gpu: nvgpu: Remove IOCTL FREE_OBJ_CTX

We have never used the IOCTL FREE_OBJ_CTX. Using it leads to context being only partially available, and can lead to use-after-free. Bug 1834225 Change-Id: I9d2b632ab79760f8186d02e0f35861b3a6aae649 Signed-off-by: Terje Bergstrom <tbergstrom@nvidia.com> Reviewed-on: http://git-master/r/1250004 Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com> Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
author: Terje Bergstrom <tbergstrom@nvidia.com> 2016-11-08 17:29:14 -0500
committer: mobile promotions <svcmobile_promotions@nvidia.com> 2016-11-11 14:47:42 -0500
commit: 8fa5e7c58ac08fdb2432a4791595278d69827fb0 (patch)
tree: 18d76c47d66d314206315f1d81adcf8513872d09 /drivers
parent: e580e68f2374b3a0b6226eac7fc4e21dbdcbf22c (diff)
6 files changed, 0 insertions, 61 deletions
diff --git a/drivers/gpu/nvgpu/gk20a/channel_gk20a.c b/drivers/gpu/nvgpu/gk20a/channel_gk20a.c
index 53ed606d..43a6df0e 100644
--- a/drivers/gpu/nvgpu/gk20a/channel_gk20a.c
+++ b/drivers/gpu/nvgpu/gk20a/channel_gk20a.c
@@ -3467,18 +3467,6 @@ long gk20a_channel_ioctl(struct file *filp,
                                (struct nvgpu_alloc_obj_ctx_args *)buf);
                gk20a_idle(dev);
                break;
-        case NVGPU_IOCTL_CHANNEL_FREE_OBJ_CTX:
-                err = gk20a_busy(dev);
-                if (err) {
-                        dev_err(dev,
-                                "%s: failed to host gk20a for ioctl cmd: 0x%x",
-                                __func__, cmd);
-                        break;
-                }
-                err = ch->g->ops.gr.free_obj_ctx(ch,
-                                (struct nvgpu_free_obj_ctx_args *)buf);
-                gk20a_idle(dev);
-                break;
        case NVGPU_IOCTL_CHANNEL_ALLOC_GPFIFO_EX:
        {
                struct nvgpu_alloc_gpfifo_ex_args *alloc_gpfifo_ex_args =
diff --git a/drivers/gpu/nvgpu/gk20a/channel_gk20a.h b/drivers/gpu/nvgpu/gk20a/channel_gk20a.h
index f17128f0..832e03e9 100644
--- a/drivers/gpu/nvgpu/gk20a/channel_gk20a.h
+++ b/drivers/gpu/nvgpu/gk20a/channel_gk20a.h
@@ -155,7 +155,6 @@ struct channel_gk20a {
        u64 userd_iova;
        u64 userd_gpu_va;
-        s32 num_objects;
        u32 obj_class;  /* we support only one obj per channel */
        struct priv_cmd_queue priv_cmd_q;
diff --git a/drivers/gpu/nvgpu/gk20a/gk20a.h b/drivers/gpu/nvgpu/gk20a/gk20a.h
index 7699cd53..07752d66 100644
--- a/drivers/gpu/nvgpu/gk20a/gk20a.h
+++ b/drivers/gpu/nvgpu/gk20a/gk20a.h
@@ -196,8 +196,6 @@ struct gpu_ops {
                void (*free_channel_ctx)(struct channel_gk20a *c);
                int (*alloc_obj_ctx)(struct channel_gk20a  *c,
                                struct nvgpu_alloc_obj_ctx_args *args);
-                int (*free_obj_ctx)(struct channel_gk20a  *c,
-                                struct nvgpu_free_obj_ctx_args *args);
                int (*bind_ctxsw_zcull)(struct gk20a *g, struct gr_gk20a *gr,
                                struct channel_gk20a *c, u64 zcull_va,
                                u32 mode);
diff --git a/drivers/gpu/nvgpu/gk20a/gr_gk20a.c b/drivers/gpu/nvgpu/gk20a/gr_gk20a.c
index 0e8c1884..e6103479 100644
--- a/drivers/gpu/nvgpu/gk20a/gr_gk20a.c
+++ b/drivers/gpu/nvgpu/gk20a/gr_gk20a.c
@@ -2957,7 +2957,6 @@ void gk20a_free_channel_ctx(struct channel_gk20a *c)
        memset(&c->ch_ctx, 0, sizeof(struct channel_ctx_gk20a));
-        c->num_objects = 0;
        c->first_init = false;
 }
@@ -3169,8 +3168,6 @@ int gk20a_alloc_obj_ctx(struct channel_gk20a  *c,
                c->first_init = true;
        }
-        c->num_objects++;
        gk20a_dbg_fn("done");
        return 0;
 out:
@@ -3182,25 +3179,6 @@ out:
