smcinvoke : file private data validation, which is sent by userspace

a validation added to check whether retrieved struct smcinvoke_file_data inside the function get_server_id belongs to g_smcinvoke_fops or not. Change-Id: If949889a764775200650a8d0b744359c0611b576 Signed-off-by: Pavan Bobba <quic_pav@quicinc.com>
2025-02-20 11:45:48 +08:00 · 2022-04-07 18:28:46 +05:30 · 2022-04-07 18:28:46 +05:30 · 2fe4097289
commit 2fe4097289
parent 28ca2b9d69
1 changed files with 3 additions and 5 deletions
--- a/drivers/soc/qcom/smcinvoke.c
+++ b/drivers/soc/qcom/smcinvoke.c
@ -2,7 +2,7 @@
 * SMC Invoke driver
 *
 * Copyright (c) 2016-2020, The Linux Foundation. All rights reserved.
- *
+ * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 and
 * only version 2 as published by the Free Software Foundation.
@ -595,14 +595,12 @@ static uint16_t get_server_id(int cb_server_fd)
 	struct smcinvoke_file_data *svr_cxt = NULL;
 	struct file *tmp_filp = fget(cb_server_fd);

-	if (!tmp_filp)
+	if (!tmp_filp || !FILE_IS_REMOTE_OBJ(tmp_filp))
 		return server_id;

 	svr_cxt = tmp_filp->private_data;
 	if (svr_cxt && svr_cxt->context_type ==  SMCINVOKE_OBJ_TYPE_SERVER)
 		server_id = svr_cxt->server_id;
-
-	if (tmp_filp)
 	fput(tmp_filp);

 	return server_id;