gpu: nvgpu: Fix coverity defect in page allocator

Fix use-after-free overity defect in page allocator. The alloc struct
was getting used after a call for __gk20a_free_pages() which frees
the alloc struct passed in.

Coverity ID: 468942
Bug 200192125

Change-Id: I4f5d32f245efae967050f93c7806290b4bf3591c
Signed-off-by: Alex Waterman <alexw@nvidia.com>
Reviewed-on: http://git-master/r/1272730
GVS: Gerrit_Virtual_Submit
Reviewed-by: Terje Bergstrom <tbergstrom@nvidia.com>

1 files changed, 6 insertions, 5 deletions

diff --git a/drivers/gpu/nvgpu/gk20a/gk20a_allocator_page.c b/drivers/gpu/nvgpu/gk20a/gk20a_allocator_page.c
index 06c33a8c..9717a726 100644
--- a/drivers/gpu/nvgpu/gk20a/gk20a_allocator_page.c
+++ b/drivers/gpu/nvgpu/gk20a/gk20a_allocator_page.c
@@ -734,19 +734,20 @@ static void gk20a_page_free_fixed(struct gk20a_allocator *__a,
                 alloc = (struct gk20a_page_alloc *) (uintptr_t) base;
         }
 
+        palloc_dbg(a, "Free  [fixed] 0x%010llx + 0x%llx\n",
+                   alloc->base, alloc->length);
+
+        a->nr_fixed_frees++;
+        a->pages_freed += (alloc->length >> a->page_shift);
+
         /*
          * This works for the time being since the buddy allocator
          * uses the same free function for both fixed and regular
          * allocs. This would have to be updated if the underlying
          * allocator were to change.
          */
-        palloc_dbg(a, "Free  [fixed] 0x%010llx + 0x%llx\n",
-                   alloc->base, alloc->length);
         __gk20a_free_pages(a, alloc, true);
 
-        a->nr_fixed_frees++;
-        a->pages_freed += (alloc->length >> a->page_shift);
-
 done:
         alloc_unlock(__a);
 }