From 98d996f4ffb0137d119b5849cae46d7b7e5693e1 Mon Sep 17 00:00:00 2001
From: Aparna Das <aparnad@nvidia.com>
Date: Mon, 4 Jun 2018 19:40:56 -0700
Subject: gpu: nvgpu: recover on first interrupt reported for mmu nack

In case of mmu nack error interrupt is received twice through SM
reported mmu nack interrupt and mmu fault in undertermined order.
Recover on the first received interrupt to avoid semaphore release
and skip doing a second recovery.

Also fix NULL pointer dereference in function
gv11b_fifo_reset_pbdma_and_eng_faulted when channel reference is
invalid in teardown path.

Bug 200382235

Change-Id: I361a5725d7b6355ebf02b2870727f647fbd7a37e
Signed-off-by: Aparna Das <aparnad@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1739804
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
---
 drivers/gpu/nvgpu/gv11b/fb_gv11b.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'drivers/gpu/nvgpu/gv11b/fb_gv11b.c')

diff --git a/drivers/gpu/nvgpu/gv11b/fb_gv11b.c b/drivers/gpu/nvgpu/gv11b/fb_gv11b.c
index ce8f5669..bba7e66c 100644
--- a/drivers/gpu/nvgpu/gv11b/fb_gv11b.c
+++ b/drivers/gpu/nvgpu/gv11b/fb_gv11b.c
@@ -935,12 +935,37 @@ static void gv11b_fb_handle_mmu_fault_common(struct gk20a *g,
 				id = mmfault->chid;
 				id_type = ID_TYPE_CHANNEL;
 			}
+			if (mmfault->refch->mmu_nack_handled) {
+				/* We have already recovered for the same
+				 * context, skip doing another recovery.
+				 */
+				mmfault->refch->mmu_nack_handled = false;
+				/*
+				 * Recovery path can be entered twice for the
+				 * same error in case of mmu nack. If mmu
+				 * nack interrupt is handled before mmu fault
+				 * then channel reference is increased to avoid
+				 * closing the channel by userspace. Decrement
+				 * channel reference.
+				 */
+				gk20a_channel_put(mmfault->refch);
+				/* refch in mmfault is assigned at the time
+				 * of copying fault info from snap reg or bar2
+				 * fault buf.
+				 */
+				gk20a_channel_put(mmfault->refch);
+				return;
+			}
 		} else {
 			id_type = ID_TYPE_UNKNOWN;
 		}
 		if (mmfault->faulted_engine != FIFO_INVAL_ENGINE_ID)
 			act_eng_bitmask = BIT(mmfault->faulted_engine);
 
+		/* Indicate recovery is handled if mmu fault is a result of
+		 * mmu nack.
+		 */
+		mmfault->refch->mmu_nack_handled = true;
 		g->ops.fifo.teardown_ch_tsg(g, act_eng_bitmask,
 			id, id_type, RC_TYPE_MMU_FAULT, mmfault);
 	} else {
-- 
cgit v1.2.2