From 450aa3f0bec1b5164a0986cd6518ef1937f7c80f Mon Sep 17 00:00:00 2001 From: Lakshmanan M Date: Wed, 20 Jul 2016 18:33:57 +0530 Subject: gpu: nvgpu: corner case failure handling in CE infra interface This CL covers the following simple modification, 1) Linux kernel list implementation doesn't handle NULL pointer dereference at list_del() api. 2) NULL validation before access the command buffer related operations. This required for prevent the illegal/NULL memory access during gk20a_ce_create_context_with_cb() failure case. JIRA DNVGPU-53 Change-Id: I3ad178970ecb1485098124378bfc5256a9455ebd Signed-off-by: Lakshmanan M Reviewed-on: http://git-master/r/1184294 GVS: Gerrit_Virtual_Submit Reviewed-by: Vijayakumar Subbu --- drivers/gpu/nvgpu/gk20a/ce2_gk20a.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'drivers/gpu/nvgpu') diff --git a/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c b/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c index a69cce0c..8ea0b2d5 100644 --- a/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c +++ b/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c @@ -186,20 +186,24 @@ static void gk20a_ce_free_command_buffer_stored_fence(struct gk20a_gpu_ctx *ce_c /* assume this api should need to call under mutex_lock(&ce_app->app_mutex) */ static void gk20a_ce_delete_gpu_context(struct gk20a_gpu_ctx *ce_ctx) { + struct list_head *list = &ce_ctx->list; + ce_ctx->gpu_ctx_state = NVGPU_CE_GPU_CTX_DELETED; mutex_lock(&ce_ctx->gpu_ctx_mutex); - gk20a_ce_free_command_buffer_stored_fence(ce_ctx); - - gk20a_gmmu_unmap_free(ce_ctx->vm, &ce_ctx->cmd_buf_mem); + if (ce_ctx->cmd_buf_mem.cpu_va) { + gk20a_ce_free_command_buffer_stored_fence(ce_ctx); + gk20a_gmmu_unmap_free(ce_ctx->vm, &ce_ctx->cmd_buf_mem); + } /* free the channel */ if (ce_ctx->ch) gk20a_channel_close(ce_ctx->ch); /* housekeeping on app */ - list_del(&ce_ctx->list); + if (list->prev && list->next) + list_del(list); mutex_unlock(&ce_ctx->gpu_ctx_mutex); mutex_destroy(&ce_ctx->gpu_ctx_mutex); -- cgit v1.2.2