[PATCH v4 0/2] venus driver fixes for vulnerabilities due to unexpected firmware payload

[Dikshita Agarwal]

This series primarily adds check at relevant places in venus driver
where there are possible OOB accesses due to unexpected payload
from venus firmware. The patches describes the specific OOB possibility.

Changes in v4:
- Add validation check after memcpy (Vikash, Bryan)
- Link to v3: https://lore.kernel.org/r/20250514-venus-fixes-v3-0-32298566011f@xxxxxxxxxxx

Changes in v3:
- Add check for validating the size instead of forcefully updating it (Bryan)
- Reduce duplication of code while handling sequence change event (Vikash)
- Update the inst->error for failure case instead of slienly breaking (Bryan)
- Link to v2: https://lore.kernel.org/lkml/20250215-venus-security-fixes-v2-0-cfc7e4b87168@xxxxxxxxxxx/

Changes in v2:
- Decompose sequence change event function. 
- Fix repopulating the packet .with the first read during read_queue.
- Link to v1: https://lore.kernel.org/r/20250104-venus-security-fixes-v1-0-9d0dd4594cb4@xxxxxxxxxxx

Signed-off-by: Dikshita Agarwal <quic_dikshita@xxxxxxxxxxx>
---
Vedang Nagar (2):
      media: venus: Add a check for packet size after reading from shared memory
      media: venus: Fix OOB read due to missing payload bound check

 drivers/media/platform/qcom/venus/hfi_msgs.c  | 83 +++++++++++++++++++--------
 drivers/media/platform/qcom/venus/hfi_venus.c |  4 ++
 2 files changed, 62 insertions(+), 25 deletions(-)
---
base-commit: b64b134942c8cf4801ea288b3fd38b509aedec21
change-id: 20250514-venus-fixes-8d93bccd9b9d

Best regards,
-- 
Dikshita Agarwal <quic_dikshita@xxxxxxxxxxx>