From 03db4f8f33cfa998fd37db2f1e9ecc9511816d3a Mon Sep 17 00:00:00 2001
From: Kary Jin <karyj@nvidia.com>
Date: Wed, 22 May 2019 17:10:47 +0800
Subject: [PATCH] gpu: nvgpu: add check for "vm->num_user_mapped_buffers"

The "nvgpu_big_zalloc()" will be failed if the passed-in argument
"vm->num_user_mapped_buffers" is zero. The returned value is 16
which will bypass the NULL-check and then causes the panic.

This patch adds a check on the "vm->num_user_mapped_buffers" to
avoid the zero is passed-in the "nvgpu_big_zalloc()".

Bug 2603292

Change-Id: I399eecf72a288e13992730651a34a6cea1ef56d1
Signed-off-by: Kary Jin <karyj@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/2123499
(cherry picked from commit fea9e054547fc0408eb6c5ca893e5b112e19397b)
Reviewed-on: https://git-master.nvidia.com/r/2130001
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svc-mobile-misra <svc-mobile-misra@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
---
 drivers/gpu/nvgpu/common/mm/vm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/gpu/nvgpu/common/mm/vm.c b/drivers/gpu/nvgpu/common/mm/vm.c
index 8402fdb6b..91429aa3c 100644
--- a/drivers/gpu/nvgpu/common/mm/vm.c
+++ b/drivers/gpu/nvgpu/common/mm/vm.c
@@ -896,6 +896,11 @@ int nvgpu_vm_get_buffers(struct vm_gk20a *vm,
 
 	nvgpu_mutex_acquire(&vm->update_gmmu_lock);
 
+	if (vm->num_user_mapped_buffers == 0U) {
+		nvgpu_mutex_release(&vm->update_gmmu_lock);
+		return 0;
+	}
+
 	buffer_list = nvgpu_big_zalloc(vm->mm->g,
 				nvgpu_safe_mult_u64(sizeof(*buffer_list),
 						vm->num_user_mapped_buffers));