* [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
@ 2024-12-06 9:16 jianqi.ren.cn
2024-12-06 17:11 ` Sasha Levin
2024-12-11 8:15 ` Greg KH
0 siblings, 2 replies; 11+ messages in thread
From: jianqi.ren.cn @ 2024-12-06 9:16 UTC (permalink / raw)
To: fullwaywang, gregkh; +Cc: stable
From: Fullway Wang <fullwaywang@outlook.com>
[ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
---
drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
index d8e66b645bd8..27f08b1d34d1 100644
--- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
+++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
@@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
fw->ops = &mtk_vcodec_rproc_msg;
fw->scp = scp;
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
2024-12-06 9:16 jianqi.ren.cn
@ 2024-12-06 17:11 ` Sasha Levin
2024-12-11 8:15 ` Greg KH
1 sibling, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2024-12-06 17:11 UTC (permalink / raw)
To: stable; +Cc: jianqi.ren.cn, Sasha Levin
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: 53dbe08504442dc7ba4865c09b3bbf5fe849681b
WARNING: Author mismatch between patch and upstream commit:
Backport author: <jianqi.ren.cn@windriver.com>
Commit author: Fullway Wang <fullwaywang@outlook.com>
Status in newer kernel trees:
6.12.y | Present (exact SHA1)
6.6.y | Present (different SHA1: f066882293b5)
6.1.y | Not found
Note: The patch differs from the upstream commit:
---
1: 53dbe08504442 ! 1: 27bb87502a715 media: mtk-vcodec: potential null pointer deference in SCP
@@ Metadata
## Commit message ##
media: mtk-vcodec: potential null pointer deference in SCP
+ [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
+
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
+ Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
- ## drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c ##
-@@ drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use
+ ## drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c ##
+@@ drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
- fw = devm_kzalloc(&plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y | Success | Success |
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
@ 2024-12-09 6:54 jianqi.ren.cn
2024-12-09 14:35 ` Sasha Levin
0 siblings, 1 reply; 11+ messages in thread
From: jianqi.ren.cn @ 2024-12-09 6:54 UTC (permalink / raw)
To: fullwaywang, gregkh
Cc: stable, linux-kernel, tiffany.lin, andrew-ct.chen, yunfei.dong,
mchehab, matthias.bgg, linux-media, linux-arm-kernel,
linux-mediatek
From: Fullway Wang <fullwaywang@outlook.com>
[ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
---
drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
index d8e66b645bd8..27f08b1d34d1 100644
--- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
+++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
@@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
fw->ops = &mtk_vcodec_rproc_msg;
fw->scp = scp;
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
2024-12-09 6:54 jianqi.ren.cn
@ 2024-12-09 14:35 ` Sasha Levin
0 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2024-12-09 14:35 UTC (permalink / raw)
To: stable; +Cc: jianqi.ren.cn, Sasha Levin
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: 53dbe08504442dc7ba4865c09b3bbf5fe849681b
WARNING: Author mismatch between patch and upstream commit:
Backport author: <jianqi.ren.cn@windriver.com>
Commit author: Fullway Wang <fullwaywang@outlook.com>
Status in newer kernel trees:
6.12.y | Present (exact SHA1)
6.6.y | Present (different SHA1: f066882293b5)
6.1.y | Not found
Note: The patch differs from the upstream commit:
---
1: 53dbe08504442 ! 1: a7928268320f3 media: mtk-vcodec: potential null pointer deference in SCP
@@ Metadata
## Commit message ##
media: mtk-vcodec: potential null pointer deference in SCP
+ [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
+
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
+ Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
- ## drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c ##
-@@ drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use
+ ## drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c ##
+@@ drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
- fw = devm_kzalloc(&plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y | Success | Success |
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
2024-12-06 9:16 jianqi.ren.cn
2024-12-06 17:11 ` Sasha Levin
