Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp1934381rwb; Wed, 26 Jul 2023 22:47:36 -0700 (PDT) X-Google-Smtp-Source: APBJJlFQlbQwJ/CbipB6gcr9ocpGTIx7FjjyGJm14zjRko5YhC2jqVexlmIPnGO/aIi/TonW9b4z X-Received: by 2002:a17:902:e80f:b0:1bb:3406:a612 with SMTP id u15-20020a170902e80f00b001bb3406a612mr4176561plg.57.1690436855960; Wed, 26 Jul 2023 22:47:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690436855; cv=none; d=google.com; s=arc-20160816; b=Rg5ESSKRqj6dr5LmWd++YuNnOKMIzT6mE1e6hmVQJLkI6xUCmM48XH4S186O2GEd0h GW9/K3VW9+gHBCimPCgzNUAQcua5pJW1wnBloFh1d5dVf4TliTueoXHjmgGtc0Y4JMCy aoy6yJ7NzQ0m2s2Js5mjDmJuHnOfWKt17ftJSqE6pSpxkYGKWz0bYPimIytP1yHyCjy1 Wzdh72PTZs4617lOWpiB4lewdcgkzc7H93YPhzdchXRj07u9byFD3d/Ahi3KcZHWJsze fWn4JUnfs88apIz2nMWT4E8trHQIgZTOfFx9lpwieJ/kGAXv26HKxjhbpvh823EFw+fA JRCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=TugPb8tl9hbltjc7Ww0SHgYRqILvgjkw9uxYmp0Uq7Q=; fh=GcndwOMBf1bnpW+bW+jgpNWzVvxAZNEz+Wt3jUkG7qY=; b=ydHSC1GjZ6e3DJ9XYuff4Zp705VuEtloQwxJ4x8nrrfz060c9GwTUG4KAQZNEWJYR9 2HaEZ0Cpn/Qh88uGnhbO5jRKJ6qpUPKQ1Ead7iOBywRprSpKSLdwzz159qYfZ83ZBn4N Yzr3kmlzeNgqc+tCBWdw1awscr9mngOP2qzLvXYuHpe1aBkOn/wxAIoY5b2yW0MjLUyM sTSarQiG6QTOEQCnHksDy9sdZIYnJp1iHQcVcvg+bc5eHtLnZ/NWdLKHhomZdWhmYSLJ OBZm6+hrE9TNSo8lHurJdFpoHtggKC1k1eX/sT/NYbaoqB8hTZSmvi1A8yOJEARM2iAj gYmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=MDo51uIF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r21-20020a170902c7d500b001b89bcfb2c3si685474pla.162.2023.07.26.22.47.24; Wed, 26 Jul 2023 22:47:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=MDo51uIF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231418AbjG0Ef2 (ORCPT + 99 others); Thu, 27 Jul 2023 00:35:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59816 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231434AbjG0EfY (ORCPT ); Thu, 27 Jul 2023 00:35:24 -0400 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0C76273C; Wed, 26 Jul 2023 21:35:20 -0700 (PDT) Received: from pps.filterd (m0279864.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 36R3V0jd016054; Thu, 27 Jul 2023 04:35:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=qcppdkim1; bh=TugPb8tl9hbltjc7Ww0SHgYRqILvgjkw9uxYmp0Uq7Q=; b=MDo51uIFfI3fX9en1fAijIkp3Pv1Lixmo/hf1KtNdUQthWxiYVl17kOqf+PxUYNxxJJo IcH7kbYXShS8oKjqnHj/rbsPfm8QBjjPSCfYjeiA1tHnsXQ87IwPQj5Cu0EcAwn5q7Le Iiiz7/iOc3MAAuE+MqUf4HdG1wjvOMaEUos6Fw5SEFVspb7qsAp3LZwFGbvgFLdaMpd4 0f2yad5xxp7dC87Ss6rIyAcnFrnBCeVNjnhXcYhRUp37gsorpxKPmiF9FcKCzFBs2FSQ VGopKHjm0uTejANgxRa6qkdA0TJt6TeFmOo04ueABs4fc4WNAMA55+zYu2y2WUqejw8k 3w== Received: from nasanppmta02.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3s3f580825-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 27 Jul 2023 04:35:14 +0000 Received: from nasanex01a.na.qualcomm.com (nasanex01a.na.qualcomm.com [10.52.223.231]) by NASANPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 36R4ZDUS025350 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 27 Jul 2023 04:35:13 GMT Received: from hu-vgarodia-hyd.qualcomm.com (10.80.80.8) by nasanex01a.na.qualcomm.com (10.52.223.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.30; Wed, 26 Jul 2023 21:35:09 -0700 From: Vikash Garodia To: , , , , , , , CC: , , , , Vikash Garodia Subject: [PATCH 2/4] venus: hfi: fix the check to handle session buffer requirement Date: Thu, 27 Jul 2023 10:04:27 +0530 Message-ID: <1690432469-14803-3-git-send-email-quic_vgarodia@quicinc.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1690432469-14803-1-git-send-email-quic_vgarodia@quicinc.com> References: <1690432469-14803-1-git-send-email-quic_vgarodia@quicinc.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nasanex01a.na.qualcomm.com (10.52.223.231) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: b-hCZTY-WtDIXt4maahSGWkjvnuP0rRk X-Proofpoint-ORIG-GUID: b-hCZTY-WtDIXt4maahSGWkjvnuP0rRk X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-07-26_08,2023-07-26_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=982 mlxscore=0 spamscore=0 lowpriorityscore=0 impostorscore=0 priorityscore=1501 suspectscore=0 phishscore=0 clxscore=1015 adultscore=0 malwarescore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2306200000 definitions=main-2307270041 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Buffer requirement, for different buffer type, comes from video firmware. While copying these requirements, there is an OOB possibility when the payload from firmware is more than expected size. Fix the check to avoid the OOB possibility. Cc: stable@vger.kernel.org Fixes: 09c2845e8fe4 ("[media] media: venus: hfi: add Host Firmware Interface (HFI)") Signed-off-by: Vikash Garodia --- drivers/media/platform/qcom/venus/hfi_msgs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/qcom/venus/hfi_msgs.c b/drivers/media/platform/qcom/venus/hfi_msgs.c index 3d5dadf..3e85bd8 100644 --- a/drivers/media/platform/qcom/venus/hfi_msgs.c +++ b/drivers/media/platform/qcom/venus/hfi_msgs.c @@ -398,7 +398,7 @@ session_get_prop_buf_req(struct hfi_msg_session_property_info_pkt *pkt, memcpy(&bufreq[idx], buf_req, sizeof(*bufreq)); idx++; - if (idx > HFI_BUFFER_TYPE_MAX) + if (idx >= HFI_BUFFER_TYPE_MAX) return HFI_ERR_SESSION_INVALID_PARAMETER; req_bytes -= sizeof(struct hfi_buffer_requirements); -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project