Received: by 2002:a05:6358:701b:b0:131:369:b2a3 with SMTP id 27csp890687rwo; Sat, 22 Jul 2023 02:14:09 -0700 (PDT) X-Google-Smtp-Source: APBJJlEGyGJMD+RL09GH/NZzA5er7OzMgaUxTFrqBSmrFWI7Hyti+bWJtJZLGq3Qtgv8BK5flA3/ X-Received: by 2002:a05:6a00:17a3:b0:64d:46b2:9a58 with SMTP id s35-20020a056a0017a300b0064d46b29a58mr3544058pfg.26.1690017248978; Sat, 22 Jul 2023 02:14:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690017248; cv=none; d=google.com; s=arc-20160816; b=OXnf5bJFPXaAfknwOnDn8Zx65OzVA6BI8lAshXOsrmsUPMZ0FuycWS6TQLUhy4kYJ6 v6raJjdT2UE9NBnOadF4GRyfG6jzr03lwfZPN4AupP/0ms2Q8s0Kn/8Yqh5M++biHjzF o1ai7X9Gh46seUUJHGiDiUdz10CvSv2EGggrrw2lk2vZZQ3q4CE35oaC5TQebZGZfWdR Enn8se8RlsKPR2rzRwnueSJmWmeZZ02YtpyNT+2wzy0+eLmQhfFp3oc8J6AFMYJexox0 WZhL36Fs7LSuUQzw7UnoVNxX0OPoKeWTygC6YP+aaaQ8Drb5R9ntewnepQY3nwe5QtFe og7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=U+HorF4LeKiLNz5w8pGzA0k69aZAzTVqZHElBYNhWvo=; fh=dnvkKDphEn4iJqR7Zr9ymMkUoTSWsQaqOPrldMKPwU0=; b=MzpCFwV/cUeKclxSCaxamWHYLyOnChLq8w4ewNzXoALcpN2J52D7pvRtsbvdvKCpZe ON0ucfsgRUSMmUdMNOYqmcHXuRs2+DgpIBk+CMu9ts+NhAhkBIj9Zb4K42WurWND8P9y 29dW75WnLibUQv3KndsdpFKOv6/oL+7+ZyCnsbENyT1vBQfgz7zlDQWY+pbj1vNknqlI o5Vv/K0vO9tHgeC6gNV8PzzZchG59f8IMFPH48J0TfHVpUhYC1vLdN0MRgmU2rsjzNm3 GkOSJd27zIZKORhuzlciUS3aZWAzY8t1jsBBjcSzZ6MqSzxA6BzAzG0SH5YgEuqFNcZz FsZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=iUzGZi4u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s33-20020a056a0017a100b0064d419dd566si5210567pfg.205.2023.07.22.02.13.51; Sat, 22 Jul 2023 02:14:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=iUzGZi4u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231273AbjGVHsF (ORCPT + 99 others); Sat, 22 Jul 2023 03:48:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231438AbjGVHsB (ORCPT ); Sat, 22 Jul 2023 03:48:01 -0400 Received: from mailgw02.mediatek.com (unknown [210.61.82.184]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D41C14208; Sat, 22 Jul 2023 00:47:20 -0700 (PDT) X-UUID: d502b344286311eeb20a276fd37b9834-20230722 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=U+HorF4LeKiLNz5w8pGzA0k69aZAzTVqZHElBYNhWvo=; b=iUzGZi4uncpLY3oFRUPn9gltfFjZ8f0S/nUCZ4p0nMIZs2BQmv3WMPFFWFBlg7+FppQoGEGomHxqgH2yhWxWEZTXkba05eoNK+cosGmK4QZw809gQ90lJuUeKpTsqpwhe2jF8BbPT5az0JuOJzTRHMlXaecXiWnzlWdLuINvbLY=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.28,REQID:17c7fa0c-2407-4d25-b823-c797c4049a6f,IP:0,U RL:0,TC:0,Content:-25,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTIO N:release,TS:-25 X-CID-META: VersionHash:176cd25,CLOUDID:9c2ee987-44fb-401c-8de7-6a5572f1f5d5,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0 X-CID-BVR: 0,NGT X-CID-BAS: 0,NGT,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: d502b344286311eeb20a276fd37b9834-20230722 Received: from mtkmbs11n2.mediatek.inc [(172.21.101.187)] by mailgw02.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 931281964; Sat, 22 Jul 2023 15:46:13 +0800 Received: from mtkmbs13n1.mediatek.inc (172.21.101.193) by mtkmbs13n1.mediatek.inc (172.21.101.193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Sat, 22 Jul 2023 15:46:12 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs13n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Sat, 22 Jul 2023 15:46:11 +0800 From: Yunfei Dong To: =?UTF-8?q?N=C3=ADcolas=20F=20=2E=20R=20=2E=20A=20=2E=20Prado?= , Nicolas Dufresne , Hans Verkuil , AngeloGioacchino Del Regno , Benjamin Gaignard , Nathan Hebert CC: Chen-Yu Tsai , Hsin-Yi Wang , Fritz Koenig , Daniel Vetter , Steve Cho , Yunfei Dong , , , , , , Subject: [PATCH v2,2/2] media: mediatek: vcodec: checking encoder ack message parameter Date: Sat, 22 Jul 2023 15:46:08 +0800 Message-ID: <20230722074608.30766-2-yunfei.dong@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230722074608.30766-1-yunfei.dong@mediatek.com> References: <20230722074608.30766-1-yunfei.dong@mediatek.