v1 -> v2: - init_codec to always update with latest payload from firmware (Dmitry/Bryan) - Rewrite the logic of packet parsing to consider payload size for different packet type (Bryan) - Consider reading sfr data till available space (Dmitry) - Add reviewed-by tags v1: https://lore.kernel.org/all/20241105-venus_oob-v1-0-8d4feedfe2bb@xxxxxxxxxxx/ This series primarily adds check at relevant places in venus driver where there are possible OOB accesses due to unexpected payload from venus firmware. The patches describes the specific OOB possibility. Please review and share your feedback. Validated on sc7180(v4) and rb5(v6). Stan, please help to extend the test on db410c(v1). Signed-off-by: Vikash Garodia <quic_vgarodia@xxxxxxxxxxx> --- Vikash Garodia (4): media: venus: hfi_parser: add check to avoid out of bound access media: venus: hfi_parser: avoid OOB access beyond payload word count media: venus: hfi: add check to handle incorrect queue size media: venus: hfi: add a check to handle OOB in sfr region drivers/media/platform/qcom/venus/hfi_parser.c | 58 +++++++++++++++++++++----- drivers/media/platform/qcom/venus/hfi_venus.c | 15 ++++++- 2 files changed, 60 insertions(+), 13 deletions(-) --- base-commit: c7ccf3683ac9746b263b0502255f5ce47f64fe0a change-id: 20241115-venus_oob_2-21708239176a Best regards, -- Vikash Garodia <quic_vgarodia@xxxxxxxxxxx>
