From 8a55a6066daee95dc735e8341773370e8bd56948 Mon Sep 17 00:00:00 2001
From: Nitin Kumbhar <nkumbhar@nvidia.com>
Date: Tue, 25 Dec 2018 16:13:23 +0530
Subject: [PATCH] gpu: nvgpu: check ce_app before deleting ce ctx

A null pointer is dereferenced while powering off dgpu. Check for
ce_app validity before accessing ce context.

[   84.379714] Unable to handle kernel NULL pointer dereference at
 virtual address 00000000
...
[   84.451065] Hardware name: e3550_t194a (DT)
[   84.454918] task: ffffffc7b209b600 task.stack: ffffffc7b2174000
[   84.460905] PC is at gk20a_ce_delete_context_priv+0x40/0x158 [nvgpu]
[   84.467181] LR is at gk20a_ce_delete_context_priv+0x40/0x158 [nvgpu]
...
[   84.572953] Call trace:
[   84.575627] [<ffffff80010aa098>] gk20a_ce_delete_context_priv+0x40/0x158 [nvgpu]
[   84.582600] [<ffffff800107f0a4>] nvgpu_remove_mm_ce_support+0x24/0x40 [nvgpu]
[   84.589318] [<ffffff800106a4ec>] gk20a_remove_support+0xa0/0x12c [nvgpu]
[   84.595629] [<ffffff8001086a04>] gk20a_free_cb+0x44/0x70 [nvgpu]
[   84.601227] [<ffffff8001087858>] gk20a_put+0x50/0x70 [nvgpu]
[   84.606567] [<ffffff800106de20>] nvgpu_pci_remove+0xc8/0x160 [nvgpu]
[   84.612430] [<ffffff800849ae54>] pci_device_remove+0x3c/0x104
[   84.617779] [<ffffff800869dbe4>] __device_release_driver+0x7c/0xfc
[   84.623634] [<ffffff800869dc88>] device_release_driver+0x24/0x38
[   84.629148] [<ffffff8008492f58>] pci_stop_bus_device+0x84/0xa4
[   84.635180] [<ffffff8008492f08>] pci_stop_bus_device+0x34/0xa4
[   84.641046] [<ffffff800849310c>] pci_stop_root_bus+0x48/0x70
[   84.646632] [<ffffff80084b0544>] dw_pcie_host_deinit+0x40/0x164
[   84.652516] [<ffffff8000c41aec>] tegra_pcie_attach_controller+0x1304/0x1c80 [pcie_tegra_dw]
[   84.660805] [<ffffff80086a6ce0>] pm_generic_runtime_suspend+0x28/0x48
[   84.667387] [<ffffff80086b2924>] genpd_runtime_suspend+0x90/0x218
[   84.673577] [<ffffff80086a8c44>] __rpm_callback+0x6c/0x94
[   84.678915] [<ffffff80086a8c90>] rpm_callback+0x24/0x78
[   84.684165] [<ffffff80086a9264>] rpm_suspend+0xf4/0x644
[   84.689329] [<ffffff80086a9a34>] rpm_idle+0x1b0/0x340
[   84.694581] [<ffffff80086a9c1c>] __pm_runtime_idle+0x58/0x90
[   84.700375] [<ffffff8000c3e19c>] tegra_pcie_detach_controller+0x30/0x267c [pcie_tegra_dw]
[   84.708669] [<ffffff800106f070>] nvgpu_pci_gpu_power_off+0x78/0x228 [nvgpu]
[   84.715671] [<ffffff800106f28c>] poweroff_store+0x6c/0xe0 [nvgpu]
[   84.721621] [<ffffff800869b020>] drv_attr_store+0x20/0x30
[   84.727153] [<ffffff800829ef74>] sysfs_kf_write+0x40/0x50
[   84.732656] [<ffffff800829e328>] kernfs_fop_write+0xb4/0x1d0
[   84.738334] [<ffffff80082162c4>] __vfs_write+0x40/0x140
[   84.743402] [<ffffff80082170b4>] vfs_write+0xa8/0x198
[   84.748581] [<ffffff800821852c>] SyS_write+0x5c/0xc4
[   84.753557] [<ffffff8008083480>] el0_svc_naked+0x34/0x38
...

JIRA NVGPU-1100
JIRA NVGPU-611

Change-Id: Ib539286668037f6e679c6c88e9afc40f53d9fe5b
Signed-off-by: Nitin Kumbhar <nkumbhar@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1980308
Reviewed-by: svc-misra-checker <svc-misra-checker@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svc-mobile-misra <svc-mobile-misra@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-by: Vijayakumar Subbu <vsubbu@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
---
 drivers/gpu/nvgpu/gk20a/ce2_gk20a.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c b/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c
index fdfbb7e87..e9547364d 100644
--- a/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c
+++ b/drivers/gpu/nvgpu/gk20a/ce2_gk20a.c
@@ -576,7 +576,8 @@ void gk20a_ce_delete_context_priv(struct gk20a *g,
 	struct gk20a_ce_app *ce_app = g->ce_app;
 	struct gk20a_gpu_ctx *ce_ctx, *ce_ctx_save;
 
-	if (!ce_app->initialised || ce_app->app_state != NVGPU_CE_ACTIVE) {
+	if (ce_app == NULL || !ce_app->initialised ||
+		ce_app->app_state != NVGPU_CE_ACTIVE) {
 		return;
 	}