lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20200112133421.31874-1-jonas@kwiboo.se>
Date:   Sun, 12 Jan 2020 13:34:24 +0000 (UTC)
From:   Jonas Karlman <jonas@...boo.se>
To:     Ezequiel Garcia <ezequiel@...labora.com>,
        Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
Cc:     Boris Brezillon <boris.brezillon@...labora.com>,
        Hans Verkuil <hverkuil-cisco@...all.nl>,
        linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
        Jonas Karlman <jonas@...boo.se>
Subject: [PATCH] media: hantro: fix post-processing NULL pointer dereference

The RK3399 variant does not have postproc_regs declared,
this can cause a NULL pointer dereference trying to decode:

[   89.331359] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000

[   89.352804] Call trace:
[   89.353191]  hantro_postproc_disable+0x20/0xe8 [hantro_vpu]
[   89.354056]  hantro_start_prepare_run+0x58/0x68 [hantro_vpu]
[   89.354923]  hantro_h264_dec_prepare_run+0x30/0x6f0 [hantro_vpu]
[   89.355846]  rk3399_vpu_h264_dec_run+0x1c/0x14a8 [hantro_vpu]
[   89.356748]  device_run+0xa4/0xb8 [hantro_vpu]

Fix this by adding a NULL check in hantro_postproc_enable/disable.

Fixes: 8c2d66b036c7 ("media: hantro: Support color conversion via post-processing")
Signed-off-by: Jonas Karlman <jonas@...boo.se>
---
 drivers/staging/media/hantro/hantro_postproc.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/staging/media/hantro/hantro_postproc.c b/drivers/staging/media/hantro/hantro_postproc.c
index b55730011d0c..28a85d301d7f 100644
--- a/drivers/staging/media/hantro/hantro_postproc.c
+++ b/drivers/staging/media/hantro/hantro_postproc.c
@@ -57,6 +57,9 @@ void hantro_postproc_enable(struct hantro_ctx *ctx)
 	u32 src_pp_fmt, dst_pp_fmt;
 	dma_addr_t dst_dma;
 
+	if (!vpu->variant->postproc_regs)
+		return;
+
 	/* Turn on pipeline mode. Must be done first. */
 	HANTRO_PP_REG_WRITE_S(vpu, pipeline_en, 0x1);
 
@@ -138,5 +141,8 @@ void hantro_postproc_disable(struct hantro_ctx *ctx)
 {
 	struct hantro_dev *vpu = ctx->dev;
 
+	if (!vpu->variant->postproc_regs)
+		return;
+
 	HANTRO_PP_REG_WRITE_S(vpu, pipeline_en, 0x0);
 }
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