On 07/02/2025 08:24, Vikash Garodia wrote:
> This series primarily adds check at relevant places in venus driver
> where there are possible OOB accesses due to unexpected payload from
> venus firmware. The patches describes the specific OOB possibility.
>
> Please review and share your feedback.
>
> Validated on sc7180(v4), rb5(v6) and db410c(v1).
>
> Changes in v4:
> - fix an uninitialize variable(media ci)
> - Link to v3: https://lore.kernel.org/r/20250128-venus_oob_2-v3-0-0144ecee68d8@quicinc.com
>
> Changes in v3:
> - update the packet parsing logic in hfi_parser. The utility parsing api
> now returns the size of data parsed, accordingly the parser adjust the
> remaining bytes, taking care of OOB scenario as well (Bryan)
> - Link to v2:
> https://lore.kernel.org/r/20241128-venus_oob_2-v2-0-483ae0a464b8@quicinc.com
>
> Changes in v2:
> - init_codec to always update with latest payload from firmware
> (Dmitry/Bryan)
> - Rewrite the logic of packet parsing to consider payload size for
> different packet type (Bryan)
> - Consider reading sfr data till available space (Dmitry)
> - Add reviewed-by tags
> - Link to v1:
> https://lore.kernel.org/all/20241105-venus_oob-v1-0-8d4feedfe2bb@quicinc.com/
>
> Signed-off-by: Vikash Garodia <quic_vgarodia@quicinc.com>
> ---
> Vikash Garodia (4):
> media: venus: hfi_parser: add check to avoid out of bound access
> media: venus: hfi_parser: refactor hfi packet parsing logic
> media: venus: hfi: add check to handle incorrect queue size
> media: venus: hfi: add a check to handle OOB in sfr region
>
> drivers/media/platform/qcom/venus/hfi_parser.c | 96 +++++++++++++++++++-------
> drivers/media/platform/qcom/venus/hfi_venus.c | 15 +++-
> 2 files changed, 83 insertions(+), 28 deletions(-)
> ---
> base-commit: c7ccf3683ac9746b263b0502255f5ce47f64fe0a
> change-id: 20241115-venus_oob_2-21708239176a
>
> Best regards,
I think this series is ready for merge.
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>