nv-tegra-mirror/linux-nv-oot
1
0
Fork 0
mirror of git://nv-tegra.nvidia.com/linux-nv-oot.git synced 2025-12-24 10:11:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

video: tegra: nvmap: Add checks for input flags

Browse Source 
In order to serve MEMSERV70-REQ-670 requirement, which makes validation
checks mandatory for input flowing across execution boundary. Hence add
checks for input flags in nvmap and make sure the execution does not
proceed if flag other than read or write is provided in handle
duplication, creating sciipc id or during handle creation from sciipc id
even though the checks are present at libnvrm_mem layer.

JIRA TMM-5962

Change-Id: I1fc6ce6ec4435c50220d4e49a08de50320a8f574
Signed-off-by: Ketan Patil <ketanp@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3295201
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Pritesh Raithatha <praithatha@nvidia.com>
Reviewed-by: svcacv <svcacv@nvidia.com>
This commit is contained in:
Ketan Patil
2025-02-03 10:18:38 +00:00
committed by Jon Hunter
parent ebe01a47a3
commit 73f74915ee
1 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
drivers/video/tegra/nvmap/nvmap_ioctl.c
View File

@@ -999,6 +999,11 @@ int nvmap_ioctl_get_sci_ipc_id(struct file *filp, void __user *arg)
if (copy_from_user(&op, arg, sizeof(op)))
return -EFAULT;
if ((op.flags & (PROT_READ | PROT_WRITE)) == 0) {
pr_err("Invalid input flags\n");
return -EINVAL;
}
handle = nvmap_handle_get_from_id(client, op.handle);
if (IS_ERR_OR_NULL(handle))
return -ENODEV;
@@ -1062,6 +1067,11 @@ int nvmap_ioctl_handle_from_sci_ipc_id(struct file *filp, void __user *arg)
goto exit;
}
if ((op.flags & (PROT_READ | PROT_WRITE)) == 0) {
pr_err("Invalid input flags\n");
return -EINVAL;
}
ret = nvmap_validate_sci_ipc_params(client, op.auth_token,
&pr_vuid, &lclu_vuid);
if (ret)
@@ -1151,18 +1161,23 @@ int nvmap_ioctl_dup_handle(struct file *filp, void __user *arg)
}
#endif /* NVMAP_CONFIG_ENABLE_FOREIGN_BUFFER && NVMAP_CONFIG_HANDLE_AS_ID */
if ((op.access_flags & (PROT_READ | PROT_WRITE)) == 0) {
pr_err("Invalid input flags\n");
return -EINVAL;
}
if (is_nvmap_id_ro(client, op.handle, &is_ro) != 0) {
pr_err("Handle ID RO check failed\n");
return -EINVAL;
}
/* Don't allow duplicating RW handle from RO handle */
if (is_ro && op.access_flags != NVMAP_HANDLE_RO) {
if (is_ro && op.access_flags != PROT_READ) {
pr_err("Duplicating RW handle from RO handle is not allowed\n");
return -EPERM;
}
is_ro = (op.access_flags == NVMAP_HANDLE_RO);
is_ro = (op.access_flags == PROT_READ);
if (!is_ro)
ref = nvmap_create_handle_from_id(client, op.handle);
else