From: Fullway Wang fullwaywang@outlook.com
[ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@P... Signed-off-by: Fullway Wang fullwaywang@outlook.com Signed-off-by: Mauro Carvalho Chehab mchehab@kernel.org Signed-off-by: Jianqi Ren jianqi.ren.cn@windriver.com --- drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c index d8e66b645bd8..27f08b1d34d1 100644 --- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c +++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c @@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev) }
fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL); + if (!fw) + return ERR_PTR(-ENOMEM); fw->type = SCP; fw->ops = &mtk_vcodec_rproc_msg; fw->scp = scp;
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: 53dbe08504442dc7ba4865c09b3bbf5fe849681b
WARNING: Author mismatch between patch and upstream commit: Backport author: jianqi.ren.cn@windriver.com Commit author: Fullway Wang fullwaywang@outlook.com
Status in newer kernel trees: 6.12.y | Present (exact SHA1) 6.6.y | Present (different SHA1: f066882293b5) 6.1.y | Not found
Note: The patch differs from the upstream commit: --- 1: 53dbe08504442 ! 1: 27bb87502a715 media: mtk-vcodec: potential null pointer deference in SCP @@ Metadata ## Commit message ## media: mtk-vcodec: potential null pointer deference in SCP
+ [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ] + The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@P... Signed-off-by: Fullway Wang fullwaywang@outlook.com Signed-off-by: Mauro Carvalho Chehab mchehab@kernel.org + Signed-off-by: Jianqi Ren jianqi.ren.cn@windriver.com
- ## drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c ## -@@ drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use + ## drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c ## +@@ drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c: struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev) }
- fw = devm_kzalloc(&plat_dev->dev, sizeof(*fw), GFP_KERNEL); + fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL); + if (!fw) + return ERR_PTR(-ENOMEM); fw->type = SCP; ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.1.y | Success | Success |
On Fri, Dec 06, 2024 at 05:16:57PM +0800, jianqi.ren.cn@windriver.com wrote:
From: Fullway Wang fullwaywang@outlook.com
[ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
Please cc: all relevant people on backports.
linux-stable-mirror@lists.linaro.org
-
Greg KH -
jianqi.ren.cn@windriver.com -
Sasha Levin