        return err;
 }
-int gk20a_free_obj_ctx(struct channel_gk20a  *c,
-                       struct nvgpu_free_obj_ctx_args *args)
-{
-        gk20a_dbg_fn("");
-        if (c->num_objects == 0)
-                return 0;
-        c->num_objects--;
-        if (c->num_objects == 0) {
-                c->first_init = false;
-                gk20a_disable_channel(c);
-                gr_gk20a_free_channel_patch_ctx(c);
-        }
-        return 0;
-}
 int gk20a_comptag_allocator_init(struct gk20a_comptag_allocator *allocator,
                unsigned long size)
 {
@@ -9082,7 +9060,6 @@ void gk20a_init_gr_ops(struct gpu_ops *gops)
        gops->gr.get_gpc_tpc_mask = gr_gk20a_get_gpc_tpc_mask;
        gops->gr.free_channel_ctx = gk20a_free_channel_ctx;
        gops->gr.alloc_obj_ctx = gk20a_alloc_obj_ctx;
-        gops->gr.free_obj_ctx = gk20a_free_obj_ctx;
        gops->gr.bind_ctxsw_zcull = gr_gk20a_bind_ctxsw_zcull;
        gops->gr.get_zcull_info = gr_gk20a_get_zcull_info;
        gops->gr.is_tpc_addr = gr_gk20a_is_tpc_addr;
diff --git a/drivers/gpu/nvgpu/gm20b/gr_gm20b.c b/drivers/gpu/nvgpu/gm20b/gr_gm20b.c
index 37b9737b..56812fa6 100644
--- a/drivers/gpu/nvgpu/gm20b/gr_gm20b.c
+++ b/drivers/gpu/nvgpu/gm20b/gr_gm20b.c
@@ -1534,7 +1534,6 @@ void gm20b_init_gr(struct gpu_ops *gops)
        gops->gr.get_gpc_tpc_mask = gr_gm20b_get_gpc_tpc_mask;
        gops->gr.free_channel_ctx = gk20a_free_channel_ctx;
        gops->gr.alloc_obj_ctx = gk20a_alloc_obj_ctx;
-        gops->gr.free_obj_ctx = gk20a_free_obj_ctx;
        gops->gr.bind_ctxsw_zcull = gr_gk20a_bind_ctxsw_zcull;
        gops->gr.get_zcull_info = gr_gk20a_get_zcull_info;
        gops->gr.is_tpc_addr = gr_gm20b_is_tpc_addr;
diff --git a/drivers/gpu/nvgpu/vgpu/gr_vgpu.c b/drivers/gpu/nvgpu/vgpu/gr_vgpu.c
index 89223091..01f5e1a5 100644
--- a/drivers/gpu/nvgpu/vgpu/gr_vgpu.c
+++ b/drivers/gpu/nvgpu/vgpu/gr_vgpu.c
@@ -421,7 +421,6 @@ static void vgpu_gr_free_channel_ctx(struct channel_gk20a *c)
        memset(&c->ch_ctx, 0, sizeof(struct channel_ctx_gk20a));
-        c->num_objects = 0;
        c->first_init = false;
 }
@@ -586,8 +585,6 @@ static int vgpu_gr_alloc_obj_ctx(struct channel_gk20a  *c,
                c->first_init = true;
        }
-        c->num_objects++;
        gk20a_dbg_fn("done");
        return 0;
 out:
@@ -599,24 +596,6 @@ out:
        return err;
 }
-static int vgpu_gr_free_obj_ctx(struct channel_gk20a  *c,
-                                struct nvgpu_free_obj_ctx_args *args)
-{
-        gk20a_dbg_fn("");
-        if (c->num_objects == 0)
-                return 0;
-        c->num_objects--;
-        if (c->num_objects == 0) {
-                c->first_init = false;
-                gk20a_disable_channel(c);
-        }
-        return 0;
-}
 static int vgpu_gr_init_gr_config(struct gk20a *g, struct gr_gk20a *gr)
 {
        struct vgpu_priv_data *priv = vgpu_get_priv_data(g);
@@ -1073,7 +1052,6 @@ void vgpu_init_gr_ops(struct gpu_ops *gops)
        gops->gr.detect_sm_arch = vgpu_gr_detect_sm_arch;
        gops->gr.free_channel_ctx = vgpu_gr_free_channel_ctx;
        gops->gr.alloc_obj_ctx = vgpu_gr_alloc_obj_ctx;
-        gops->gr.free_obj_ctx = vgpu_gr_free_obj_ctx;
        gops->gr.alloc_gr_ctx = vgpu_gr_alloc_gr_ctx;
        gops->gr.free_gr_ctx = vgpu_gr_free_gr_ctx;
        gops->gr.bind_ctxsw_zcull = vgpu_gr_bind_ctxsw_zcull;
author	Terje Bergstrom <tbergstrom@nvidia.com>	2016-11-08 17:29:14 -0500
committer	mobile promotions <svcmobile_promotions@nvidia.com>	2016-11-11 14:47:42 -0500
commit	8fa5e7c58ac08fdb2432a4791595278d69827fb0 (patch)
tree	18d76c47d66d314206315f1d81adcf8513872d09 /drivers
parent	e580e68f2374b3a0b6226eac7fc4e21dbdcbf22c (diff)