Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2fe40972 authored by Pavan Bobba's avatar Pavan Bobba Committed by Gerrit - the friendly Code Review server
Browse files

smcinvoke : file private data validation, which is sent by userspace 



a validation added to check  whether retrieved struct smcinvoke_file_data
inside the function get_server_id belongs to g_smcinvoke_fops or not.

Change-Id: If949889a764775200650a8d0b744359c0611b576
Signed-off-by: default avatarPavan Bobba <quic_pav@quicinc.com>
parent 28ca2b9d

drivers/soc/qcom/smcinvoke.c

+3 −5
Original line number Diff line number Diff line
@@ -2,7 +2,7 @@ 
 * SMC Invoke driver

 *

 * Copyright (c) 2016-2020, The Linux Foundation. All rights reserved.

 *

 * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

 * only version 2 as published by the Free Software Foundation.
@@ -595,14 +595,12 @@ static uint16_t get_server_id(int cb_server_fd) 
	struct smcinvoke_file_data *svr_cxt = NULL;

	struct file *tmp_filp = fget(cb_server_fd);



	if (!tmp_filp)

	if (!tmp_filp || !FILE_IS_REMOTE_OBJ(tmp_filp))

		return server_id;



	svr_cxt = tmp_filp->private_data;

	if (svr_cxt && svr_cxt->context_type ==  SMCINVOKE_OBJ_TYPE_SERVER)

		server_id = svr_cxt->server_id;



	if (tmp_filp)

	fput(tmp_filp);



	return server_id;