Re: [PATCH v4 2/5] firmware: arm_ffa: Fix out-of-bound writes in ffa_setup_and_transmit()

On Wed, May 20, 2026 at 08:49:45PM +0000, Mostafa Saleh wrote:

Sashiko (locally) reports multiple out-of-bound issues in ffa_setup_and_transmit:

1. Writing ep_mem_access->reserved can write out of bounds for FFA versions < 1.2 as ffa_emad_size_get() returns 16 bytes in that case while reserved has an offset of 24. Instead of zeroing fields, memset the struct to zero first based on the FFA version.

Neat, I clearly missed taking this approach when I added zero-ing of member initially.

2. Make sure there is enough size to write constituents.

While at it, convert the only sizeof() in the driver that uses a type instead of variable.

Reviewed-by: Sudeep Holla sudeep.holla@kernel.org