Received: by 2002:a05:7412:6592:b0:d7:7d3a:4fe2 with SMTP id m18csp873379rdg; Fri, 11 Aug 2023 02:37:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFIHWT326BTrf32g+lS+3ZO9wYFUX5+LqIrKqaeJxi/wHfyvLCnYkAn8i9TJrS5Y3ftxQR1 X-Received: by 2002:a17:907:2e0b:b0:99c:d069:d1f with SMTP id ig11-20020a1709072e0b00b0099cd0690d1fmr1176787ejc.66.1691746631243; Fri, 11 Aug 2023 02:37:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691746631; cv=none; d=google.com; s=arc-20160816; b=ChVlVrijmHuFG7nXz9jGTPo5D7ogo53Nba2K1SdyOTjeTf7k0Ut0HkHdLXG1KEWv/5 b2SjHYubLTrmWAZfqEmSgEI4FbpqwwoMCT1HkcurBxCmbhbZ8Bj4Qs+0dx1rK6pl9UPM fmtWztMlgDxylVzHbEteCfptRNeVx6Pso8sio7mpnrR89WCsIs/lJN64cEOmLGH1eMFT DNODzAwaETm1OpaCnPbqhYgRgG0if5QQK+yiiGeVVPQoptgiR5j1apiPfUOTyK7NI82x vGR0hskeRHP1cVEZdTHUwgusSduvLZCvSWQcBgXNG3EqjLMO17JyftwRj8t7XxXYuNA4 41Rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=n0L7TNaPDjG2oP47xE9wFsvrLG+cbfbskrmcmsHvf/A=; fh=U78sclg0Y4Gxw/OVnaUghVFQGh/K/BlwQoZ5+9IUuFc=; b=H5GL+b53Opx2AhUZaML4sVzBwUrDE88WnNKI2RqqKpasTedY21a8fy3OoBGeDb223b 7otN/geMgxmOwfI03V3cBIo1xenOguYTUfHkX2pNY2WEWdFhuNDtuQ3OSf/03mc6kSi5 p1MtyFr797L/ztY7hcGx6Wf6d2fGGUNosst1cGmG8/H2txIXGXLuRSIlr8S5tl5xHTJj WmVzm3a4haWNK7GQKBBD7AJ1rjDXl8LS0njFxT37ym4cobiMpUWpi6Ayt/4xrj8t+J+d 36hc2d1nHTcHPPc4s4vwymgndGbEomPCgb52JB8ekxOXYshH+R+UjAZ7fDye1x4B7lB+ JhmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="I/sxIutc"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m16-20020a17090679d000b0099ce23c3a71si3192259ejo.1041.2023.08.11.02.36.46; Fri, 11 Aug 2023 02:37:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="I/sxIutc"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234298AbjHKInD (ORCPT + 99 others); Fri, 11 Aug 2023 04:43:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234100AbjHKIm7 (ORCPT ); Fri, 11 Aug 2023 04:42:59 -0400 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8D052D70 for ; Fri, 11 Aug 2023 01:42:58 -0700 (PDT) Received: by mail-wr1-x432.google.com with SMTP id ffacd0b85a97d-317716a4622so1578297f8f.1 for ; Fri, 11 Aug 2023 01:42:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1691743377; x=1692348177; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=n0L7TNaPDjG2oP47xE9wFsvrLG+cbfbskrmcmsHvf/A=; b=I/sxIutcJCbO+pIGSgszv7i8DqFLycVyBoKVrOr3LmgHlime0xzpYp9Rrvzt9NV4NV +c8l6GC+YxH+6+aVHQnCzvsoNemJRwsLRatFuoyJhBvkx3gvLS5RJvIPOpGOLj3BXIk1 385nGLNLDt2N4CS7WS4Rn4IX7w0JF4XqUrBzoY33GYt8lO3c25zukscckGy1l0F/I+Kc 41nICKGyNYrALjpF5YM0Ft0vHsTFtcQVdkpJCD1DRx+1n8cx7TZK5hKFZxipzfRdlxCd fMRT97i7jbpWrN5K71Gl6IZ8I4cUsXQy+MmhE7f43/30aPT4E4IbwCOXubeNZO78suTJ Pj0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691743377; x=1692348177; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=n0L7TNaPDjG2oP47xE9wFsvrLG+cbfbskrmcmsHvf/A=; b=J6JJFXgBUxUH+mn/RIpXmiaKOeRxxEBtwohYedvaZi9j7R7Cnznwup7FmE22CnRu5g IqS5ma4CYy/jzEBoVbYWGlvwHyJTraJ1r9hmFpdOukgeV+9n+aCUG9MVw0oYxG+NRRJE ZCTbnVCfYb41cvSgHUDWvdwD1GWfeZfi15NdHapWzRvPiE8Dz62x7MHlpzUQfOzzbBBv kOy7RBWjj1RGGvCjcYANEiRQ1x6rbqTEyFsDiXNu/QQSCQ9apCIVwJo2sofEnQ/GmXDp sPVfVZrevJhsxo5xY/ghtXKA6dFIbhj25U3pm2zR94/PjqBBzjM8U5Utw1d9tMgjzVF4 W9Lg== X-Gm-Message-State: AOJu0Yyr8ymVtUTjHaf84j5/PGL7utNHKD3gj8YvpuFK9hz8TCIoeX7I xWaII/glS33NeaSSvNx50Ywz2A== X-Received: by 2002:adf:ef4a:0:b0:314:1b36:f440 with SMTP id c10-20020adfef4a000000b003141b36f440mr814509wrp.70.1691743377366; Fri, 11 Aug 2023 01:42:57 -0700 (PDT) Received: from [192.168.0.162] (188-141-3-169.dynamic.upc.ie. [188.141.3.169]) by smtp.gmail.com with ESMTPSA id u16-20020a5d4690000000b00313de682eb3sm4669333wrq.65.2023.08.11.01.42.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 11 Aug 2023 01:42:56 -0700 (PDT) Message-ID: <8b72ce47-c338-2061-f11a-c0a608686d8c@linaro.org> Date: Fri, 11 Aug 2023 09:42:55 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH v2 4/4] venus: hfi_parser: Add check to keep the number of codecs within range Content-Language: en-US To: Vikash Garodia , stanimir.k.varbanov@gmail.com, agross@kernel.org, andersson@kernel.org, konrad.dybcio@linaro.org, mchehab@kernel.org, hans.verkuil@cisco.com, tfiga@chromium.org Cc: linux-media@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org References: <1691634304-2158-1-git-send-email-quic_vgarodia@quicinc.com> <1691634304-2158-5-git-send-email-quic_vgarodia@quicinc.com> <2214c31b-eca2-012e-a100-21252a724e7c@quicinc.com> From: Bryan O'Donoghue In-Reply-To: <2214c31b-eca2-012e-a100-21252a724e7c@quicinc.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/08/2023 07:04, Vikash Garodia wrote: > > On 8/10/2023 5:03 PM, Bryan O'Donoghue wrote: >> On 10/08/2023 03:25, Vikash Garodia wrote: >>> +    if (hweight_long(core->dec_codecs) + hweight_long(core->enc_codecs) > >>> MAX_CODEC_NUM) >>> +        return; >>> + >> >> Shouldn't this be >= ? > Not needed. Lets take a hypothetical case when core->dec_codecs has initial 16 > (0-15) bits set and core->enc_codecs has next 16 bits (16-31) set. The bit count > would be 32. The codec loop after this check would run on caps array index 0-31. > I do not see a possibility for OOB access in this case. > >> >> struct hfi_plat_caps caps[MAX_CODEC_NUM]; >> >> --- >> bod >> Are you not doing a general defensive coding pass in this series ie "[PATCH v2 2/4] venus: hfi: fix the check to handle session buffer requirement" --- bod