Message ID | 1691634304-2158-1-git-send-email-quic_vgarodia@quicinc.com |
---|---|
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp157142vqi; Wed, 9 Aug 2023 20:27:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEL7Du7mys9PWEa08i2kHRGE/VDx9JPerH9z3vQbBPhqgVskuCWckM+fG7gx4H/UtGw+al8 X-Received: by 2002:a05:6358:7247:b0:139:9ff6:e31a with SMTP id i7-20020a056358724700b001399ff6e31amr1881073rwa.19.1691638068420; Wed, 09 Aug 2023 20:27:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691638068; cv=none; d=google.com; s=arc-20160816; b=lg6QKAgIiy2rwZzRJPobckUtlyDJT/AY56dN5ZyaPxfpkpsiREY/9f/f5hVttKMj/Z vVJBeWxzEd241BVu5hE4QmIK+0Ssq6r+8YlhGCAvO8QS8t5j4z0Nlq/gDfyM8tWbUJpx 6UcSZuDKh8WyPnputqwUp6cCDUzPa21Ll9UX7kv0cwprUfNjq3SjAV+Dri/gLeKwJgNn DEQRuchkzTSJEkfMdRjvIyIeAbeGBcuKFJPT4plmjHkvnwZdeNQVxQACp164CwDPz251 5E2i//7BMcjOH0SbCj3200Dej1lXX7WqCVIUyNuIneRXkoI22Zf+D6olfP+KsAmHQvv0 t9mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from :dkim-signature; bh=QLPvBN7d9PMpt4rx2AO6LBiTmpVLVOKiVm9TDrvteC4=; fh=GcndwOMBf1bnpW+bW+jgpNWzVvxAZNEz+Wt3jUkG7qY=; b=h1ht7JNl4gOYzejOnljvWrAm3BJYT5Jq0Fmvv3GT095ngzPLMQxkTp1B4CLkfUUbu3 WZY0mCdhESc0WZ/Oena7ymRZaHbXTA1jDNM3OL6d/khEQp3chfuDKWSpQCEURv5LDPru mW8XtwGX3q8ZWrLzLyn46bc9IxmpqpA611W5+M8cJY9DfUR2ltVPnjQJjmuNzT2WOOYa s2+OMSIukbPHdtBqygAOCly0urirY2jye5CtTkgOIvRDafAviy8QAB+tgx0n4hJRqW93 bhyVFayH5E+BiHNORqjrMPXUfvndrtL1f7EsJgudJHl71QIzD9SoD7AxtPaRurtvZG9t ZqsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=chTQuSWu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e2-20020a656882000000b0055b0f40083dsi637490pgt.560.2023.08.09.20.27.25; Wed, 09 Aug 2023 20:27:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=chTQuSWu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231297AbjHJCZu (ORCPT <rfc822;craechal@gmail.com> + 99 others); Wed, 9 Aug 2023 22:25:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229501AbjHJCZt (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 9 Aug 2023 22:25:49 -0400 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DB3A41999; Wed, 9 Aug 2023 19:25:48 -0700 (PDT) Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 37A0hVGt000399; Thu, 10 Aug 2023 02:25:32 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : mime-version : content-type; s=qcppdkim1; bh=QLPvBN7d9PMpt4rx2AO6LBiTmpVLVOKiVm9TDrvteC4=; b=chTQuSWutgMpsfP0716lxuBiWuV53aEV9+X+sqDu8Fcn/dLdm8Yrw4Z9r9dcyHmVSNsU teQVCfKrO7ZvCp8+9B+Ti+0VZ2hS97+VZDHht4jeln1fH3jb67d8othLxvtnFN/tqZ9r Vx2ZX4kDF8R4Kn7Jg+6AOcL2qd/DQYaRa+91JEW4upHAOx+mEcaq2/M9dHgFC0LPfYKs EqhQvKcV5TdLsTnrXXPlxNFP2MC4NOdH2huOXy0WmKhSIBFNOPZh+v2201OMN2QdfMMM jaweCbOPbADRupr8KPY4r/XG86GbnJ3UXmWDQMDe1v5pnX4sqrQXbhJl3WQMAGlrFGzh /A== Received: from nasanppmta05.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3sbmrqm84h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 10 Aug 2023 02:25:32 +0000 Received: from nasanex01a.na.qualcomm.com (nasanex01a.na.qualcomm.com [10.52.223.231]) by NASANPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 37A2PVMX019256 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 10 Aug 2023 02:25:31 GMT Received: from hu-vgarodia-hyd.qualcomm.com (10.80.80.8) by nasanex01a.na.qualcomm.com (10.52.223.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.30; Wed, 9 Aug 2023 19:25:27 -0700 From: Vikash Garodia <quic_vgarodia@quicinc.com> To: <stanimir.k.varbanov@gmail.com>, <bryan.odonoghue@linaro.org>, <agross@kernel.org>, <andersson@kernel.org>, <konrad.dybcio@linaro.org>, <mchehab@kernel.org>, <hans.verkuil@cisco.com>, <tfiga@chromium.org> CC: <linux-media@vger.kernel.org>, <linux-arm-msm@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>, Vikash Garodia <quic_vgarodia@quicinc.com> Subject: [PATCH v2 0/4] Venus driver fixes to avoid possible OOB accesses Date: Thu, 10 Aug 2023 07:55:00 +0530 Message-ID: <1691634304-2158-1-git-send-email-quic_vgarodia@quicinc.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nasanex01a.na.qualcomm.com (10.52.223.231) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: kvjiKjLyg4Jcm8Xj7C-u7VaQal2D_s4J X-Proofpoint-ORIG-GUID: kvjiKjLyg4Jcm8Xj7C-u7VaQal2D_s4J X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-08-10_01,2023-08-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 malwarescore=0 adultscore=0 mlxscore=0 suspectscore=0 phishscore=0 mlxlogscore=933 impostorscore=0 priorityscore=1501 clxscore=1011 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2306200000 definitions=main-2308100019 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773811079237362464 X-GMAIL-MSGID: 1773811079237362464 |
Series |
Venus driver fixes to avoid possible OOB accesses
|
|
Message
Vikash Garodia
Aug. 10, 2023, 2:25 a.m. UTC
v1 -> v2: - Address the comment to reduce size of queue pointer from queue size - Consider the data size during memcpy to avoid OOB write - Use hweight_long() to count the setbits representing the supported codecs v1: https://lore.kernel.org/all/1690432469-14803-1-git-send-email-quic_vgarodia@quicinc.com/ This series primarily adds check at relevant places in venus driver where there are possible OOB accesses due to unexpected payload from venus firmware. The patches describes the specific OOB possibility. Please review and share your feedback. Vikash Garodia (4): venus: hfi: add checks to perform sanity on queue pointers venus: hfi: fix the check to handle session buffer requirement venus: hfi: add checks to handle capabilities from firmware venus: hfi_parser: Add check to keep the number of codecs within range drivers/media/platform/qcom/venus/hfi_msgs.c | 2 +- drivers/media/platform/qcom/venus/hfi_parser.c | 15 +++++++++++++++ drivers/media/platform/qcom/venus/hfi_venus.c | 10 ++++++++++ 3 files changed, 26 insertions(+), 1 deletion(-)