nv-tegra-mirror/linux-nvgpu
1
0
Fork 0
mirror of git://nv-tegra.nvidia.com/linux-nvgpu.git synced 2025-12-24 10:34:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

gpu: nvgpu: check for null pointer access

Browse Source 
It is possible to have an invalid combination of the ioctl calls that
could result in a null pointer access in the function
gk20a_event_id_release(). The null pointer access can be prevented by
having a null check for a valid struct gk20a_event_id_data before
accessing its internal variables.

Bug 200462170

Change-Id: I9233479081b7a7659deeaa3b84141381ed302e63
Signed-off-by: Debarshi Dutta <ddutta@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/2006314
Reviewed-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-by: Konsta Holtta <kholtta@nvidia.com>
Reviewed-by: Alex Waterman <alexw@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Vijayakumar Subbu <vsubbu@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
This commit is contained in:
Debarshi Dutta
2019-01-29 15:15:53 +05:30
committed by mobile promotions
parent 9578ed6c4e
commit 2217e342d5
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
drivers/gpu/nvgpu/os/linux/ioctl_tsg.c
View File

@@ -256,8 +256,14 @@ static unsigned int gk20a_event_id_poll(struct file *filep, poll_table *wait)
static int gk20a_event_id_release(struct inode *inode, struct file *filp)
{
struct gk20a_event_id_data *event_id_data = filp->private_data;
struct gk20a *g = event_id_data->g;
struct tsg_gk20a *tsg = g->fifo.tsg + event_id_data->id;
struct gk20a *g;
struct tsg_gk20a *tsg;
if (event_id_data == NULL)
return -EINVAL;
g = event_id_data->g;
tsg = g->fifo.tsg + event_id_data->id;
nvgpu_mutex_acquire(&tsg->event_id_list_lock);
nvgpu_list_del(&event_id_data->event_id_node);