that clear
> > > in the commit message before your Signed-off-by tag:
> > > 
> > > 	[ sudeep: rewrite commit message; switch to cleanup helpers ]
> > > 
> > 
> > Sorry I meant to do that when I replied and asked you if you are OK
> > with cleanup helpers. Also yes I planned to add a line like something
> > above before finalizing.
> 
> Sounds like a mail has gotten lost since I never saw that question from
> you.
>

No I hadn't sent it yet, generally wait for builder report to finalise
the commit. Sometimes -next integration happens before build sends build
report for my branch and that happened this time.

-- 
Regards,
Sudeep