From 45c6aed68d9f96fce8323d4870e78b682d14a4d0 Mon Sep 17 00:00:00 2001 From: Sagar Kamble Date: Wed, 4 May 2022 14:09:02 +0530 Subject: [PATCH] gpu: nvgpu: fix CERT violations in nvgpu_dbg_gpu_access_gpu_va Update nvgpu_dbg_gpu_access_gpu_va to: 1. Ensure that integer conversions do not result in lost or misinterpreted data. 2. Do not dereference null pointers. CID 436748 CID 473585 CID 254272 CID 490303 Bug 3512546 Change-Id: I551484b671aa48175a8cea119885eac478c2731c Signed-off-by: Sagar Kamble Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2707019 Reviewed-by: svc-mobile-coverity Reviewed-by: svc-mobile-cert Reviewed-by: Sachin Nikam GVS: Gerrit_Virtual_Submit --- drivers/gpu/nvgpu/os/linux/ioctl_dbg.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/nvgpu/os/linux/ioctl_dbg.c b/drivers/gpu/nvgpu/os/linux/ioctl_dbg.c index 729284b0d..96654fdfb 100644 --- a/drivers/gpu/nvgpu/os/linux/ioctl_dbg.c +++ b/drivers/gpu/nvgpu/os/linux/ioctl_dbg.c @@ -2623,10 +2623,11 @@ static int nvgpu_dbg_gpu_access_gpu_va(struct dbg_session_gk20a *dbg_s, struct nvgpu_dbg_gpu_va_access_args *arg) { int ret = 0; - u32 i, buf_len; + size_t buf_len; + u32 i; u8 cmd; u64 *buffer = NULL; - u32 size, allocated_size = 0; + size_t size, allocated_size = 0; void __user *user_buffer; struct gk20a *g = dbg_s->g; struct nvgpu_channel *ch; @@ -2660,6 +2661,13 @@ static int nvgpu_dbg_gpu_access_gpu_va(struct dbg_session_gk20a *dbg_s, cmd = arg->cmd; for (i = 0; i < arg->count; i++) { size = ops_buffer[i].size; + + if (size == 0UL) { + nvgpu_err(g, "size is zero"); + ret = -EINVAL; + goto fail; + } + if ((ops_buffer[i].gpu_va & 0x3)) { nvgpu_err(g, "gpu va is not aligned %u 0x%llx", i, ops_buffer[i].gpu_va);