From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: Vikash Garodia <quic_vgarodia@quicinc.com>,
stanimir.k.varbanov@gmail.com, agross@kernel.org,
andersson@kernel.org, konrad.dybcio@linaro.org,
mchehab@kernel.org, hans.verkuil@cisco.com, tfiga@chromium.org
Cc: linux-media@vger.kernel.org, linux-arm-msm@vger.kernel.org,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH v2 4/4] venus: hfi_parser: Add check to keep the number of codecs within range
Date: Tue, 29 Aug 2023 12:59:00 +0100 [thread overview]
Message-ID: <6ecbd88a-150f-d40e-22bf-4fda921fc483@linaro.org> (raw)
In-Reply-To: <9391ae4e-afbd-ef52-12dc-7f8875216c85@quicinc.com>
On 29/08/2023 09:00, Vikash Garodia wrote:
> Hi Bryan,
>
> On 8/14/2023 7:45 PM, Bryan O'Donoghue wrote:
>> On 14/08/2023 07:34, Vikash Garodia wrote:
>>>> We have two loops that check for up to 32 indexes per loop. Why not have a
>>>> capabilities index that can accommodate all 64 bits ?
>>> Max codecs supported can be 32, which is also a very high number. At max the
>>> hardware supports 5-6 codecs, including both decoder and encoder. 64 indices is
>>> would not be needed.
>>>
>>
>> But the bug you are fixing here is an overflow where we have received a full
>> range 32 bit for each decode and encode.
>>
>> How is the right fix not to extend the storage to the maximum possible 2 x 32 ?
>> Or indeed why not constrain the input data to 32/2 for each encode/decode path ?
> At this point, we agree that there is very less or no possibility to have this
> as a real usecase i.e having 64 (or more than 32) codecs supported in video
> hardware. There seem to be no value add if we are extending the cap array from
> 32 to 64, as anything beyond 32 itself indicates rogue firmware. The idea here
> is to gracefully come out of such case when firmware is responding with such
> data payload.
> Again, lets think of constraining the data to 32/2. We have 2 32 bit masks for
> decoder and encoder. Malfunctioning firmware could still send payload with all
> bits enabled in those masks. Then the driver needs to add same check to avoid
> the memcpy in such case.
>
>> The bug here is that we can copy two arrays of size X into one array of size X.
>>
>> Please consider expanding the size of the storage array to accommodate the full
>> size the protocol supports 2 x 32.
> I see this as an alternate implementation to existing handling. 64 index would
> never exist practically, so accommodating it only implies to store the data for
> invalid response and gracefully close the session.
What's the contractual definition of "this many bits per encoder and
decoder" between firmware and APSS in that case ?
Where do we get the idea that 32/2 per encoder/decoder is valid but 32
per encoder decoder is invalid ?
At this moment in time 16 encoder/decoder bits would be equally invalid.
I suggest the right answer is to buffer the protocol data unit - PDU
maximum as an RX or constrain the maximum number of encoder/decoder bits
based on HFI version.
ie.
- Either constrain on the PDU or
- Constrain on the known number of maximum bits per f/w version
---
bod
next prev parent reply other threads:[~2023-08-29 11:59 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-10 2:25 [PATCH v2 0/4] Venus driver fixes to avoid possible OOB accesses Vikash Garodia
2023-08-10 2:25 ` [PATCH v2 1/4] venus: hfi: add checks to perform sanity on queue pointers Vikash Garodia
2023-08-10 11:24 ` Bryan O'Donoghue
2023-08-11 5:46 ` Vikash Garodia
2023-08-10 2:25 ` [PATCH v2 2/4] venus: hfi: fix the check to handle session buffer requirement Vikash Garodia
2023-08-10 11:26 ` Bryan O'Donoghue
2023-08-10 2:25 ` [PATCH v2 3/4] venus: hfi: add checks to handle capabilities from firmware Vikash Garodia
2023-08-10 11:31 ` Bryan O'Donoghue
2023-08-11 5:54 ` Vikash Garodia
2023-08-11 8:41 ` Bryan O'Donoghue
2023-08-11 8:51 ` Vikash Garodia
2023-08-11 10:39 ` Bryan O'Donoghue
2023-08-11 16:10 ` Vikash Garodia
2023-08-10 2:25 ` [PATCH v2 4/4] venus: hfi_parser: Add check to keep the number of codecs within range Vikash Garodia
2023-08-10 11:33 ` Bryan O'Donoghue
2023-08-11 6:04 ` Vikash Garodia
2023-08-11 8:42 ` Bryan O'Donoghue
2023-08-11 8:49 ` Vikash Garodia
2023-08-11 10:41 ` Bryan O'Donoghue
2023-08-11 16:02 ` Vikash Garodia
2023-08-11 18:51 ` Bryan O'Donoghue
2023-08-14 6:34 ` Vikash Garodia
2023-08-14 14:15 ` Bryan O'Donoghue
2023-08-29 8:00 ` Vikash Garodia
2023-08-29 11:59 ` Bryan O'Donoghue [this message]
2023-08-29 14:06 ` Vikash Garodia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6ecbd88a-150f-d40e-22bf-4fda921fc483@linaro.org \
--to=bryan.odonoghue@linaro.org \
--cc=agross@kernel.org \
--cc=andersson@kernel.org \
--cc=hans.verkuil@cisco.com \
--cc=konrad.dybcio@linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=quic_vgarodia@quicinc.com \
--cc=stable@vger.kernel.org \
--cc=stanimir.k.varbanov@gmail.com \
--cc=tfiga@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).