From fea9e054547fc0408eb6c5ca893e5b112e19397b Mon Sep 17 00:00:00 2001
From: Kary Jin <karyj@nvidia.com>
Date: Wed, 22 May 2019 17:10:47 +0800
Subject: gpu: nvgpu: add check for "vm->num_user_mapped_buffers"

The "nvgpu_big_zalloc()" will be failed if the passed-in argument
"vm->num_user_mapped_buffers" is zero. The returned value is 16
which will bypass the NULL-check and then causes the panic.

This patch adds a check on the "vm->num_user_mapped_buffers" to
avoid the zero is passed-in the "nvgpu_big_zalloc()".

Bug 2603292

Change-Id: I399eecf72a288e13992730651a34a6cea1ef56d1
Signed-off-by: Kary Jin <karyj@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/2123499
GVS: Gerrit_Virtual_Submit
Reviewed-by: Alex Waterman <alexw@nvidia.com>
Reviewed-by: Daniel Fu <danifu@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
---
 drivers/gpu/nvgpu/common/mm/vm.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'drivers/gpu')

diff --git a/drivers/gpu/nvgpu/common/mm/vm.c b/drivers/gpu/nvgpu/common/mm/vm.c
index 4e221500..dc928e18 100644
--- a/drivers/gpu/nvgpu/common/mm/vm.c
+++ b/drivers/gpu/nvgpu/common/mm/vm.c
@@ -755,6 +755,11 @@ int nvgpu_vm_get_buffers(struct vm_gk20a *vm,
 
 	nvgpu_mutex_acquire(&vm->update_gmmu_lock);
 
+	if (vm->num_user_mapped_buffers == 0) {
+		nvgpu_mutex_release(&vm->update_gmmu_lock);
+		return 0;
+	}
+
 	buffer_list = nvgpu_big_zalloc(vm->mm->g, sizeof(*buffer_list) *
 				       vm->num_user_mapped_buffers);
 	if (buffer_list == NULL) {
-- 
cgit v1.2.2