nv-tegra-mirror/linux-nv-oot
1
0
Fork 0
mirror of git://nv-tegra.nvidia.com/linux-nv-oot.git synced 2025-12-22 09:11:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

nvsciipc: add missing authentication

Browse Source 
added missing client authentication to ioctl func below.
nvsciipc_ioctl_get_db_by_idx()
nvsciipc_ioctl_get_vuid()

JRIA NVIPC-3513

Change-Id: I32c3c97ba1c5196ba5858d13393fada073527d2f
Signed-off-by: Joshua Cha <joshuac@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3324672
Reviewed-by: Simon Je <sje@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: svcacv <svcacv@nvidia.com>
Reviewed-by: Jeungwoo Yoo <jeungwooy@nvidia.com>
This commit is contained in:
Joshua Cha
2025-03-24 14:56:24 +09:00
committed by Jon Hunter
parent 8e90031cd8
commit 27a2c762f1
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
drivers/misc/nvsciipc/nvsciipc.c
View File

@@ -321,6 +321,22 @@ static int nvsciipc_ioctl_get_db_by_idx(struct nvsciipc *ctx, unsigned int cmd,
return -EPERM; return -EPERM;
} }
#if defined(CONFIG_ANDROID) || defined(CONFIG_TEGRA_SYSTEM_TYPE_ACK)
if ((current_cred()->uid.val != SYSTEM_GID) &&
(current_cred()->uid.val != 0) &&
(current_cred()->uid.val != s_nvsciipc_uid)) {
ERR("no permission to set db\n");
return -EPERM;
}
#else
/* check root or nvsciipc user */
if ((current_cred()->uid.val != 0) &&
(current_cred()->uid.val != s_nvsciipc_uid)) {
ERR("no permission to set db\n");
return -EPERM;
}
#endif /* CONFIG_ANDROID || CONFIG_TEGRA_SYSTEM_TYPE_ACK */
if (copy_from_user(&get_db, (void __user *)arg, _IOC_SIZE(cmd))) { if (copy_from_user(&get_db, (void __user *)arg, _IOC_SIZE(cmd))) {
ERR("%s : copy_from_user failed\n", __func__); ERR("%s : copy_from_user failed\n", __func__);
return -EFAULT; return -EFAULT;
@@ -565,6 +581,17 @@ static int nvsciipc_ioctl_get_vuid(struct nvsciipc *ctx, unsigned int cmd,
for (i = 0; i < ctx->num_eps; i++) { for (i = 0; i < ctx->num_eps; i++) {
if (!strncmp(get_vuid.ep_name, ctx->db[i]->ep_name, if (!strncmp(get_vuid.ep_name, ctx->db[i]->ep_name,
NVSCIIPC_MAX_EP_NAME)) { NVSCIIPC_MAX_EP_NAME)) {
// FIXME: consider android
#if !defined(CONFIG_ANDROID) && !defined(CONFIG_TEGRA_SYSTEM_TYPE_ACK)
/* Authenticate the client process with valid UID */
if ((ctx->db[i]->uid != 0xFFFFFFFF) &&
(current_cred()->uid.val != 0) &&
(current_cred()->uid.val != ctx->db[i]->uid)) {
ERR("%s[Client_UID = %d] : Unauthorized access to endpoint\n",
__func__, current_cred()->uid.val);
return -EPERM;
}
#endif /* !CONFIG_ANDROID && !CONFIG_TEGRA_SYSTEM_TYPE_ACK */
get_vuid.vuid = ctx->db[i]->vuid; get_vuid.vuid = ctx->db[i]->vuid;
break; break;
} }