nvsciipc.c: Fix CWE violations

- EXP39-C Jira NVIPC-3397 Change-Id: Ic4be52a1032ec729442368a96af5cb8b75b99330 Signed-off-by: Jeungwoo Yoo <jeungwooy@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3334619 GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com> Reviewed-by: svcacv <svcacv@nvidia.com> Reviewed-by: Joshua Cha <joshuac@nvidia.com> Reviewed-by: Simon Je <sje@nvidia.com>
2025-12-22 09:11:26 +03:00 · 2025-04-07 02:53:40 +00:00
parent 3ad90175d1
commit 89df3ba53b
1 changed files with 9 additions and 8 deletions
--- a/drivers/misc/nvsciipc/nvsciipc.c
+++ b/drivers/misc/nvsciipc/nvsciipc.c
@@ -314,6 +314,8 @@ static int nvsciipc_ioctl_get_db_by_idx(struct nvsciipc *ctx, unsigned int cmd,
 	unsigned long arg)
 {
 	struct nvsciipc_get_db_by_idx get_db;
 	struct cred const *cred = get_current_cred();
 	uid_t const uid = cred->uid.val;
 	if ((ctx->num_eps == 0) || (ctx->set_db_f != true)) {
 		ERR("%s[%d] need to set endpoint database first\n", __func__,
@@ -322,16 +324,13 @@ static int nvsciipc_ioctl_get_db_by_idx(struct nvsciipc *ctx, unsigned int cmd,
 	}
 #if defined(CONFIG_ANDROID) || defined(CONFIG_TEGRA_SYSTEM_TYPE_ACK)
-	if ((current_cred()->uid.val != SYSTEM_GID) &&
+	if ((uid != SYSTEM_GID) && (uid != 0) && (uid != s_nvsciipc_uid)) {
 	    (current_cred()->uid.val != 0) &&
 	    (current_cred()->uid.val != s_nvsciipc_uid)) {
 		ERR("no permission to set db\n");
 		return -EPERM;
 	}
 #else
 	/* check root or nvsciipc user */
-	if ((current_cred()->uid.val != 0) &&
+	if ((uid != 0) && (uid != s_nvsciipc_uid)) {
 	    (current_cred()->uid.val != s_nvsciipc_uid)) {
 		ERR("no permission to set db\n");
 		return -EPERM;
 	}
@@ -589,12 +588,14 @@ static int nvsciipc_ioctl_get_vuid(struct nvsciipc *ctx, unsigned int cmd,
 			NVSCIIPC_MAX_EP_NAME)) {
 // FIXME: consider android
 #if !defined(CONFIG_ANDROID) && !defined(CONFIG_TEGRA_SYSTEM_TYPE_ACK)
 			struct cred const *cred = get_current_cred();
 			uid_t const uid = cred->uid.val;
 			/* Authenticate the client process with valid UID */
 			if ((ctx->db[i]->uid != 0xFFFFFFFF) &&
-			    (current_cred()->uid.val != 0) &&
+			    (uid != 0) && (uid != ctx->db[i]->uid)) {
 			    (current_cred()->uid.val != ctx->db[i]->uid)) {
 				ERR("%s[Client_UID = %d] : Unauthorized access to endpoint\n",
-					__func__, current_cred()->uid.val);
+					__func__, uid);
 				return -EPERM;
 			}
 #endif /* !CONFIG_ANDROID && !CONFIG_TEGRA_SYSTEM_TYPE_ACK */