@ 2024-12-11 8:15 ` Greg KH
1 sibling, 0 replies; 11+ messages in thread
From: Greg KH @ 2024-12-11 8:15 UTC (permalink / raw)
To: jianqi.ren.cn; +Cc: fullwaywang, stable
On Fri, Dec 06, 2024 at 05:16:57PM +0800, jianqi.ren.cn@windriver.com wrote:
> From: Fullway Wang <fullwaywang@outlook.com>
>
> [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
Please cc: all relevant people on backports.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
@ 2024-12-11 10:02 jianqi.ren.cn
2024-12-11 16:32 ` Sasha Levin
0 siblings, 1 reply; 11+ messages in thread
From: jianqi.ren.cn @ 2024-12-11 10:02 UTC (permalink / raw)
To: fullwaywang, gregkh
Cc: patches, mchehab, stable, linux-kernel, tiffany.lin,
andrew-ct.chen, yunfei.dong, matthias.bgg, linux-media,
linux-arm-kernel, linux-mediatek
From: Fullway Wang <fullwaywang@outlook.com>
[ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
---
drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
index d8e66b645bd8..27f08b1d34d1 100644
--- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
+++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
@@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
fw->ops = &mtk_vcodec_rproc_msg;
fw->scp = scp;
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
2024-12-11 10:02 jianqi.ren.cn
@ 2024-12-11 16:32 ` Sasha Levin
0 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2024-12-11 16:32 UTC (permalink / raw)
To: stable; +Cc: jianqi.ren.cn, Sasha Levin
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: 53dbe08504442dc7ba4865c09b3bbf5fe849681b
WARNING: Author mismatch between patch and upstream commit:
Backport author: <jianqi.ren.cn@windriver.com>
Commit author: Fullway Wang <fullwaywang@outlook.com>
Status in newer kernel trees:
6.12.y | Present (exact SHA1)
6.6.y | Present (different SHA1: f066882293b5)
6.1.y | Not found
Note: The patch differs from the upstream commit:
---
1: 53dbe08504442 ! 1: bf4f75ffd6422 media: mtk-vcodec: potential null pointer deference in SCP
@@ Metadata
## Commit message ##
media: mtk-vcodec: potential null pointer deference in SCP
+ [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
+
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
+ Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
- ## drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c ##
-@@ drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use
+ ## drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c ##
+@@ drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
- fw = devm_kzalloc(&plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y | Success | Success |
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
@ 2025-01-24 4:06 Imkanmod Khan
2025-01-24 19:52 ` Sasha Levin
0 siblings, 1 reply; 11+ messages in thread
From: Imkanmod Khan @ 2025-01-24 4:06 UTC (permalink / raw)
To: stable
Cc: patches, mchehab, fullwaywang, gregkh, linux-kernel, tiffany.lin,
andrew-ct.chen, yunfei.dong, matthias.bgg, linux-media,
linux-arm-kernel, linux-mediatek, Imkanmod Khan
From: Fullway Wang <fullwaywang@outlook.com>
[ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
[ To fix CVE: CVE-2024-40973, modified the file path from drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c
to drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c and minor conflict resolution ]
Signed-off-by: Imkanmod Khan <imkanmodkhan@gmail.com>
---
drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
index d8e66b645bd8..27f08b1d34d1 100644
--- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
+++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
@@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
fw->ops = &mtk_vcodec_rproc_msg;
fw->scp = scp;
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
2025-01-24 4:06 [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP Imkanmod Khan
@ 2025-01-24 19:52 ` Sasha Levin
0 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2025-01-24 19:52 UTC (permalink / raw)
To: stable; +Cc: Imkanmod Khan, Sasha Levin
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: 53dbe08504442dc7ba4865c09b3bbf5fe849681b
WARNING: Author mismatch between patch and upstream commit:
Backport author: Imkanmod Khan<imkanmodkhan@gmail.com>
Commit author: Fullway Wang<fullwaywang@outlook.com>
Status in newer kernel trees:
6.12.y | Present (exact SHA1)
6.6.y | Present (different SHA1: f066882293b5)
6.1.y | Not found
Note: The patch differs from the upstream commit:
---
