Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b72dd9e5 authored by Tharun Kumar Merugu's avatar Tharun Kumar Merugu Committed by Gerrit - the friendly Code Review server
Browse files

msm: adsprpc: restrict user apps from sending kernel RPC messages 



Verify that user applications are not using the kernel RPC message
handle to restrict them from directly attaching to guest OS on the
remote subsystem

Change-Id: Icfa114a12f2bebbe815eb9930027fded51f717fd
Acked-by: default avatarThyagarajan Venkatanarayanan <venkatan@qti.qualcomm.com>
Signed-off-by: default avatarTharun Kumar Merugu <mtharu@codeaurora.org>
Signed-off-by: default avatarMohammed Nayeem Ur Rahman <mohara@codeaurora.org>
parent e4bc5ff2

drivers/char/adsprpc.c

+17 −8
Original line number Diff line number Diff line 
/*

 * Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.

 * Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -106,6 +106,7 @@ 


#define PERF_KEYS \

	"count:flush:map:copy:glink:getargs:putargs:invalidate:invoke:tid:ptr"

#define FASTRPC_STATIC_HANDLE_KERNEL (1)

#define FASTRPC_STATIC_HANDLE_LISTENER (3)

#define FASTRPC_STATIC_HANDLE_MAX (20)

#define FASTRPC_LATENCY_CTRL_ENB  (1)
@@ -1953,6 +1954,14 @@ static int fastrpc_internal_invoke(struct fastrpc_file *fl, uint32_t mode, 
	if (fl->profile)

		getnstimeofday(&invoket);



	if (!kernel) {

		VERIFY(err, invoke->handle != FASTRPC_STATIC_HANDLE_KERNEL);

		if (err) {

			pr_err("adsprpc: ERROR: %s: user application %s trying to send a kernel RPC message to channel %d",

				__func__, current->comm, cid);

			goto bail;

		}

	}



	VERIFY(err, fl->sctx != NULL);

	if (err)
@@ -2092,7 +2101,7 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 


		ra[0].buf.pv = (void *)&tgid;

		ra[0].buf.len = sizeof(tgid);

		ioctl.inv.handle = 1;

		ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL;

		ioctl.inv.sc = REMOTE_SCALARS_MAKE(0, 1, 0);

		ioctl.inv.pra = ra;

		ioctl.fds = NULL;
@@ -2187,7 +2196,7 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 
		ra[5].buf.len = sizeof(inbuf.siglen);

		fds[5] = 0;



		ioctl.inv.handle = 1;

		ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL;

		ioctl.inv.sc = REMOTE_SCALARS_MAKE(6, 4, 0);

		if (uproc->attrs)

			ioctl.inv.sc = REMOTE_SCALARS_MAKE(7, 6, 0);
@@ -2273,7 +2282,7 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 
		ra[2].buf.pv = (void *)pages;

		ra[2].buf.len = sizeof(*pages);

		fds[2] = 0;

		ioctl.inv.handle = 1;

		ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL;



		ioctl.inv.sc = REMOTE_SCALARS_MAKE(8, 3, 0);

		ioctl.inv.pra = ra;
@@ -2325,7 +2334,7 @@ static int fastrpc_release_current_dsp_process(struct fastrpc_file *fl) 
	tgid = fl->tgid;

	ra[0].buf.pv = (void *)&tgid;

	ra[0].buf.len = sizeof(tgid);

	ioctl.inv.handle = 1;

	ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL;

	ioctl.inv.sc = REMOTE_SCALARS_MAKE(1, 1, 0);

	ioctl.inv.pra = ra;

	ioctl.fds = NULL;
@@ -2371,7 +2380,7 @@ static int fastrpc_mmap_on_dsp(struct fastrpc_file *fl, uint32_t flags, 
	ra[2].buf.pv = (void *)&routargs;

	ra[2].buf.len = sizeof(routargs);



	ioctl.inv.handle = 1;

	ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL;

	if (fl->apps->compat)

		ioctl.inv.sc = REMOTE_SCALARS_MAKE(4, 2, 1);

	else
@@ -2426,7 +2435,7 @@ static int fastrpc_munmap_on_dsp_rh(struct fastrpc_file *fl, uint64_t phys, 
		ra[0].buf.pv = (void *)&routargs;

		ra[0].buf.len = sizeof(routargs);



		ioctl.inv.handle = 1;

		ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL;

		ioctl.inv.sc = REMOTE_SCALARS_MAKE(7, 0, 1);

		ioctl.inv.pra = ra;

		ioctl.fds = NULL;
@@ -2477,7 +2486,7 @@ static int fastrpc_munmap_on_dsp(struct fastrpc_file *fl, uintptr_t raddr, 
	ra[0].buf.pv = (void *)&inargs;

	ra[0].buf.len = sizeof(inargs);



	ioctl.inv.handle = 1;

	ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL;

	if (fl->apps->compat)

		ioctl.inv.sc = REMOTE_SCALARS_MAKE(5, 1, 0);

	else