msm: ipa3: Fix to validate the user inputs · 25611b44f1 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

msm: ipa3: Fix to validate the user inputs

Adding code changes to validate user inputs.
Before allocating the NAT entry verifying the
NAT entry size in range or not.

Change-Id: I21147f20a12243af5d21aebdc206703964db2be4
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>

This commit is contained in:

Mohammed Javid

2018-10-08 20:04:48 +05:30

• committed by

Gerrit - the friendly Code Review server

parent 36ffd181f1

commit 25611b44f1

2 changed files with 28 additions and 0 deletions

									
										14

drivers/platform/msm/ipa/ipa_v2/ipa_nat.c
									
										View file
										
				@ -35,6 +35,13 @@ enum nat_table_type {

				#define NAT_TABLE_ENTRY_SIZE_BYTE 32

				#define NAT_INTEX_TABLE_ENTRY_SIZE_BYTE 4

				/*

				 * Max NAT table entries is limited 1000 entries.

				 * Limit the memory size required by user to prevent kernel memory starvation

				 */

				#define IPA_TABLE_MAX_ENTRIES 1000

				#define MAX_ALLOC_NAT_SIZE (IPA_TABLE_MAX_ENTRIES * NAT_TABLE_ENTRY_SIZE_BYTE)

				static int ipa_nat_vma_fault_remap(

					 struct vm_area_struct *vma, struct vm_fault *vmf)

				{

				@ -270,6 +277,13 @@ int ipa2_allocate_nat_device(struct ipa_ioc_nat_alloc_mem *mem)

						goto bail;

					}

					if (mem->size > MAX_ALLOC_NAT_SIZE) {

						IPAERR("Trying allocate more size = %zu, Max allowed = %d\n",

								mem->size, MAX_ALLOC_NAT_SIZE);

						result = -EPERM;

						goto bail;

					}

					if (mem->size <= 0 ||

							nat_ctx->is_dev_init == true) {

						IPAERR_RL("Invalid Parameters or device is already init\n");

									
										14

drivers/platform/msm/ipa/ipa_v3/ipa_nat.c
									
										View file
										
				@ -34,6 +34,13 @@ enum nat_table_type {

				#define NAT_TABLE_ENTRY_SIZE_BYTE 32

				#define NAT_INTEX_TABLE_ENTRY_SIZE_BYTE 4

				/*

				 * Max NAT table entries is limited 1000 entries.

				 * Limit the memory size required by user to prevent kernel memory starvation

				 */

				#define IPA_TABLE_MAX_ENTRIES 1000

				#define MAX_ALLOC_NAT_SIZE (IPA_TABLE_MAX_ENTRIES * NAT_TABLE_ENTRY_SIZE_BYTE)

				static int ipa3_nat_vma_fault_remap(

					 struct vm_area_struct *vma, struct vm_fault *vmf)

				{

				@ -272,6 +279,13 @@ int ipa3_allocate_nat_device(struct ipa_ioc_nat_alloc_mem *mem)

						goto bail;

					}

					if (mem->size > MAX_ALLOC_NAT_SIZE) {

						IPAERR("Trying allocate more size = %zu, Max allowed = %d\n",

								mem->size, MAX_ALLOC_NAT_SIZE);

						result = -EPERM;

						goto bail;

					}

					if (mem->size <= 0 ||

							nat_ctx->is_dev_init == true) {

						IPAERR_RL("Invalid Parameters or device is already init\n");