[PATCH v2 0/2] venus driver fixes to avoid possible OOB read access

From: Vedang Nagar
Date: Sat Feb 15 2025 - 12:20:21 EST

Next message: Vedang Nagar: "[PATCH v2 1/2] media: venus: fix OOB read issue due to double read"
Previous message: Konstantin Khlebnikov: "Re: [PATCH] docs: iostats: Rewrite intro, remove outdated formats"
Next in thread: Vedang Nagar: "[PATCH v2 2/2] media: venus: fix OOB access issue while reading sequence changed events"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This series primarily adds check at relevant places in venus driver
where there are possible OOB accesses due to unexpected payload
from venus firmware. The patches describes the specific OOB possibility.

Signed-off-by: Vedang Nagar <quic_vnagar@xxxxxxxxxxx>
---
Changes in v2:
- Decompose sequence change event function.
- Fix repopulating the packet .with the first read during read_queue.
- Link to v1: https://lore.kernel.org/r/20250104-venus-security-fixes-v1-0-9d0dd4594cb4@xxxxxxxxxxx

---
Vedang Nagar (2):
media: venus: fix OOB read issue due to double read
media: venus: fix OOB access issue while reading sequence changed events

drivers/media/platform/qcom/venus/hfi_msgs.c | 72 +++++++++++++++++++++++----
drivers/media/platform/qcom/venus/hfi_venus.c | 1 +
2 files changed, 63 insertions(+), 10 deletions(-)
---
base-commit: 91e71d606356e50f238d7a87aacdee4abc427f07
change-id: 20241211-venus-security-fixes-50c22e2564d5

Best regards,
--
Vedang Nagar <quic_vnagar@xxxxxxxxxxx>

Next message: Vedang Nagar: "[PATCH v2 1/2] media: venus: fix OOB read issue due to double read"
Previous message: Konstantin Khlebnikov: "Re: [PATCH] docs: iostats: Rewrite intro, remove outdated formats"
Next in thread: Vedang Nagar: "[PATCH v2 2/2] media: venus: fix OOB access issue while reading sequence changed events"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]