From aadb82e121c2efd2e15534c6f7f54f65da153053 Mon Sep 17 00:00:00 2001
From: Yandong Lin <yandong.lin@rock-chips.com>
Date: Sun, 14 Nov 2021 11:30:47 +0800
Subject: [PATCH] video: rockchip: mpp: Fix out-of-bounds err

Rootcause: fmt_reg.class not initial

Error notes:

[  172.540549][ T4535] BUG: KFENCE: out-of-bounds read in rkvenc_alloc_task+0x494/0x6d8 [rk_vcodec]
[  172.540549][ T4535]
[  172.540565][ T4535] Out-of-bounds read at 0x000000002927f5b0 (768B right of kfence-#30):
[  172.540671][ T4535]  rkvenc_alloc_task+0x494/0x6d8 [rk_vcodec]
[  172.540775][ T4535]  mpp_process_task_default+0x38/0x210 [rk_vcodec]
[  172.540877][ T4535]  mpp_dev_ioctl+0x1e4/0x368 [rk_vcodec]
[  172.540895][ T4535]  __arm64_compat_sys_ioctl+0x10c/0x160
[  172.540912][ T4535]  el0_svc_common+0xa4/0x180
[  172.540925][ T4535]  do_el0_svc_compat+0x20/0x50
[  172.540941][ T4535]  el0_svc_compat+0x14/0x24
[  172.540955][ T4535]  el0_sync_compat_handler+0x7c/0xbc
[  172.540966][ T4535]  el0_sync_compat+0x1ac/0x1c0
[  172.540974][ T4535]
[  172.540987][ T4535] kfence-#30 [0x0000000027db494f-0x00000000574dca5f, size=92,cache=kmalloc-128] allocated by task 4535:
[  172.541100][ T4535]  kzalloc+0x18/0x28 [rk_vcodec]
[  172.541201][ T4535]  rkvenc_alloc_task+0x260/0x6d8 [rk_vcodec]
[  172.541301][ T4535]  mpp_process_task_default+0x38/0x210 [rk_vcodec]
[  172.541401][ T4535]  mpp_dev_ioctl+0x1e4/0x368 [rk_vcodec]
[  172.541414][ T4535]  __arm64_compat_sys_ioctl+0x10c/0x160
[  172.541428][ T4535]  el0_svc_common+0xa4/0x180
[  172.541441][ T4535]  do_el0_svc_compat+0x20/0x50
[  172.541455][ T4535]  el0_svc_compat+0x14/0x24
[  172.541468][ T4535]  el0_sync_compat_handler+0x7c/0xbc
[  172.541479][ T4535]  el0_sync_compat+0x1ac/0x1c0
[  172.541486][ T4535]
[  172.541499][ T4535] CPU: 5 PID: 4535 Comm: mpp_h264e_4534 Not tainted 5.10.43 #264
[  172.541509][ T4535] Hardware name: Rockchip RK3588 EVB1 LP4 V10 Board (DT)
[  172.541524][ T4535]

Signed-off-by: Yandong Lin <yandong.lin@rock-chips.com>
Change-Id: Ic1ffce5d5c4f5b65115f4a530e76383f6aa8f8d7
---
 drivers/video/rockchip/mpp/mpp_rkvenc2.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/video/rockchip/mpp/mpp_rkvenc2.c b/drivers/video/rockchip/mpp/mpp_rkvenc2.c
index 4de4c5d317f0..a2c7c3bf8aac 100644
--- a/drivers/video/rockchip/mpp/mpp_rkvenc2.c
+++ b/drivers/video/rockchip/mpp/mpp_rkvenc2.c
@@ -220,6 +220,7 @@ static struct rkvenc_hw_info rkvenc_v2_hw_info = {
 		.base_fmt = RKVENC_FMT_OSD_BASE,
 	},
 	.fmt_reg = {
+		.class = RKVENC_CLASS_PIC,
 		.base = 0x0300,
 		.bitpos = 0,
 		.bitlen = 1,