samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

smcinvoke : file private data validation which is sent by userspace

Browse Source 
a validation added to check  whether retrieved struct smcinvoke_file_data
inside the function get_server_id belongs to g_smcinvoke_fops or not.

Change-Id: I50bce93ab89759b4fdcb76e41f699d8199771fbd
Signed-off-by: Pavan Bobba <quic_pav@quicinc.com>
This commit is contained in:
Pavan Bobba
2022-05-13 16:11:17 +05:30
committed by Gerrit - the friendly Code Review server
parent 56d39957f0
commit d577197ff2
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
smcinvoke/smcinvoke.c
View File

@@ -625,15 +625,13 @@ static uint16_t get_server_id(int cb_server_fd)
struct smcinvoke_file_data *svr_cxt = NULL;
struct file *tmp_filp = fget(cb_server_fd);
if (!tmp_filp)
if (!tmp_filp || !FILE_IS_REMOTE_OBJ(tmp_filp))
return server_id;
svr_cxt = tmp_filp->private_data;
if (svr_cxt && svr_cxt->context_type == SMCINVOKE_OBJ_TYPE_SERVER)
server_id = svr_cxt->server_id;
if (tmp_filp)
fput(tmp_filp);
fput(tmp_filp);
return server_id;
}