Received: by 2002:a05:6358:51dd:b0:131:369:b2a3 with SMTP id 29csp1202060rwl; Thu, 10 Aug 2023 07:53:04 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHp6GXKhJtjVdVbaasY7Wv4TyKB2woxRqQsvU93ozN6ACckPcKL0m1xpRwSTq8EieZXhRAC X-Received: by 2002:a05:6a00:99a:b0:687:7daf:2a2f with SMTP id u26-20020a056a00099a00b006877daf2a2fmr3015893pfg.28.1691679183803; Thu, 10 Aug 2023 07:53:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691679183; cv=none; d=google.com; s=arc-20160816; b=mlxqjTWbkUAitcfMt5CmBLILuxXWYh27HcaxaWma7t72DdirZwnwMmjQab243pl7+5 klADX5mn7b6Re0IWod4Vng8z7Xr1GkdeiLxuFixnxRC4Csg6LtEr70vKmNiRP7UveIeT iH/W8oaINC6GBLiYTXi/lWyobps/RsN0Jv3YmGdSlMUEy2Gz1fU/kIj9BzNfNfpVI0Ni SHIqmZlI0jQC4QLmiStwFlP4Ym/gp+mgdUnjw5HMFJfegud10FW3ogsAun2APSB7Up4s xSCSyqPrlMIxpLypiunHzZQty+ZI1fFtoK9CuO01mXZ56jHpwTD+LqQQ82CwWmO1IuL6 xi/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=3RXPprJU2hE5cjuYnx4i6Sk1OK80+5yCKiP5CQ+QSgM=; fh=U78sclg0Y4Gxw/OVnaUghVFQGh/K/BlwQoZ5+9IUuFc=; b=EwgLfb/Yxm5BtqVaWUuUL92+z48+1D59z1CcEtHZq/ktlcTiephWiv1AqeiF/usOK4 aWm26SMblimt8z/I4Nt1TJ8my1QxygCKPbdVqnldFA3s/cJt8+NeJFxcLXYqcuE11hqz 4p474gIUDXupCa8n+BIAm+409s1V5Omj0uzY062Wy8WQc8jWLo16AIeT0M0WVu1nb9uH nD1zZZEB8tM8GfclUGhNuj6hn9Diq+V5S6nTh4OCE/R0ScRnxRac5I+3urigYs5mfIBN sUNIlshNzbFKF5UoEtgWu3LeA1XBQV5u4ooCNpl4okMw85qhC7Jd+1Itxdi+ad+QkIcI Qwgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=iHF2MTU5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k2-20020aa788c2000000b006870b9bddbdsi1726100pff.62.2023.08.10.07.52.51; Thu, 10 Aug 2023 07:53:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=iHF2MTU5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234970AbjHJLbP (ORCPT + 99 others); Thu, 10 Aug 2023 07:31:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234476AbjHJLbN (ORCPT ); Thu, 10 Aug 2023 07:31:13 -0400 Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8BBE4E42 for ; Thu, 10 Aug 2023 04:31:12 -0700 (PDT) Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-3fe167d4a18so7300615e9.0 for ; Thu, 10 Aug 2023 04:31:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1691667071; x=1692271871; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=3RXPprJU2hE5cjuYnx4i6Sk1OK80+5yCKiP5CQ+QSgM=; b=iHF2MTU5fL8hJmdrBzYuTDiTez4b+1cyTh51MWBygiHIGstB79dxwzTB2UpKguaPnv mYhPMMCrBzaZUl4dkAw7An9j4KAUZe6AE38e6Qx8huGrEZ3SqQP3VboHcogkhB7ts2o2 abIsgI8h7upMpFwml6siZTv81Ms63FP4nlxDIAsPCaUI9UYFBClborQFOHHjgR4IWfw6 OOzEQYWw+ywLBi6WYE1WfPGfd/e6Fs8DJaBih2HAZXGgiw1YKmxUY98mqozGXCi7LW2h MFzNCj++scnSkxiXk/VKN30pMezoAR9LLAHOnjSFl/Afg2RH+vRj+U13bsTKVk2vDG94 enTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691667071; x=1692271871; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3RXPprJU2hE5cjuYnx4i6Sk1OK80+5yCKiP5CQ+QSgM=; b=J+9L0ikACxm4R1q5/9A/+GaVRoPEd2r0UyVV84IEAI/RgaZGrADOVncUPCud2k7MTQ huRy4+7JrsgRDUd+KTbgWmpGJ+ZDRqJBom2hu67RUFCwCMDqSJup3Bedm4tzEIe83NMW rpQ1tm68qYbsTeyolEF28zjDtoZ39v49Fhb5PsTOYlCe85YbRTWZ3D4f8rf93g9EsWVk qACY1fXkjTKEb3sL9qzmGYrCaPEH1TDZerk8uqAfnyO9uPZMKPuB0U+osRhQBDguvrWe /PGE+eAdGRWjhTqUnRYzsLRckni+ajV8vRawkFSeoG/tLnTXT8Eh+rrUnhmHvhZzv1g1 4KOg== X-Gm-Message-State: AOJu0YzZQp6OfTboLFu1MW5cGhptyUOA7xGGwD/bxSII2w0ncumROkqM UQ1J1hHdwLI+0n9lEqFeLdEBZmQfsZ42vOkz5E0= X-Received: by 2002:a7b:c859:0:b0:3fe:1232:93fa with SMTP id c25-20020a7bc859000000b003fe123293famr1692343wml.22.1691667071069; Thu, 10 Aug 2023 04:31:11 -0700 (PDT) Received: from [192.168.0.162] (188-141-3-169.dynamic.upc.ie. [188.141.3.169]) by smtp.gmail.com with ESMTPSA id x1-20020a05600c21c100b003fe1e3937aesm1831728wmj.20.2023.08.10.04.31.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 10 Aug 2023 04:31:10 -0700 (PDT) Message-ID: <59b61d65-a827-d252-cdc2-a256f99cb4d9@linaro.org> Date: Thu, 10 Aug 2023 12:31:09 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH v2 3/4] venus: hfi: add checks to handle capabilities from firmware Content-Language: en-US To: Vikash Garodia , stanimir.k.varbanov@gmail.com, agross@kernel.org, andersson@kernel.org, konrad.dybcio@linaro.org, mchehab@kernel.org, hans.verkuil@cisco.com, tfiga@chromium.org Cc: linux-media@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org References: <1691634304-2158-1-git-send-email-quic_vgarodia@quicinc.com> <1691634304-2158-4-git-send-email-quic_vgarodia@quicinc.com> From: Bryan O'Donoghue In-Reply-To: <1691634304-2158-4-git-send-email-quic_vgarodia@quicinc.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/08/2023 03:25, Vikash Garodia wrote: > The hfi parser, parses the capabilities received from venus firmware and > copies them to core capabilities. Consider below api, for example, > fill_caps - In this api, caps in core structure gets updated with the > number of capabilities received in firmware data payload. If the same api > is called multiple times, there is a possibility of copying beyond the max > allocated size in core caps. > Similar possibilities in fill_raw_fmts and fill_profile_level functions. > > Cc: stable@vger.kernel.org > Fixes: 1a73374a04e5 ("media: venus: hfi_parser: add common capability parser") > Signed-off-by: Vikash Garodia > --- > drivers/media/platform/qcom/venus/hfi_parser.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/drivers/media/platform/qcom/venus/hfi_parser.c b/drivers/media/platform/qcom/venus/hfi_parser.c > index 6cf74b2..9d6ba22 100644 > --- a/drivers/media/platform/qcom/venus/hfi_parser.c > +++ b/drivers/media/platform/qcom/venus/hfi_parser.c > @@ -86,6 +86,9 @@ static void fill_profile_level(struct hfi_plat_caps *cap, const void *data, > { > const struct hfi_profile_level *pl = data; > > + if (cap->num_pl + num >= HFI_MAX_PROFILE_COUNT) > + return; > + > memcpy(&cap->pl[cap->num_pl], pl, num * sizeof(*pl)); > cap->num_pl += num; > } Why append and discard though ? Couldn't we reset/reinitalise the relevant indexes in hfi_sys_init_done() ? Can subsequent notifications from the firmware give a new capability set ? Presumably not. IMO though instead of throwing away the new data, we should throw away the old data, no ? --- bod