video: tegra: nvmap: fix time-of-check,time-of-use vulnerability
authorSri Krishna chowdary <schowdary@nvidia.com>
Sat, 25 Feb 2017 19:02:47 +0000 (00:02 +0530)
committerManish Tuteja <mtuteja@nvidia.com>
Thu, 6 Apr 2017 01:11:14 +0000 (18:11 -0700)
commit5a909abd5804cab0620762d1ba34435e2f45614b
treea43e818303286613caef960d10115cb8622a7faf
parent311b0be13c0bee09620bb1c43a7410ad1590c588
video: tegra: nvmap: fix time-of-check,time-of-use vulnerability

Validate the region specified by offset and size before performing
the operations like nvmap_prot_handle, nvmap_cache_maint and nvmap_handle_mk*.
This validation of offset and size once the values are in local variables
guarantees that even though user space changes the values in user buffers,
nvmap continues to perform operations with the contents that are validated.
Fixes Google Bug 34113000.

Bug 1862379
Bug 1880033

Change-Id: I32786d26c269a95122fbaf0b91d6d090cba7388e
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: http://git-master/r/1298712
(cherry picked from commit f45441da608d8015ece73d253d4bdb48863f99e2)
Reviewed-on: http://git-master/r/1311631
(cherry picked from commit 22168ee3a52622c20ca8480de82102fb08119193)
Reviewed-on: http://git-master/r/1455425
Reviewed-by: Manish Tuteja <mtuteja@nvidia.com>
Tested-by: Manish Tuteja <mtuteja@nvidia.com>
drivers/video/tegra/nvmap/nvmap_cache.c
drivers/video/tegra/nvmap/nvmap_ioctl.c
drivers/video/tegra/nvmap/nvmap_mm.c
drivers/video/tegra/nvmap/nvmap_priv.h