From d4def4008d4c34f2a259b4b319368a4119573a58 Mon Sep 17 00:00:00 2001 From: Janardhan Reddy Date: Tue, 15 Apr 2025 04:37:56 +0000 Subject: [PATCH] nvscic2c-pcie: Fix Top25 CWE CERT-C violations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix total 8 Top-25 CWE violations of below CERT-C rules: 1) CERT STR07-C - 4 cert_str07_c_violation: Using unsafe interface strcpy instead of strcpy_s for string manipulation. 2) CERT EXP34-C, FORWARD_NULL - 2 var_compare_op: Comparing drv_ctx to null implies that drv_ctx might be null. cert_exp34_c_violation: Dereferencing null pointer drv_ctx. 3) CERT INT30-C, CERT INT08-C - 2 cert_int30_c_violation: Unsigned integer operation (*msg).data - 7U may wrap. Bug 5238880 Change-Id: I481f61f5c96407f90da51f9878ff55cbb61b1699 Signed-off-by: Janardhan Reddy Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3340682 GVS: buildbot_gerritrpt Reviewed-by: Sumeet Gupta Reviewed-by: Deepak Kumar Badgaiyan Reviewed-by: svcacv --- drivers/misc/nvscic2c-pcie/dt.c | 9 +++++++-- drivers/misc/nvscic2c-pcie/endpoint.c | 13 +++++++++++-- drivers/misc/nvscic2c-pcie/epf/module.c | 13 ++++++++++--- drivers/misc/nvscic2c-pcie/iova-mngr.c | 8 +++++++- 4 files changed, 35 insertions(+), 8 deletions(-) diff --git a/drivers/misc/nvscic2c-pcie/dt.c b/drivers/misc/nvscic2c-pcie/dt.c index 3c987fac..8c7833cc 100644 --- a/drivers/misc/nvscic2c-pcie/dt.c +++ b/drivers/misc/nvscic2c-pcie/dt.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only /* - * SPDX-FileCopyrightText: Copyright (c) 2022-2024, NVIDIA CORPORATION & AFFILIATES. + * SPDX-FileCopyrightText: Copyright (c) 2022-2025, NVIDIA CORPORATION & AFFILIATES. * All rights reserved. */ @@ -498,6 +498,7 @@ static int parse_endpoint_db(struct driver_param_t *drv_param) { int ret = 0; + int retval = 0; u8 nr_endpoint = 0; struct device_node *np = NULL; @@ -562,7 +563,11 @@ parse_endpoint_db(struct driver_param_t *drv_param) name, (NAME_MAX - 1)); break; } - strcpy(ep_prop->name, name); + retval = snprintf(ep_prop->name, NAME_MAX, "%s", name); + if (retval < 0) { + ret = -EINVAL; + break; + } /* parse number of frames.*/ ret = tokenize_u8(&inp, ",", base, &ep_prop->nframes); diff --git a/drivers/misc/nvscic2c-pcie/endpoint.c b/drivers/misc/nvscic2c-pcie/endpoint.c index 6bb03aa7..4331b2d9 100644 --- a/drivers/misc/nvscic2c-pcie/endpoint.c +++ b/drivers/misc/nvscic2c-pcie/endpoint.c @@ -1050,6 +1050,7 @@ endpoints_setup(struct driver_ctx_t *drv_ctx, void **endpoints_h) { u16 i = 0; int ret = 0; + int retval = 0; struct endpoint_t *endpoint = NULL; struct endpoint_prop_t *ep_prop = NULL; struct endpoint_drv_ctx_t *eps_ctx = NULL; @@ -1073,7 +1074,11 @@ endpoints_setup(struct driver_ctx_t *drv_ctx, void **endpoints_h) eps_ctx->nr_endpoint = drv_ctx->drv_param.nr_endpoint; eps_ctx->of_node = drv_ctx->drv_param.of_node; - strcpy(eps_ctx->drv_name, drv_ctx->drv_name); + retval = snprintf(eps_ctx->drv_name, NAME_MAX, "%s", drv_ctx->drv_name); + if (retval < 0) { + ret = -EINVAL; + goto err; + } init_waitqueue_head(&eps_ctx->eps_close_waitq); /* allocate the whole chardev range */ @@ -1108,7 +1113,11 @@ endpoints_setup(struct driver_ctx_t *drv_ctx, void **endpoints_h) stream_ext_params = &endpoint->stream_ext_params; /* copy the parameters from nvscic2c-pcie driver ctx.*/ - strcpy(endpoint->name, ep_prop->name); + retval = snprintf(endpoint->name, NAME_MAX, "%s", ep_prop->name); + if (retval < 0) { + ret = -EINVAL; + goto err; + } endpoint->chip_id = drv_ctx->chip_id; endpoint->minor = ep_prop->id; endpoint->nframes = ep_prop->nframes; diff --git a/drivers/misc/nvscic2c-pcie/epf/module.c b/drivers/misc/nvscic2c-pcie/epf/module.c index cd448ca0..25df0043 100644 --- a/drivers/misc/nvscic2c-pcie/epf/module.c +++ b/drivers/misc/nvscic2c-pcie/epf/module.c @@ -54,6 +54,8 @@ static const struct pci_epf_device_id nvscic2c_pcie_epf_ids[] = { }; #if defined(NV_PLATFORM_MSI_DOMAIN_ALLOC_IRQS_PRESENT) +#define MSI_MSG_DATA_OFFSET \ + ((TEGRA264_PCIE_DMA_MSI_REMOTE_VEC + 2) - TEGRA264_PCIE_DMA_MSI_LOCAL_VEC) static void nvscic2c_dma_epf_write_msi_msg(struct msi_desc *desc, struct msi_msg *msg) { @@ -65,8 +67,11 @@ nvscic2c_dma_epf_write_msi_msg(struct msi_desc *desc, struct msi_msg *msg) * First information received is for CRC MSI. So subtract the same to get base and * add WR local vector */ - msi_data = msg->data - (TEGRA264_PCIE_DMA_MSI_REMOTE_VEC + 2) + - TEGRA264_PCIE_DMA_MSI_LOCAL_VEC; + if (msg->data < MSI_MSG_DATA_OFFSET) { + pr_err("Invalid MSI MSG data\n"); + return; + } + msi_data = msg->data - MSI_MSG_DATA_OFFSET; } } #endif @@ -305,8 +310,10 @@ clear_inbound_translation(struct pci_epf *epf) struct pci_epf_bar *epf_bar = NULL; drv_ctx = epf_get_drvdata(epf); - if (!drv_ctx) + if (!drv_ctx) { pr_err("epf_get_drvdata() failed\n"); + return; + } epf_bar = &epf->bar[drv_ctx->bar]; pci_epc_clear_bar(epf->epc, epf->func_no, epf->vfunc_no, epf_bar); diff --git a/drivers/misc/nvscic2c-pcie/iova-mngr.c b/drivers/misc/nvscic2c-pcie/iova-mngr.c index 0887f683..3879dc3f 100644 --- a/drivers/misc/nvscic2c-pcie/iova-mngr.c +++ b/drivers/misc/nvscic2c-pcie/iova-mngr.c @@ -298,6 +298,7 @@ int iova_mngr_init(char *name, u64 base_address, size_t size, void **mngr_handle) { int ret = 0; + int retval = 0; struct block_t *block = NULL; struct mngr_ctx_t *ctx = NULL; @@ -328,7 +329,12 @@ iova_mngr_init(char *name, u64 base_address, size_t size, void **mngr_handle) pr_err("name: (%s) long, max char:(%u)\n", name, (NAME_MAX - 1)); goto err; } - strcpy(ctx->name, name); + retval = snprintf(ctx->name, NAME_MAX, "%s", name); + if (retval < 0) { + ret = -EINVAL; + goto err; + } + INIT_LIST_HEAD(ctx->reserved_list); INIT_LIST_HEAD(ctx->free_list); mutex_init(&ctx->lock);