Received: by 2002:a05:6358:51dd:b0:131:369:b2a3 with SMTP id 29csp601080rwl; Wed, 9 Aug 2023 21:14:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH9V7SOgbNXsGKewbl9sEtCvBSEVRl2fT0N4gzqpC7D+3rGXva45cD5WAygG9TEGqBYYJEO X-Received: by 2002:a05:6a20:7490:b0:13f:de94:fb97 with SMTP id p16-20020a056a20749000b0013fde94fb97mr1220004pzd.27.1691640890163; Wed, 09 Aug 2023 21:14:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691640890; cv=none; d=google.com; s=arc-20160816; b=kRUgGhn2q3cnEWqXceBRnQq0livDZDxqYH3NIo6dkFjIFX+76xypgWs6TRCX5wt5g2 cmY3pYXq7HT64hK9XiLGUQaUEDr5AZ6SLeSIVWdKmONoCDx0oUqIzTPo/aMNohWiO79H +W/PFSE5oMlwcGkDnxyLE6vrB56tL7BrJ1zZk4Q5JP/QtZ6g6q0of74kAowleGW2LY1Y Guhsy3Pl37aH5bPrkfGIK5RIL4IQWq23IN4G5cgj0o2obCv9H53D6+5rWebgO9qQCpB9 kJflRKJVcKWEK2fd9Xuh+JRrOMUtUlRRR4eEG/8L/n9tDySLWU8UIH2UfOtZ5HHT+TVL Kmow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=2oTMgX4OQS2lmRYb6mhrixFvv6JGwYf/kL8q1sU/r9M=; fh=GcndwOMBf1bnpW+bW+jgpNWzVvxAZNEz+Wt3jUkG7qY=; b=ZqIk8KPLLiVF7PG9A7AzAdXC3nMnNx+VZP8MV0SkDIVAK+xbo9RnCqKLPRiIRkTap7 MbBhWXcDomB1zFbWq3hOTH8v82FrXcNgaUX+YuQwk68PdgB15UNaScoubJG8HZD3YHiU OEciGaDEOxpQsDKrEMKe9CO+/WtcOcJ3rkEp1y2Zgh5e2eloyYB8I1z2ElyIZCAa/wN8 kK79J8l5tl9FA9Z8r9q1JPyKOBjnhwuoRfxRNgpTv4fipuzpxE8zQB5vCP7yfZKxx8+E KgyJi1cRay3IuaNy+J73J37r/OAcTNONCld/7HRiI1cZK+45vMfjVD7zb3j2JRJjCN1e z78g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=Wpyudwoj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k20-20020a6568d4000000b00564107825a4si719750pgt.463.2023.08.09.21.14.37; Wed, 09 Aug 2023 21:14:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=Wpyudwoj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231787AbjHJC0L (ORCPT + 99 others); Wed, 9 Aug 2023 22:26:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40286 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232324AbjHJC0K (ORCPT ); Wed, 9 Aug 2023 22:26:10 -0400 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C26D2211B; Wed, 9 Aug 2023 19:26:04 -0700 (PDT) Received: from pps.filterd (m0279866.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 37A1iIhE005236; Thu, 10 Aug 2023 02:25:50 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=qcppdkim1; bh=2oTMgX4OQS2lmRYb6mhrixFvv6JGwYf/kL8q1sU/r9M=; b=Wpyudwoj3DKKKu7qauqQonaQ36U2rMNj0ghEvAUx7YcoYkk0i3ok0eOrKrnalcO33D6G Y+CwmkNqx9TEN6zurOHPehHohxp+25pLTUQvdjw2FPbNDzaL3XODuvqkh5s6OCkUsCfs G6xdvKIY1PQNlcxMokU/npS1prMPelf0TqyuHPnWXxJYvplDSZxIG19AXo81F9iCzAFE 11NI194qquQVsQ+a0IUZeS8kXmObxwZYl8RAutI+DiQaY40n+LBfTKNMu3rn1OicOSQp RPKlG7LZzhu0dUQ9M63uOdDpVvF4rM9FbIX0r/iNFHol8ADrvCKuzRz3OFNcj9ihH3CM WA== Received: from nasanppmta05.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3sch7crgxv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 10 Aug 2023 02:25:50 +0000 Received: from nasanex01a.na.qualcomm.com (nasanex01a.na.qualcomm.com [10.52.223.231]) by NASANPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 37A2PnCQ019397 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 10 Aug 2023 02:25:49 GMT Received: from hu-vgarodia-hyd.qualcomm.com (10.80.80.8) by nasanex01a.na.qualcomm.com (10.52.223.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.30; Wed, 9 Aug 2023 19:25:45 -0700 From: Vikash Garodia To: , , , , , , , CC: , , , , Vikash Garodia Subject: [PATCH v2 2/4] venus: hfi: fix the check to handle session buffer requirement Date: Thu, 10 Aug 2023 07:55:02 +0530 Message-ID: <1691634304-2158-3-git-send-email-quic_vgarodia@quicinc.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1691634304-2158-1-git-send-email-quic_vgarodia@quicinc.com> References: <1691634304-2158-1-git-send-email-quic_vgarodia@quicinc.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nasanex01a.na.qualcomm.com (10.52.223.231) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: 1xTf4V96M7poeYWwhndFerb0Ss9mWa4S X-Proofpoint-GUID: 1xTf4V96M7poeYWwhndFerb0Ss9mWa4S X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-08-10_01,2023-08-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 spamscore=0 priorityscore=1501 lowpriorityscore=0 suspectscore=0 impostorscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 malwarescore=0 clxscore=1015 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2306200000 definitions=main-2308100019 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Buffer requirement, for different buffer type, comes from video firmware. While copying these requirements, there is an OOB possibility when the payload from firmware is more than expected size. Fix the check to avoid the OOB possibility. Cc: stable@vger.kernel.org Fixes: 09c2845e8fe4 ("[media] media: venus: hfi: add Host Firmware Interface (HFI)") Reviewed-by: Nathan Hebert Signed-off-by: Vikash Garodia --- drivers/media/platform/qcom/venus/hfi_msgs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/qcom/venus/hfi_msgs.c b/drivers/media/platform/qcom/venus/hfi_msgs.c index 3d5dadf..3e85bd8 100644 --- a/drivers/media/platform/qcom/venus/hfi_msgs.c +++ b/drivers/media/platform/qcom/venus/hfi_msgs.c @@ -398,7 +398,7 @@ session_get_prop_buf_req(struct hfi_msg_session_property_info_pkt *pkt, memcpy(&bufreq[idx], buf_req, sizeof(*bufreq)); idx++; - if (idx > HFI_BUFFER_TYPE_MAX) + if (idx >= HFI_BUFFER_TYPE_MAX) return HFI_ERR_SESSION_INVALID_PARAMETER; req_bytes -= sizeof(struct hfi_buffer_requirements); -- 2.7.4