diff options
author | Linux Build Service Account <lnxbuild@localhost> | 2018-10-17 06:15:03 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2018-10-17 06:15:03 -0700 |
commit | 2a72f7f7fedda6f58a71d9e01d70b4a57a3038fd (patch) | |
tree | 4a02236756c64a1935968a19a6e7e1ec3ca21720 /drivers | |
parent | a66d8962f27e1f5c2fd1f765a2ae9afa1e8eb6b4 (diff) | |
parent | e1d1b7cce40b8a40bfed9f83e5c29679f6eba378 (diff) |
Merge "msm: ipa3: Fix to validate the user inputs"
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/platform/msm/ipa/ipa_v2/ipa_nat.c | 14 | ||||
-rw-r--r-- | drivers/platform/msm/ipa/ipa_v3/ipa_nat.c | 14 |
2 files changed, 28 insertions, 0 deletions
diff --git a/drivers/platform/msm/ipa/ipa_v2/ipa_nat.c b/drivers/platform/msm/ipa/ipa_v2/ipa_nat.c index 7cddbf850540..a7cdf691ec68 100644 --- a/drivers/platform/msm/ipa/ipa_v2/ipa_nat.c +++ b/drivers/platform/msm/ipa/ipa_v2/ipa_nat.c @@ -35,6 +35,13 @@ enum nat_table_type { #define NAT_TABLE_ENTRY_SIZE_BYTE 32 #define NAT_INTEX_TABLE_ENTRY_SIZE_BYTE 4 +/* + * Max NAT table entries is limited 1000 entries. + * Limit the memory size required by user to prevent kernel memory starvation + */ +#define IPA_TABLE_MAX_ENTRIES 1000 +#define MAX_ALLOC_NAT_SIZE (IPA_TABLE_MAX_ENTRIES * NAT_TABLE_ENTRY_SIZE_BYTE) + static int ipa_nat_vma_fault_remap( struct vm_area_struct *vma, struct vm_fault *vmf) { @@ -270,6 +277,13 @@ int ipa2_allocate_nat_device(struct ipa_ioc_nat_alloc_mem *mem) goto bail; } + if (mem->size > MAX_ALLOC_NAT_SIZE) { + IPAERR("Trying allocate more size = %zu, Max allowed = %d\n", + mem->size, MAX_ALLOC_NAT_SIZE); + result = -EPERM; + goto bail; + } + if (mem->size <= 0 || nat_ctx->is_dev_init == true) { IPAERR_RL("Invalid Parameters or device is already init\n"); diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa_nat.c b/drivers/platform/msm/ipa/ipa_v3/ipa_nat.c index 17e4cae311ce..0b52acdeafc1 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa_nat.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa_nat.c @@ -34,6 +34,13 @@ enum nat_table_type { #define NAT_TABLE_ENTRY_SIZE_BYTE 32 #define NAT_INTEX_TABLE_ENTRY_SIZE_BYTE 4 +/* + * Max NAT table entries is limited 1000 entries. + * Limit the memory size required by user to prevent kernel memory starvation + */ +#define IPA_TABLE_MAX_ENTRIES 1000 +#define MAX_ALLOC_NAT_SIZE (IPA_TABLE_MAX_ENTRIES * NAT_TABLE_ENTRY_SIZE_BYTE) + static int ipa3_nat_vma_fault_remap( struct vm_area_struct *vma, struct vm_fault *vmf) { @@ -272,6 +279,13 @@ int ipa3_allocate_nat_device(struct ipa_ioc_nat_alloc_mem *mem) goto bail; } + if (mem->size > MAX_ALLOC_NAT_SIZE) { + IPAERR("Trying allocate more size = %zu, Max allowed = %d\n", + mem->size, MAX_ALLOC_NAT_SIZE); + result = -EPERM; + goto bail; + } + if (mem->size <= 0 || nat_ctx->is_dev_init == true) { IPAERR_RL("Invalid Parameters or device is already init\n"); |