nv-tegra-mirror/linux-nv-oot
1
0
Fork 0
mirror of git://nv-tegra.nvidia.com/linux-nv-oot.git synced 2025-12-22 09:11:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

nvsciipc.c: Fix CWE violations

Browse Source 
- EXP39-C

Jira NVIPC-3397

Change-Id: Ic4be52a1032ec729442368a96af5cb8b75b99330
Signed-off-by: Jeungwoo Yoo <jeungwooy@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3334619
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: svcacv <svcacv@nvidia.com>
Reviewed-by: Joshua Cha <joshuac@nvidia.com>
Reviewed-by: Simon Je <sje@nvidia.com>
This commit is contained in:
Jeungwoo Yoo
2025-04-07 02:53:40 +00:00
committed by Jon Hunter
parent 3ad90175d1
commit 89df3ba53b
1 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
drivers/misc/nvsciipc/nvsciipc.c
View File

@@ -314,6 +314,8 @@ static int nvsciipc_ioctl_get_db_by_idx(struct nvsciipc *ctx, unsigned int cmd,
unsigned long arg)
{
struct nvsciipc_get_db_by_idx get_db;
struct cred const *cred = get_current_cred();
uid_t const uid = cred->uid.val;
if ((ctx->num_eps == 0) || (ctx->set_db_f != true)) {
ERR("%s[%d] need to set endpoint database first\n", __func__,
@@ -322,16 +324,13 @@ static int nvsciipc_ioctl_get_db_by_idx(struct nvsciipc *ctx, unsigned int cmd,
}
#if defined(CONFIG_ANDROID) || defined(CONFIG_TEGRA_SYSTEM_TYPE_ACK)
if ((current_cred()->uid.val != SYSTEM_GID) &&
(current_cred()->uid.val != 0) &&
(current_cred()->uid.val != s_nvsciipc_uid)) {
if ((uid != SYSTEM_GID) && (uid != 0) && (uid != s_nvsciipc_uid)) {
ERR("no permission to set db\n");
return -EPERM;
}
#else
/* check root or nvsciipc user */
if ((current_cred()->uid.val != 0) &&
(current_cred()->uid.val != s_nvsciipc_uid)) {
if ((uid != 0) && (uid != s_nvsciipc_uid)) {
ERR("no permission to set db\n");
return -EPERM;
}
@@ -589,12 +588,14 @@ static int nvsciipc_ioctl_get_vuid(struct nvsciipc *ctx, unsigned int cmd,
NVSCIIPC_MAX_EP_NAME)) {
// FIXME: consider android
#if !defined(CONFIG_ANDROID) && !defined(CONFIG_TEGRA_SYSTEM_TYPE_ACK)
struct cred const *cred = get_current_cred();
uid_t const uid = cred->uid.val;
/* Authenticate the client process with valid UID */
if ((ctx->db[i]->uid != 0xFFFFFFFF) &&
(current_cred()->uid.val != 0) &&
(current_cred()->uid.val != ctx->db[i]->uid)) {
(uid != 0) && (uid != ctx->db[i]->uid)) {
ERR("%s[Client_UID = %d] : Unauthorized access to endpoint\n",
__func__, current_cred()->uid.val);
__func__, uid);
return -EPERM;
}
#endif /* !CONFIG_ANDROID && !CONFIG_TEGRA_SYSTEM_TYPE_ACK */