[2/2] media: mediatek: vcodec: Handle encoder vsi NULL pointer case

Message ID	20230926101909.15030-2-irui.wang@mediatek.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org> From: Irui Wang <irui.wang@mediatek.com> To: Hans Verkuil <hverkuil-cisco@xs4all.nl>, Mauro Carvalho Chehab <mchehab@kernel.org>, Matthias Brugger <matthias.bgg@gmail.com>, <angelogioacchino.delregno@collabora.com>, <nicolas.dufresne@collabora.com>, Yunfei Dong <yunfei.dong@mediatek.com>, Irui Wang <irui.wang@mediatek.com> CC: <Project_Global_Chrome_Upstream_Group@mediatek.com>, <linux-media@vger.kernel.org>, <devicetree@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>, <linux-mediatek@lists.infradead.org>, Maoguang Meng <maoguang.meng@mediatek.com> Subject: [PATCH 2/2] media: mediatek: vcodec: Handle encoder vsi NULL pointer case Date: Tue, 26 Sep 2023 18:19:09 +0800 Message-ID: <20230926101909.15030-2-irui.wang@mediatek.com> In-Reply-To: <20230926101909.15030-1-irui.wang@mediatek.com> References: <20230926101909.15030-1-irui.wang@mediatek.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Sender: "Linux-mediatek" <linux-mediatek-bounces@lists.infradead.org> Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org
Series	[1/2] media: mediatek: vcodec: Fix encoder access NULL pointer \| expand [1/2] media: mediatek: vcodec: Fix encoder access NULL pointer [2/2] media: mediatek: vcodec: Handle encoder vsi NULL pointer case

Irui Wang Sept. 26, 2023, 10:19 a.m. UTC

There will be a kernel null pointer exception if 'vsi' is NULL, check
'vsi' is not NULL before assign it to encoder instance.

Signed-off-by: Irui Wang <irui.wang@mediatek.com>
---
 .../platform/mediatek/vcodec/encoder/venc/venc_h264_if.c     | 5 +++++
 .../platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c      | 5 +++++
 2 files changed, 10 insertions(+)

Hans Verkuil Oct. 2, 2023, 10:25 a.m. UTC | #1

On 26/09/2023 12:19, Irui Wang wrote:
> There will be a kernel null pointer exception if 'vsi' is NULL, check
> 'vsi' is not NULL before assign it to encoder instance.
> 
> Signed-off-by: Irui Wang <irui.wang@mediatek.com>

I see no Fixes tag, is that correct?

Is this a fix that needs to go to kernel 6.6? It's not clear how urgent this
is.

Regards,

	Hans

> ---
>  .../platform/mediatek/vcodec/encoder/venc/venc_h264_if.c     | 5 +++++
>  .../platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c      | 5 +++++
>  2 files changed, 10 insertions(+)
> 
> diff --git a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c
> index a68dac72c4e4..385bcc0d14f3 100644
> --- a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c
> +++ b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c
> @@ -597,6 +597,11 @@ static int h264_enc_init(struct mtk_vcodec_enc_ctx *ctx)
>  	inst->hw_base = mtk_vcodec_get_reg_addr(inst->ctx->dev->reg_base, VENC_SYS);
>  
>  	ret = vpu_enc_init(&inst->vpu_inst);
> +	if (!inst->vpu_inst.vsi) {
> +		mtk_venc_err(ctx, "share buffer is NULL");
> +		kfree(inst);
> +		return -EFAULT;
> +	}
>  
>  	if (MTK_ENC_IOVA_IS_34BIT(ctx))
>  		inst->vsi_34 = (struct venc_h264_vsi_34 *)inst->vpu_inst.vsi;
> diff --git a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c
> index 05abca91e742..23ca0d93324f 100644
> --- a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c
> +++ b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c
> @@ -326,6 +326,11 @@ static int vp8_enc_init(struct mtk_vcodec_enc_ctx *ctx)
>  	inst->hw_base = mtk_vcodec_get_reg_addr(inst->ctx->dev->reg_base, VENC_LT_SYS);
>  
>  	ret = vpu_enc_init(&inst->vpu_inst);
> +	if (!inst->vpu_inst.vsi) {
> +		mtk_venc_err(ctx, "share buffer is NULL");
> +		kfree(inst);
> +		return -EFAULT;
> +	}
>  
>  	inst->vsi = (struct venc_vp8_vsi *)inst->vpu_inst.vsi;
>

AngeloGioacchino Del Regno Oct. 2, 2023, 10:48 a.m. UTC | #2

Il 26/09/23 12:19, Irui Wang ha scritto:
> There will be a kernel null pointer exception if 'vsi' is NULL, check
> 'vsi' is not NULL before assign it to encoder instance.
> 
> Signed-off-by: Irui Wang <irui.wang@mediatek.com>

Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>

AngeloGioacchino Del Regno Oct. 2, 2023, 11:34 a.m. UTC | #3

Il 02/10/23 12:48, AngeloGioacchino Del Regno ha scritto:
> Il 26/09/23 12:19, Irui Wang ha scritto:
>> There will be a kernel null pointer exception if 'vsi' is NULL, check
>> 'vsi' is not NULL before assign it to encoder instance.
>>
>> Signed-off-by: Irui Wang <irui.wang@mediatek.com>
> 
> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
> 

Sorry I just noticed that there's no Fixes tag.

This commit needs a Fixes tag, please add one and send a v2.