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-MTK: N X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Need to checking all parameters of msg data are valid or not, in case of access null pointer or unreasonable value leading to kernel reboot. Signed-off-by: Yunfei Dong --- .../vcodec/encoder/mtk_vcodec_enc_drv.h | 2 + .../mediatek/vcodec/encoder/venc_vpu_if.c | 40 +++++++++++++++++-- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h b/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h index c07010e56649..a042f607ed8d 100644 --- a/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h +++ b/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h @@ -123,6 +123,7 @@ struct mtk_enc_params { * @xfer_func: enum v4l2_xfer_func, colorspace transfer function * * @q_mutex: vb2_queue mutex. + * @vpu_inst: vpu instance pointer. */ struct mtk_vcodec_enc_ctx { enum mtk_instance_type type; @@ -156,6 +157,7 @@ struct mtk_vcodec_enc_ctx { enum v4l2_xfer_func xfer_func; struct mutex q_mutex; + void *vpu_inst; }; /** diff --git a/drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c b/drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c index 708db1bb32d4..213544e55166 100644 --- a/drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c +++ b/drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c @@ -42,19 +42,47 @@ static void handle_enc_encode_msg(struct venc_vpu_inst *vpu, const void *data) vpu->is_key_frm = msg->is_key_frm; } +static bool vpu_enc_check_ap_inst(struct mtk_vcodec_enc_dev *enc_dev, struct venc_vpu_inst *vpu) +{ + struct mtk_vcodec_enc_ctx *ctx; + int ret = false; + + list_for_each_entry(ctx, &enc_dev->ctx_list, list) { + if (!IS_ERR_OR_NULL(ctx) && ctx->vpu_inst == vpu) { + ret = true; + break; + } + } + + return ret; +} + static void vpu_enc_ipi_handler(void *data, unsigned int len, void *priv) { + struct mtk_vcodec_enc_dev *enc_dev; const struct venc_vpu_ipi_msg_common *msg = data; - struct venc_vpu_inst *vpu = - (struct venc_vpu_inst *)(unsigned long)msg->venc_inst; + struct venc_vpu_inst *vpu; mtk_venc_debug(vpu->ctx, "msg_id %x inst %p status %d", msg->msg_id, vpu, msg->status); - vpu->signaled = 1; + enc_dev = (struct mtk_vcodec_enc_dev *)priv; + vpu = (struct venc_vpu_inst *)(unsigned long)msg->venc_inst; + if (!priv || !vpu) { + mtk_v4l2_venc_err(vpu->ctx, "venc_inst is NULL, did the SCP hang or crash?"); + return; + } + + if (!vpu_enc_check_ap_inst(enc_dev, vpu) || msg->msg_id < VPU_IPIMSG_ENC_INIT_DONE || + msg->msg_id > VPU_IPIMSG_ENC_DEINIT_DONE) { + mtk_v4l2_venc_err(vpu->ctx, "venc msg id not correctly => 0x%x", msg->msg_id); + vpu->failure = -EINVAL; + goto error; + } + vpu->failure = (msg->status != VENC_IPI_MSG_STATUS_OK); if (vpu->failure) { mtk_venc_err(vpu->ctx, "vpu enc status failure %d", vpu->failure); - return; + goto error; } switch (msg->msg_id) { @@ -72,6 +100,9 @@ static void vpu_enc_ipi_handler(void *data, unsigned int len, void *priv) mtk_venc_err(vpu->ctx, "unknown msg id %x", msg->msg_id); break; } + +error: + vpu->signaled = 1; } static int vpu_enc_send_msg(struct venc_vpu_inst *vpu, void *msg, @@ -105,6 +136,7 @@ int vpu_enc_init(struct venc_vpu_inst *vpu) init_waitqueue_head(&vpu->wq_hd); vpu->signaled = 0; vpu->failure = 0; + vpu->ctx->vpu_inst = vpu; status = mtk_vcodec_fw_ipi_register(vpu->ctx->dev->fw_handler, vpu->id, vpu_enc_ipi_handler, "venc", NULL); -- 2.18.0