From 5b4451cad8875f5d72490db0f8e6776e506f720a Mon Sep 17 00:00:00 2001
From: Deepak Nibade <dnibade@nvidia.com>
Date: Thu, 27 Aug 2015 12:17:07 +0530
Subject: gpu: nvgpu: prevent extra user unmaps

It is possible that user space requests more unmaps on a buffer
than it requested maps
In this case, we end up dropping one extra refcount which could
lead to releasing buffer early

Fix this by checking and returning if buffer's user_mapped
refcount is already zero

Bug 200130521

Change-Id: Ic8ef2dbfe0476b16d852ad899b1ed0404b5bb7de
Signed-off-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-on: http://git-master/r/788904
Reviewed-by: Terje Bergstrom <tbergstrom@nvidia.com>
Tested-by: Terje Bergstrom <tbergstrom@nvidia.com>
---
 drivers/gpu/nvgpu/gk20a/mm_gk20a.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'drivers')

diff --git a/drivers/gpu/nvgpu/gk20a/mm_gk20a.c b/drivers/gpu/nvgpu/gk20a/mm_gk20a.c
index 2e26ff44..b0c864d4 100644
--- a/drivers/gpu/nvgpu/gk20a/mm_gk20a.c
+++ b/drivers/gpu/nvgpu/gk20a/mm_gk20a.c
@@ -873,6 +873,12 @@ static void gk20a_vm_unmap_user(struct vm_gk20a *vm, u64 offset,
 		mutex_lock(&vm->update_gmmu_lock);
 	}
 
+	if (mapped_buffer->user_mapped == 0) {
+		mutex_unlock(&vm->update_gmmu_lock);
+		gk20a_err(d, "addr already unmapped from user 0x%llx", offset);
+		return;
+	}
+
 	mapped_buffer->user_mapped--;
 	if (mapped_buffer->user_mapped == 0)
 		vm->num_user_mapped_buffers--;
-- 
cgit v1.2.2