From d577197ff2438d62ca78437b5384d2c452b87b68 Mon Sep 17 00:00:00 2001
From: Pavan Bobba <quic_pav@quicinc.com>
Date: Fri, 13 May 2022 16:11:17 +0530
Subject: [PATCH] smcinvoke : file private data validation which is sent by
 userspace

a validation added to check  whether retrieved struct smcinvoke_file_data
inside the function get_server_id belongs to g_smcinvoke_fops or not.

Change-Id: I50bce93ab89759b4fdcb76e41f699d8199771fbd
Signed-off-by: Pavan Bobba <quic_pav@quicinc.com>
---
 smcinvoke/smcinvoke.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/smcinvoke/smcinvoke.c b/smcinvoke/smcinvoke.c
index 7a8bc7bcb4..048556f0a1 100644
--- a/smcinvoke/smcinvoke.c
+++ b/smcinvoke/smcinvoke.c
@@ -625,15 +625,13 @@ static uint16_t get_server_id(int cb_server_fd)
 	struct smcinvoke_file_data *svr_cxt = NULL;
 	struct file *tmp_filp = fget(cb_server_fd);
 
-	if (!tmp_filp)
+	if (!tmp_filp || !FILE_IS_REMOTE_OBJ(tmp_filp))
 		return server_id;
 
 	svr_cxt = tmp_filp->private_data;
 	if (svr_cxt && svr_cxt->context_type == SMCINVOKE_OBJ_TYPE_SERVER)
 		server_id = svr_cxt->server_id;
-
-	if (tmp_filp)
-		fput(tmp_filp);
+	fput(tmp_filp);
 
 	return server_id;
 }