nv-tegra-mirror/linux-nvgpu
1
0
Fork 0
mirror of git://nv-tegra.nvidia.com/linux-nvgpu.git synced 2025-12-23 09:57:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

gpu: nvgpu: corner case failure handling in CE infra interface

Browse Source 
This CL covers the following simple modification,
1) Linux kernel list implementation doesn't handle NULL pointer dereference
   at list_del() api.
2) NULL validation before access the command buffer related operations.
   This required for prevent the illegal/NULL memory access during
   gk20a_ce_create_context_with_cb() failure case.

JIRA DNVGPU-53

Change-Id: I3ad178970ecb1485098124378bfc5256a9455ebd
Signed-off-by: Lakshmanan M <lm@nvidia.com>
Reviewed-on: http://git-master/r/1184294
GVS: Gerrit_Virtual_Submit
Reviewed-by: Vijayakumar Subbu <vsubbu@nvidia.com>
This commit is contained in:
Lakshmanan M
2016-07-20 18:33:57 +05:30
committed by Vijayakumar Subbu
parent 021c23e46e
commit 450aa3f0be
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/gpu/nvgpu/gk20a/ce2_gk20a.c
View File

@@ -186,20 +186,24 @@ static void gk20a_ce_free_command_buffer_stored_fence(struct gk20a_gpu_ctx *ce_c
/* assume this api should need to call under mutex_lock(&ce_app->app_mutex) */ /* assume this api should need to call under mutex_lock(&ce_app->app_mutex) */
static void gk20a_ce_delete_gpu_context(struct gk20a_gpu_ctx *ce_ctx) static void gk20a_ce_delete_gpu_context(struct gk20a_gpu_ctx *ce_ctx)
{ {
struct list_head *list = &ce_ctx->list;
ce_ctx->gpu_ctx_state = NVGPU_CE_GPU_CTX_DELETED; ce_ctx->gpu_ctx_state = NVGPU_CE_GPU_CTX_DELETED;
mutex_lock(&ce_ctx->gpu_ctx_mutex); mutex_lock(&ce_ctx->gpu_ctx_mutex);
if (ce_ctx->cmd_buf_mem.cpu_va) {
gk20a_ce_free_command_buffer_stored_fence(ce_ctx); gk20a_ce_free_command_buffer_stored_fence(ce_ctx);
gk20a_gmmu_unmap_free(ce_ctx->vm, &ce_ctx->cmd_buf_mem); gk20a_gmmu_unmap_free(ce_ctx->vm, &ce_ctx->cmd_buf_mem);
}
/* free the channel */ /* free the channel */
if (ce_ctx->ch) if (ce_ctx->ch)
gk20a_channel_close(ce_ctx->ch); gk20a_channel_close(ce_ctx->ch);
/* housekeeping on app */ /* housekeeping on app */
list_del(&ce_ctx->list); if (list->prev && list->next)
list_del(list);
mutex_unlock(&ce_ctx->gpu_ctx_mutex); mutex_unlock(&ce_ctx->gpu_ctx_mutex);
mutex_destroy(&ce_ctx->gpu_ctx_mutex); mutex_destroy(&ce_ctx->gpu_ctx_mutex);