Hans Verkuil Oct. 5, 2023, 8:43 a.m. UTC | #4

On 26/09/2023 12:19, Irui Wang wrote:
> There will be a kernel null pointer exception if 'vsi' is NULL, check
> 'vsi' is not NULL before assign it to encoder instance.
> 
> Signed-off-by: Irui Wang <irui.wang@mediatek.com>
> ---
>  .../platform/mediatek/vcodec/encoder/venc/venc_h264_if.c     | 5 +++++
>  .../platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c      | 5 +++++
>  2 files changed, 10 insertions(+)
> 
> diff --git a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c
> index a68dac72c4e4..385bcc0d14f3 100644
> --- a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c
> +++ b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c
> @@ -597,6 +597,11 @@ static int h264_enc_init(struct mtk_vcodec_enc_ctx *ctx)
>  	inst->hw_base = mtk_vcodec_get_reg_addr(inst->ctx->dev->reg_base, VENC_SYS);
>  
>  	ret = vpu_enc_init(&inst->vpu_inst);
> +	if (!inst->vpu_inst.vsi) {
> +		mtk_venc_err(ctx, "share buffer is NULL");
> +		kfree(inst);
> +		return -EFAULT;
> +	}

Shouldn't this check be done in vpu_enc_init?

It looks weird that a function can return 0, but there is still an
error that needs to be checked manually afterwards.

Regards,

	Hans

>  
>  	if (MTK_ENC_IOVA_IS_34BIT(ctx))
>  		inst->vsi_34 = (struct venc_h264_vsi_34 *)inst->vpu_inst.vsi;
> diff --git a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c
> index 05abca91e742..23ca0d93324f 100644
> --- a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c
> +++ b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c
> @@ -326,6 +326,11 @@ static int vp8_enc_init(struct mtk_vcodec_enc_ctx *ctx)
>  	inst->hw_base = mtk_vcodec_get_reg_addr(inst->ctx->dev->reg_base, VENC_LT_SYS);
>  
>  	ret = vpu_enc_init(&inst->vpu_inst);
> +	if (!inst->vpu_inst.vsi) {
> +		mtk_venc_err(ctx, "share buffer is NULL");
> +		kfree(inst);
> +		return -EFAULT;
> +	}
>  
>  	inst->vsi = (struct venc_vp8_vsi *)inst->vpu_inst.vsi;
>

Irui Wang Oct. 7, 2023, 6:16 a.m. UTC | #5

Dear Angelo, Hans,

Thanks for your reviewing.

I will send patch v2 with Fix tag...
....

On Thu, 2023-10-05 at 10:43 +0200, Hans Verkuil wrote:
>  	 
> External email : Please do not click links or open attachments until
> you have verified the sender or the content.
>  On 26/09/2023 12:19, Irui Wang wrote:
> > There will be a kernel null pointer exception if 'vsi' is NULL,
> check
> > 'vsi' is not NULL before assign it to encoder instance.
> > 
> > Signed-off-by: Irui Wang <irui.wang@mediatek.com>
> > ---
> >  .../platform/mediatek/vcodec/encoder/venc/venc_h264_if.c     | 5
> +++++
> >  .../platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c      | 5
> +++++
> >  2 files changed, 10 insertions(+)
> > 
> > diff --git
> a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c
> b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c
> > index a68dac72c4e4..385bcc0d14f3 100644
> > ---
> a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c
> > +++
> b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c
> > @@ -597,6 +597,11 @@ static int h264_enc_init(struct
> mtk_vcodec_enc_ctx *ctx)
> >  inst->hw_base = mtk_vcodec_get_reg_addr(inst->ctx->dev->reg_base,
> VENC_SYS);
> >  
> >  ret = vpu_enc_init(&inst->vpu_inst);
> > +if (!inst->vpu_inst.vsi) {
> > +mtk_venc_err(ctx, "share buffer is NULL");
> > +kfree(inst);
> > +return -EFAULT;
> > +}
> 
> Shouldn't this check be done in vpu_enc_init?
> It looks weird that a function can return 0, but there is still an
> error that needs to be checked manually afterwards.
> 
> Regards,
> 
> Hans
Also, this check will move into vpu_enc_init.

Best Regards
> 
> >  
> >  if (MTK_ENC_IOVA_IS_34BIT(ctx))
> >  inst->vsi_34 = (struct venc_h264_vsi_34 *)inst->vpu_inst.vsi;
> > diff --git
> a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c
> b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c
> > index 05abca91e742..23ca0d93324f 100644
> > ---
> a/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c
> > +++
> b/drivers/media/platform/mediatek/vcodec/encoder/venc/venc_vp8_if.c
> > @@ -326,6 +326,11 @@ static int vp8_enc_init(struct
> mtk_vcodec_enc_ctx *ctx)
> >  inst->hw_base = mtk_vcodec_get_reg_addr(inst->ctx->dev->reg_base,
> VENC_LT_SYS);
> >  
> >  ret = vpu_enc_init(&inst->vpu_inst);
> > +if (!inst->vpu_inst.vsi) {
> > +mtk_venc_err(ctx, "share buffer is NULL");
> > +kfree(inst);
> > +return -EFAULT;
> > +}
> >  
> >  inst->vsi = (struct venc_vp8_vsi *)inst->vpu_inst.vsi;
> >  
>

[2/2] media: mediatek: vcodec: Handle encoder vsi NULL pointer case

Commit Message

Comments

Patch