From 454c782d5cc12fa7e71ce75a5ac7e3ae4d827db4 Mon Sep 17 00:00:00 2001
From: Joshua Cha <joshuac@nvidia.com>
Date: Sat, 29 Mar 2025 11:57:55 +0900
Subject: [PATCH] nvsciipc: add missing check routing in set db

add pointer check routine for set_db CMD.

JIRA NVIPC-3520

Change-Id: Ie9768ae839d88519013dfece97192d111acacbb2
Signed-off-by: Joshua Cha <joshuac@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3329729
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Jeungwoo Yoo <jeungwooy@nvidia.com>
Reviewed-by: svcacv <svcacv@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: Simon Je <sje@nvidia.com>
---
 drivers/misc/nvsciipc/nvsciipc.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/misc/nvsciipc/nvsciipc.c b/drivers/misc/nvsciipc/nvsciipc.c
index ca6f016a..08bad0d6 100644
--- a/drivers/misc/nvsciipc/nvsciipc.c
+++ b/drivers/misc/nvsciipc/nvsciipc.c
@@ -659,7 +659,7 @@ static int nvsciipc_ioctl_set_db(struct nvsciipc *ctx, unsigned int cmd,
 
 	if (!access_ok(user_db.entry, ctx->num_eps *
 		sizeof(struct nvsciipc_config_entry *))) {
-		ERR("invalid user-space pointer: %p\n", user_db.entry);
+		ERR("invalid user-space DB entry ptr: %p\n", user_db.entry);
 		ret = -EFAULT;
 		goto ptr_error;
 	}
@@ -703,6 +703,12 @@ static int nvsciipc_ioctl_set_db(struct nvsciipc *ctx, unsigned int cmd,
 			goto ptr_error;
 		}
 
+		if (!access_ok(entry_ptr[i], sizeof(struct nvsciipc_config_entry))) {
+			ERR("invalid user-space CFG entry ptr: %p\n", entry_ptr[i]);
+			ret = -EFAULT;
+			goto ptr_error;
+		}
+
 		ret = copy_from_user(ctx->db[i], (void __user *)entry_ptr[i],
 				sizeof(struct nvsciipc_config_entry));
 		if (ret < 0) {