Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 01c88ac0 authored by Pavan Bobba's avatar Pavan Bobba
Browse files

smcinvoke : file private data validation which is sent by userspace 



a validation added to check  whether retrieved struct smcinvoke_file_data
inside the function get_server_id belongs to g_smcinvoke_fops or not.

Change-Id: If949889a764775200650a8d0b744359c0611b576
Signed-off-by: default avatarPavan Bobba <quic_pav@quicinc.com>
Signed-off-by: default avatarYing Nie <quic_yingnie@quicinc.com>
parent 0bfc6c85

drivers/soc/qcom/smcinvoke.c

+3 −4
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/*

 * Copyright (c) 2016-2021, The Linux Foundation. All rights reserved.

 * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.

 */



#define pr_fmt(fmt) "smcinvoke: %s: " fmt, __func__
@@ -590,14 +591,12 @@ static uint16_t get_server_id(int cb_server_fd) 
	struct smcinvoke_file_data *svr_cxt = NULL;

	struct file *tmp_filp = fget(cb_server_fd);



	if (!tmp_filp)

	if (!tmp_filp || !FILE_IS_REMOTE_OBJ(tmp_filp))

		return server_id;



	svr_cxt = tmp_filp->private_data;

	if (svr_cxt && svr_cxt->context_type ==  SMCINVOKE_OBJ_TYPE_SERVER)

		server_id = svr_cxt->server_id;



	if (tmp_filp)

	fput(tmp_filp);



	return server_id;