1: 53dbe08504442 ! 1: 992dd0827dc54 media: mtk-vcodec: potential null pointer deference in SCP
@@ Metadata
## Commit message ##
media: mtk-vcodec: potential null pointer deference in SCP
+ [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
+
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
+ [ To fix CVE: CVE-2024-40973, modified the file path from drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c
+ to drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c and minor conflict resolution ]
+ Signed-off-by: Imkanmod Khan <imkanmodkhan@gmail.com>
- ## drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c ##
-@@ drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use
+ ## drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c ##
+@@ drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
- fw = devm_kzalloc(&plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y | Success | Success |
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
@ 2025-02-25 3:08 jianqi.ren.cn
2025-02-25 16:13 ` Sasha Levin
0 siblings, 1 reply; 11+ messages in thread
From: jianqi.ren.cn @ 2025-02-25 3:08 UTC (permalink / raw)
To: stable
Cc: patches, mchehab, fullwaywang, gregkh, linux-kernel, tiffany.lin,
andrew-ct.chen, yunfei.dong, matthias.bgg, linux-media,
linux-arm-kernel, linux-mediatek
From: Fullway Wang <fullwaywang@outlook.com>
[ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
[ To fix CVE-2024-40973, change the file path from drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c
to drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c and minor conflict resolution ]
Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
Signed-off-by: He Zhe <zhe.he@windriver.com>
---
Verified the build test.
---
drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
index d8e66b645bd8..27f08b1d34d1 100644
--- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
+++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c
@@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
fw->ops = &mtk_vcodec_rproc_msg;
fw->scp = scp;
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP
2025-02-25 3:08 jianqi.ren.cn
@ 2025-02-25 16:13 ` Sasha Levin
0 siblings, 0 replies; 11+ messages in thread
From: Sasha Levin @ 2025-02-25 16:13 UTC (permalink / raw)
To: stable; +Cc: jianqi.ren.cn, Sasha Levin
[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected.
No action required from the submitter.
The upstream commit SHA1 provided is correct: 53dbe08504442dc7ba4865c09b3bbf5fe849681b
WARNING: Author mismatch between patch and upstream commit:
Backport author: <jianqi.ren.cn@windriver.com>
Commit author: Fullway Wang<fullwaywang@outlook.com>
Status in newer kernel trees:
6.13.y | Present (exact SHA1)
6.12.y | Present (exact SHA1)
6.6.y | Present (different SHA1: f066882293b5)
Note: The patch differs from the upstream commit:
---
1: 53dbe08504442 ! 1: ffdac10bd60ef media: mtk-vcodec: potential null pointer deference in SCP
@@ Metadata
## Commit message ##
media: mtk-vcodec: potential null pointer deference in SCP
+ [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
+
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@outlook.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
+ [ To fix CVE-2024-40973, change the file path from drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c
+ to drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c and minor conflict resolution ]
+ Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
+ Signed-off-by: He Zhe <zhe.he@windriver.com>
- ## drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c ##
-@@ drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use
+ ## drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c ##
+@@ drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
- fw = devm_kzalloc(&plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y | Success | Success |
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2025-02-25 16:13 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-24 4:06 [PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP Imkanmod Khan
2025-01-24 19:52 ` Sasha Levin
-- strict thread matches above, loose matches on Subject: below --
2025-02-25 3:08 jianqi.ren.cn
2025-02-25 16:13 ` Sasha Levin
2024-12-11 10:02 jianqi.ren.cn
2024-12-11 16:32 ` Sasha Levin
2024-12-09 6:54 jianqi.ren.cn
2024-12-09 14:35 ` Sasha Levin
2024-12-06 9:16 jianqi.ren.cn
2024-12-06 17:11 ` Sasha Levin
2024-12-11 8:15 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).