From dd30ab0bfd1f62a5ee5e4249f8052400d5a3e19b Mon Sep 17 00:00:00 2001
From: Manish Bhardwaj <mbhardwaj@nvidia.com>
Date: Sat, 1 Mar 2025 17:39:50 +0000
Subject: [PATCH] nvidia-oot: cert & misra fixes in hvc_sysfs.c drv

using this patch fixing below cert & misra errors:-
- cert_int08_c_violation: Unsigned integer operation
  "vma->vm_end - vma->vm_start" may wrap.
- cert_int08_c_violation: Unsigned integer operation
  "vma->vm_end - vma->vm_start" may wrap.
- cert_str07_c_violation: Using unsafe interface
  "strncpy" instead of "strncpy_s" for string manipulation.
- cert_str07_c_violation: Using unsafe interface "strncat"
  instead of "strncat_s" for string manipulation.
- cert_exp39_c_violation: Accessing an object through a
  pointer "(uint64_t *)buf" whose type "uint64_t *" is
  incompatible with the type of the object
- cert_exp39_c_violation: Calling function
  "hyp_trace_get_mask(uint64_t *)" which accesses an object
  through a pointer "(uint64_t *)buf" whose type "uint64_t *"
  is incompatible with the type of the object. [details]
- cert_exp39_c_violation: Accessing an object through a
  pointer "(uint64_t *)buf" whose type "uint64_t *" is
  incompatible with the type of the object.

JIRA ESLC-8400

Change-Id: Ia8e03dac4e939078719543d8e6d3bbc464301b16
Signed-off-by: Manish Bhardwaj <mbhardwaj@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3304759
Reviewed-by: svcacv <svcacv@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Sumeet Gupta <sumeetg@nvidia.com>
Reviewed-by: Suresh Venkatachalam <skathirampat@nvidia.com>
---
 drivers/virt/tegra/hvc_sysfs.c | 40 +++++++++++++++++++++++++++-------
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/drivers/virt/tegra/hvc_sysfs.c b/drivers/virt/tegra/hvc_sysfs.c
index 97c73c14..7a60d737 100644
--- a/drivers/virt/tegra/hvc_sysfs.c
+++ b/drivers/virt/tegra/hvc_sysfs.c
@@ -11,6 +11,7 @@
 #include <linux/mm.h>
 #include <linux/bug.h>
 #include <linux/io.h>
+#include <linux/overflow.h>
 #include <soc/tegra/virt/syscalls.h>
 #include <soc/tegra/virt/hv-ivc.h>
 #define TEGRA_HV_ERR(...) pr_err("hvc_sysfs: " __VA_ARGS__)
@@ -61,12 +62,18 @@ static int nvlog_buffer_mmap(struct file *fp, struct kobject *ko,
 			     struct vm_area_struct *vma)
 {
 	struct nvlog_shmem_info *info = container_of(attr, struct nvlog_shmem_info, attr);
+	unsigned long result;
 
 	if ((info->ipa == 0) || (info->region_size == 0))
 		return -EINVAL;
 
 
-	if ((vma->vm_end - vma->vm_start) != attr->size)
+	if (check_sub_overflow(vma->vm_end, vma->vm_start, &result)) {
+		pr_err("%s: operation got overflown.\n", __func__);
+		return -EINVAL;
+	}
+
+	if (result != attr->size)
 		return -EINVAL;
 
 	return remap_pfn_range(
@@ -202,8 +209,8 @@ static int hyp_nvlog_buffer_init(void)
 				goto fail;
 			}
 
-			strncpy(dir_name, nvlog_shmem_attrs[cntr].node_name, MAX_NAME_SIZE);
-			strncat(dir_name, "_dir", 4);
+			strscpy(dir_name, nvlog_shmem_attrs[cntr].node_name, MAX_NAME_SIZE);
+			strlcat(dir_name, "_dir", MAX_NAME_SIZE);
 			nvlog_shmem_attrs[cntr].kobj = kobject_create_and_add(dir_name, parent);
 			if (nvlog_shmem_attrs[cntr].kobj == NULL) {
 				TEGRA_HV_INFO("failed to add kobject\n");
@@ -243,12 +250,18 @@ static int hvc_sysfs_mmap(struct file *fp, struct kobject *ko,
 {
 	struct hyp_shared_memory_info *hyp_shm_info =
 		container_of(attr, struct hyp_shared_memory_info, attr);
+	unsigned long result;
 
 	if ((hyp_shm_info->ipa == 0) || (hyp_shm_info->size == 0))
 		return -EINVAL;
 
 
-	if ((vma->vm_end - vma->vm_start) != attr->size)
+	if (check_sub_overflow(vma->vm_end, vma->vm_start, &result)) {
+		pr_err("%s: operation got overflown.\n", __func__);
+		return -EINVAL;
+	}
+
+	if (result != attr->size)
 		return -EINVAL;
 
 	return remap_pfn_range(
@@ -280,18 +293,29 @@ static int hvc_create_sysfs(
 static ssize_t log_mask_read(struct file *fp, struct kobject *ko,
 	struct bin_attribute *attr, char *buf, loff_t pos, size_t size)
 {
+	uint64_t value = 0;
+
 	/* Kernel checks for validity of buf, no need to check here. */
-	*(uint64_t *)buf = EventType;
-	if (size == sizeof(uint64_t))
-		hyp_trace_get_mask((uint64_t *)buf);
+	value = EventType;
+
+	if (size == sizeof(uint64_t)) {
+		hyp_trace_get_mask(&value);
+		memcpy(buf, &value, sizeof(value));
+	}
+
 	return size;
 }
 
 static ssize_t log_mask_write(struct file *fp, struct kobject *ko,
 	struct bin_attribute *attr, char *buf, loff_t pos, size_t size)
 {
+	uint64_t type, value;
+
+	memcpy(&type, buf, sizeof(uint64_t));
+	memcpy(&value, buf + sizeof(uint64_t), sizeof(uint64_t));
+
 	if (size == 2 * sizeof(uint64_t))
-		hyp_trace_set_mask(*(uint64_t *)buf, *((uint64_t *)buf + 1));
+		hyp_trace_set_mask(type, value);
 	else
 		EventType = *buf;