nvscic2c-pcie: Fix Top25 CWE CERT-C violations

Fix total 8 Top-25 CWE violations of below CERT-C rules: 1) CERT STR07-C - 4 cert_str07_c_violation: Using unsafe interface strcpy instead of strcpy_s for string manipulation. 2) CERT EXP34-C, FORWARD_NULL - 2 var_compare_op: Comparing drv_ctx to null implies that drv_ctx might be null. cert_exp34_c_violation: Dereferencing null pointer drv_ctx. 3) CERT INT30-C, CERT INT08-C - 2 cert_int30_c_violation: Unsigned integer operation (*msg).data - 7U may wrap. Bug 5238880 Change-Id: I481f61f5c96407f90da51f9878ff55cbb61b1699 Signed-off-by: Janardhan Reddy <jreddya@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3340682 GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com> Reviewed-by: Sumeet Gupta <sumeetg@nvidia.com> Reviewed-by: Deepak Kumar Badgaiyan <dbadgaiyan@nvidia.com> Reviewed-by: svcacv <svcacv@nvidia.com>
2025-12-22 17:25:35 +03:00 · 2025-04-15 04:37:56 +00:00
parent ebfb82a4c1
commit d4def4008d
4 changed files with 35 additions and 8 deletions
--- a/drivers/misc/nvscic2c-pcie/dt.c
+++ b/drivers/misc/nvscic2c-pcie/dt.c
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /*
- * SPDX-FileCopyrightText: Copyright (c) 2022-2024, NVIDIA CORPORATION & AFFILIATES.
+ * SPDX-FileCopyrightText: Copyright (c) 2022-2025, NVIDIA CORPORATION & AFFILIATES.
 * All rights reserved.
 */

@@ -498,6 +498,7 @@ static int
 parse_endpoint_db(struct driver_param_t *drv_param)
 {
 	int ret = 0;
+	int retval = 0;
 	u8 nr_endpoint = 0;
 	struct device_node *np = NULL;

@@ -562,7 +563,11 @@ parse_endpoint_db(struct driver_param_t *drv_param)
 				       name, (NAME_MAX - 1));
 				break;
 			}
-			strcpy(ep_prop->name, name);
+			retval = snprintf(ep_prop->name, NAME_MAX, "%s", name);
+			if (retval < 0) {
+				ret = -EINVAL;
+				break;
+			}

 			/* parse number of frames.*/
 			ret = tokenize_u8(&inp, ",", base, &ep_prop->nframes);
--- a/drivers/misc/nvscic2c-pcie/endpoint.c
+++ b/drivers/misc/nvscic2c-pcie/endpoint.c
@@ -1050,6 +1050,7 @@ endpoints_setup(struct driver_ctx_t *drv_ctx, void **endpoints_h)
 {
 	u16 i = 0;
 	int ret = 0;
+	int retval = 0;
 	struct endpoint_t *endpoint = NULL;
 	struct endpoint_prop_t *ep_prop = NULL;
 	struct endpoint_drv_ctx_t *eps_ctx = NULL;
@@ -1073,7 +1074,11 @@ endpoints_setup(struct driver_ctx_t *drv_ctx, void **endpoints_h)

 	eps_ctx->nr_endpoint = drv_ctx->drv_param.nr_endpoint;
 	eps_ctx->of_node = drv_ctx->drv_param.of_node;
-	strcpy(eps_ctx->drv_name, drv_ctx->drv_name);
+	retval = snprintf(eps_ctx->drv_name, NAME_MAX, "%s", drv_ctx->drv_name);
+	if (retval < 0) {
+		ret = -EINVAL;
+		goto err;
+	}
 	init_waitqueue_head(&eps_ctx->eps_close_waitq);

 	/* allocate the whole chardev range */
@@ -1108,7 +1113,11 @@ endpoints_setup(struct driver_ctx_t *drv_ctx, void **endpoints_h)
 		stream_ext_params = &endpoint->stream_ext_params;

 		/* copy the parameters from nvscic2c-pcie driver ctx.*/
-		strcpy(endpoint->name, ep_prop->name);
+		retval = snprintf(endpoint->name, NAME_MAX, "%s", ep_prop->name);
+		if (retval < 0) {
+			ret = -EINVAL;
+			goto err;
+		}
 		endpoint->chip_id = drv_ctx->chip_id;
 		endpoint->minor = ep_prop->id;
 		endpoint->nframes = ep_prop->nframes;
--- a/drivers/misc/nvscic2c-pcie/epf/module.c
+++ b/drivers/misc/nvscic2c-pcie/epf/module.c
@@ -54,6 +54,8 @@ static const struct pci_epf_device_id nvscic2c_pcie_epf_ids[] = {
 };

 #if defined(NV_PLATFORM_MSI_DOMAIN_ALLOC_IRQS_PRESENT)
+#define MSI_MSG_DATA_OFFSET \
+	((TEGRA264_PCIE_DMA_MSI_REMOTE_VEC + 2) - TEGRA264_PCIE_DMA_MSI_LOCAL_VEC)
 static void
 nvscic2c_dma_epf_write_msi_msg(struct msi_desc *desc, struct msi_msg *msg)
 {
@@ -65,8 +67,11 @@ nvscic2c_dma_epf_write_msi_msg(struct msi_desc *desc, struct msi_msg *msg)
 		 * First information received is for CRC MSI. So subtract the same to get base and
 		 * add WR local vector
 		 */
-		msi_data = msg->data -  (TEGRA264_PCIE_DMA_MSI_REMOTE_VEC + 2) +
-				TEGRA264_PCIE_DMA_MSI_LOCAL_VEC;
+		if (msg->data < MSI_MSG_DATA_OFFSET) {
+			pr_err("Invalid MSI MSG data\n");
+			return;
+		}
+		msi_data = msg->data - MSI_MSG_DATA_OFFSET;
 	}
 }
 #endif
@@ -305,8 +310,10 @@ clear_inbound_translation(struct pci_epf *epf)
 	struct pci_epf_bar *epf_bar = NULL;

 	drv_ctx = epf_get_drvdata(epf);
-	if (!drv_ctx)
+	if (!drv_ctx) {
 		pr_err("epf_get_drvdata() failed\n");
+		return;
+	}

 	epf_bar = &epf->bar[drv_ctx->bar];
 	pci_epc_clear_bar(epf->epc, epf->func_no, epf->vfunc_no, epf_bar);
--- a/drivers/misc/nvscic2c-pcie/iova-mngr.c
+++ b/drivers/misc/nvscic2c-pcie/iova-mngr.c
@@ -298,6 +298,7 @@ int
 iova_mngr_init(char *name, u64 base_address, size_t size, void **mngr_handle)
 {
 	int ret = 0;
+	int retval = 0;
 	struct block_t *block = NULL;
 	struct mngr_ctx_t *ctx = NULL;

@@ -328,7 +329,12 @@ iova_mngr_init(char *name, u64 base_address, size_t size, void **mngr_handle)
 		pr_err("name: (%s) long, max char:(%u)\n", name, (NAME_MAX - 1));
 		goto err;
 	}
-	strcpy(ctx->name, name);
+	retval = snprintf(ctx->name, NAME_MAX, "%s", name);
+	if (retval < 0) {
+		ret = -EINVAL;
+		goto err;
+	}
+
 	INIT_LIST_HEAD(ctx->reserved_list);
 	INIT_LIST_HEAD(ctx->free_list);
 	mutex_init(&ctx->lock);