1. Patchew
  2. linux
  3. View series

[PATCH v2] remoteproc: sysmon: Correct subsys_name_len type in QMI request

Bjorn Andersson posted 1 patch 1 month, 3 weeks ago 
drivers/remoteproc/qcom_sysmon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH v2] remoteproc: sysmon: Correct subsys_name_len type in QMI request
Posted by Bjorn Andersson 1 month, 3 weeks ago 
The QMI message encoder has up until recently read a single byte (as
elem_size == 1), but with the introduction of big endian support it's
become apparent that this field is expected to be a full u32 -
regardless of the size of the length in the encoded message (which is
what elem_size specifies).

The result is that the encoder now reads past the length byte and
rejects the unreasonably large length formed when including the
following 3 bytes from the subsys_name array.

Fix this by changing to the expected type.

Fixes: 1fb82ee806d1 ("remoteproc: qcom: Introduce sysmon")
Signed-off-by: Bjorn Andersson <bjorn.andersson@oss.qualcomm.com>
---
I believe I've checked all the other users now, and this is the only
case I found that needs fixing.

Changes in v2:
- Fix the sysmon driver instead of the encoder/decoder
- Link to v1: https://lore.kernel.org/r/20260214-qmi-encode-invalid-length-v1-0-780cb4e98b0f@oss.qualcomm.com
---
 drivers/remoteproc/qcom_sysmon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/remoteproc/qcom_sysmon.c b/drivers/remoteproc/qcom_sysmon.c
index 660ac6fc408213073942f20a2c4e43a0c9b9b37e..c6cc6e519fe566a92505dc57c30e8b3e0a697179 100644
--- a/drivers/remoteproc/qcom_sysmon.c
+++ b/drivers/remoteproc/qcom_sysmon.c
@@ -203,7 +203,7 @@ static const struct qmi_elem_info ssctl_shutdown_resp_ei[] = {
 };
 
 struct ssctl_subsys_event_req {
-	u8 subsys_name_len;
+	u32 subsys_name_len;
 	char subsys_name[SSCTL_SUBSYS_NAME_LENGTH];
 	u32 event;
 	u8 evt_driven_valid;

---
base-commit: fd9678829d6dd0c10fde080b536abf4b1121c346
change-id: 20260214-qmi-encode-invalid-length-310dd551a186

Best regards,
-- 
Bjorn Andersson <bjorn.andersson@oss.qualcomm.com>
Re: [PATCH v2] remoteproc: sysmon: Correct subsys_name_len type in QMI request
Posted by Bjorn Andersson 1 month, 1 week ago 
On Fri, 20 Feb 2026 15:11:48 -0600, Bjorn Andersson wrote:
> The QMI message encoder has up until recently read a single byte (as
> elem_size == 1), but with the introduction of big endian support it's
> become apparent that this field is expected to be a full u32 -
> regardless of the size of the length in the encoded message (which is
> what elem_size specifies).
> 
> The result is that the encoder now reads past the length byte and
> rejects the unreasonably large length formed when including the
> following 3 bytes from the subsys_name array.
> 
> [...]

Applied, thanks!

[1/1] remoteproc: sysmon: Correct subsys_name_len type in QMI request
      commit: da994db94e60f9a9411108ddf4d1836147ad4c9c

Best regards,
-- 
Bjorn Andersson <andersson@kernel.org>
Re: [PATCH v2] remoteproc: sysmon: Correct subsys_name_len type in QMI request
Posted by Chris Lew 1 month, 2 weeks ago 
On Fri, Feb 20, 2026 at 03:11:48PM -0600, Bjorn Andersson wrote:
> The QMI message encoder has up until recently read a single byte (as
> elem_size == 1), but with the introduction of big endian support it's
> become apparent that this field is expected to be a full u32 -
> regardless of the size of the length in the encoded message (which is
> what elem_size specifies).
> 
> The result is that the encoder now reads past the length byte and
> rejects the unreasonably large length formed when including the
> following 3 bytes from the subsys_name array.
> 
> Fix this by changing to the expected type.
> 
> Fixes: 1fb82ee806d1 ("remoteproc: qcom: Introduce sysmon")
> Signed-off-by: Bjorn Andersson <bjorn.andersson@oss.qualcomm.com>
> ---
> I believe I've checked all the other users now, and this is the only
> case I found that needs fixing.
> 

Did a quick double check on ipa, ath10k, sysmon, pdr, slimbus and usb.

Reviewed-by: Chris Lew <christopher.lew@oss.qualcomm.com>


> Changes in v2:
> - Fix the sysmon driver instead of the encoder/decoder
> - Link to v1: https://lore.kernel.org/r/20260214-qmi-encode-invalid-length-v1-0-780cb4e98b0f@oss.qualcomm.com
> ---
>  drivers/remoteproc/qcom_sysmon.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/remoteproc/qcom_sysmon.c b/drivers/remoteproc/qcom_sysmon.c
> index 660ac6fc408213073942f20a2c4e43a0c9b9b37e..c6cc6e519fe566a92505dc57c30e8b3e0a697179 100644
> --- a/drivers/remoteproc/qcom_sysmon.c
> +++ b/drivers/remoteproc/qcom_sysmon.c
> @@ -203,7 +203,7 @@ static const struct qmi_elem_info ssctl_shutdown_resp_ei[] = {
>  };
>  
>  struct ssctl_subsys_event_req {
> -	u8 subsys_name_len;
> +	u32 subsys_name_len;
>  	char subsys_name[SSCTL_SUBSYS_NAME_LENGTH];
>  	u32 event;
>  	u8 evt_driven_valid;
> 
> ---
> base-commit: fd9678829d6dd0c10fde080b536abf4b1121c346
> change-id: 20260214-qmi-encode-invalid-length-310dd551a186
> 
> Best regards,
> -- 
> Bjorn Andersson <bjorn.andersson@oss.qualcomm.com>
>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.