gpu: nvgpu: corner case failure handling in CE infra interface

This CL covers the following simple modification,
1) Linux kernel list implementation doesn't handle NULL pointer dereference
   at list_del() api.
2) NULL validation before access the command buffer related operations.
   This required for prevent the illegal/NULL memory access during
   gk20a_ce_create_context_with_cb() failure case.

JIRA DNVGPU-53

Change-Id: I3ad178970ecb1485098124378bfc5256a9455ebd
Signed-off-by: Lakshmanan M <lm@nvidia.com>
Reviewed-on: http://git-master/r/1184294
GVS: Gerrit_Virtual_Submit
Reviewed-by: Vijayakumar Subbu <vsubbu@nvidia.com>

1 files changed, 8 insertions, 4 deletions

diff --git a/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c b/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c
index a69cce0c..8ea0b2d5 100644
--- a/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c
+++ b/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c
@@ -186,20 +186,24 @@ static void gk20a_ce_free_command_buffer_stored_fence(struct gk20a_gpu_ctx *ce_c
 /* assume this api should need to call under mutex_lock(&ce_app->app_mutex) */
 static void gk20a_ce_delete_gpu_context(struct gk20a_gpu_ctx *ce_ctx)
 {
+        struct list_head *list = &ce_ctx->list;
+
         ce_ctx->gpu_ctx_state = NVGPU_CE_GPU_CTX_DELETED;
 
         mutex_lock(&ce_ctx->gpu_ctx_mutex);
 
-        gk20a_ce_free_command_buffer_stored_fence(ce_ctx);
-
-        gk20a_gmmu_unmap_free(ce_ctx->vm, &ce_ctx->cmd_buf_mem);
+        if (ce_ctx->cmd_buf_mem.cpu_va) {
+                gk20a_ce_free_command_buffer_stored_fence(ce_ctx);
+                gk20a_gmmu_unmap_free(ce_ctx->vm, &ce_ctx->cmd_buf_mem);
+        }
 
         /* free the channel */
         if (ce_ctx->ch)
                 gk20a_channel_close(ce_ctx->ch);
 
         /* housekeeping on app */
-        list_del(&ce_ctx->list);
+        if (list->prev && list->next)
+                list_del(list);
 
         mutex_unlock(&ce_ctx->gpu_ctx_mutex);
         mutex_destroy(&ce_ctx->gpu_ctx_mutex);