From 2217e342d54f67f5ba7a2a5cafa4798e4583aac5 Mon Sep 17 00:00:00 2001
From: Debarshi Dutta <ddutta@nvidia.com>
Date: Tue, 29 Jan 2019 15:15:53 +0530
Subject: [PATCH] gpu: nvgpu: check for null pointer access

It is possible to have an invalid combination of the ioctl calls that
could result in a null pointer access in the function
gk20a_event_id_release(). The null pointer access can be prevented by
having a null check for a valid struct gk20a_event_id_data before
accessing its internal variables.

Bug 200462170

Change-Id: I9233479081b7a7659deeaa3b84141381ed302e63
Signed-off-by: Debarshi Dutta <ddutta@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/2006314
Reviewed-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-by: Konsta Holtta <kholtta@nvidia.com>
Reviewed-by: Alex Waterman <alexw@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Vijayakumar Subbu <vsubbu@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
---
 drivers/gpu/nvgpu/os/linux/ioctl_tsg.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/nvgpu/os/linux/ioctl_tsg.c b/drivers/gpu/nvgpu/os/linux/ioctl_tsg.c
index 6c726e6a9..38fcf221f 100644
--- a/drivers/gpu/nvgpu/os/linux/ioctl_tsg.c
+++ b/drivers/gpu/nvgpu/os/linux/ioctl_tsg.c
@@ -256,8 +256,14 @@ static unsigned int gk20a_event_id_poll(struct file *filep, poll_table *wait)
 static int gk20a_event_id_release(struct inode *inode, struct file *filp)
 {
 	struct gk20a_event_id_data *event_id_data = filp->private_data;
-	struct gk20a *g = event_id_data->g;
-	struct tsg_gk20a *tsg = g->fifo.tsg + event_id_data->id;
+	struct gk20a *g;
+	struct tsg_gk20a *tsg;
+
+	if (event_id_data == NULL)
+		return -EINVAL;
+
+	g = event_id_data->g;
+	tsg = g->fifo.tsg + event_id_data->id;
 
 	nvgpu_mutex_acquire(&tsg->event_id_list_lock);
 	nvgpu_list_del(&event_id_data->event_id_node);