video: tegra: nvmap: fix time-of-check,time-of-use vulnerability
authorSri Krishna chowdary <schowdary@nvidia.com>
Fri, 10 Feb 2017 09:32:14 +0000 (14:32 +0530)
committerWinnie Hsu <whsu@nvidia.com>
Mon, 20 Mar 2017 20:08:09 +0000 (13:08 -0700)
commitfe2aed5a0d1b353f723d9e4dc6669dfa63b64e0a
tree0ccd0d58ed42648fa88f762fa84da9acd2c35a44
parentf01956fc2151561a7845ebdb8f836ad4851af69e
video: tegra: nvmap: fix time-of-check,time-of-use vulnerability

Validate the region specified by offset and size before performing
the operations like nvmap_prot_handle, nvmap_cache_maint and nvmap_handle_mk*.

This validation of offset and size once the values are in local variables
guarantees that even though user space changes the values in user buffers,
nvmap continues to perform operations with the contents that are validated.

Fixes Google Bug 34113000.

bug 1862379

Change-Id: Ief81887b3d94b49f3dcf4d2680d9d7b257c54092
Signed-off-by: Sri Krishna chowdary <schowdary@nvidia.com>
Signed-off-by: Bibek Basu <bbasu@nvidia.com>
Reviewed-on: http://git-master/r/1298712
(cherry picked from commit f45441da608d8015ece73d253d4bdb48863f99e2)
Reviewed-on: http://git-master/r/1310316
(cherry picked from commit 57367ab3be5f1c52dd6b885f114ae90dfce5a363)
Reviewed-on: http://git-master/r/1319910
GVS: Gerrit_Virtual_Submit
drivers/video/tegra/nvmap/nvmap_ioctl.c
drivers/video/tegra/nvmap/nvmap_mm.c
drivers/video/tegra/nvmap/nvmap_priv.h