diff options
| author | Tharun Kumar Merugu <mtharu@codeaurora.org> | 2019-02-02 01:22:47 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2019-03-12 21:29:22 -0700 |
| commit | e5a6a48ac3cc02c9c9ae33e4aaa8cd5a48e828be (patch) | |
| tree | c1f3d32d0188230eae0c3e7052745a1a6244192b /drivers/char | |
| parent | 1d932c57e221f3d40a1b0468371132711177f6b3 (diff) | |
msm: adsprpc: restrict user apps from sending kernel RPC messages
Verify that user applications are not using the kernel RPC message
handle to restrict them from directly attaching to guest OS on the
remote subsystem.
Change-Id: Icfa114a12f2bebbe815eb9930027fded51f717fd
Acked-by: Thyagarajan Venkatanarayanan <venkatan@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
Signed-off-by: Mohammed Nayeem Ur Rahman <mohara@codeaurora.org>
Diffstat (limited to 'drivers/char')
| -rw-r--r-- | drivers/char/adsprpc.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c index bd76abfa10ee..e9be78e24ac7 100644 --- a/drivers/char/adsprpc.c +++ b/drivers/char/adsprpc.c @@ -83,6 +83,7 @@ #define FASTRPC_LINK_DISCONNECTING (0x7) #define PERF_KEYS "count:flush:map:copy:glink:getargs:putargs:invalidate:invoke" +#define FASTRPC_STATIC_HANDLE_KERNEL (1) #define FASTRPC_STATIC_HANDLE_LISTENER (3) #define FASTRPC_STATIC_HANDLE_MAX (20) @@ -1667,6 +1668,15 @@ static int fastrpc_internal_invoke(struct fastrpc_file *fl, uint32_t mode, if (fl->profile) getnstimeofday(&invoket); + if (!kernel) { + VERIFY(err, invoke->handle != FASTRPC_STATIC_HANDLE_KERNEL); + if (err) { + pr_err("adsprpc: ERROR: %s: user application %s trying to send a kernel RPC message to channel %d", + __func__, current->comm, cid); + goto bail; + } + } + VERIFY(err, fl->sctx != NULL); if (err) goto bail; @@ -1777,7 +1787,7 @@ static int fastrpc_init_process(struct fastrpc_file *fl, ra[0].buf.pv = (void *)&tgid; ra[0].buf.len = sizeof(tgid); - ioctl.inv.handle = 1; + ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL; ioctl.inv.sc = REMOTE_SCALARS_MAKE(0, 1, 0); ioctl.inv.pra = ra; ioctl.fds = NULL; @@ -1865,7 +1875,7 @@ static int fastrpc_init_process(struct fastrpc_file *fl, ra[5].buf.len = sizeof(inbuf.siglen); fds[5] = 0; - ioctl.inv.handle = 1; + ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL; ioctl.inv.sc = REMOTE_SCALARS_MAKE(6, 4, 0); if (uproc->attrs) ioctl.inv.sc = REMOTE_SCALARS_MAKE(7, 6, 0); @@ -1934,7 +1944,7 @@ static int fastrpc_init_process(struct fastrpc_file *fl, ra[2].buf.pv = (void *)pages; ra[2].buf.len = sizeof(*pages); fds[2] = 0; - ioctl.inv.handle = 1; + ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL; ioctl.inv.sc = REMOTE_SCALARS_MAKE(8, 3, 0); ioctl.inv.pra = ra; @@ -1978,7 +1988,7 @@ static int fastrpc_release_current_dsp_process(struct fastrpc_file *fl) tgid = fl->tgid; ra[0].buf.pv = (void *)&tgid; ra[0].buf.len = sizeof(tgid); - ioctl.inv.handle = 1; + ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL; ioctl.inv.sc = REMOTE_SCALARS_MAKE(1, 1, 0); ioctl.inv.pra = ra; ioctl.fds = NULL; @@ -2023,7 +2033,7 @@ static int fastrpc_mmap_on_dsp(struct fastrpc_file *fl, uint32_t flags, ra[2].buf.pv = (void *)&routargs; ra[2].buf.len = sizeof(routargs); - ioctl.inv.handle = 1; + ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL; if (fl->apps->compat) ioctl.inv.sc = REMOTE_SCALARS_MAKE(4, 2, 1); else @@ -2081,7 +2091,7 @@ static int fastrpc_munmap_on_dsp_rh(struct fastrpc_file *fl, uint64_t phys, ra[0].buf.pv = (void *)&routargs; ra[0].buf.len = sizeof(routargs); - ioctl.inv.handle = 1; + ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL; ioctl.inv.sc = REMOTE_SCALARS_MAKE(7, 0, 1); ioctl.inv.pra = ra; ioctl.fds = NULL; @@ -2129,7 +2139,7 @@ static int fastrpc_munmap_on_dsp(struct fastrpc_file *fl, uintptr_t raddr, ra[0].buf.pv = (void *)&inargs; ra[0].buf.len = sizeof(inargs); - ioctl.inv.handle = 1; + ioctl.inv.handle = FASTRPC_STATIC_HANDLE_KERNEL; if (fl->apps->compat) ioctl.inv.sc = REMOTE_SCALARS_MAKE(5, 1, 0); else |