gpu: nvgpu: Remove IOCTL FREE_OBJ_CTX

We have never used the IOCTL FREE_OBJ_CTX. Using it leads to context
being only partially available, and can lead to use-after-free.

Bug 1834225

Change-Id: I9d2b632ab79760f8186d02e0f35861b3a6aae649
Signed-off-by: Terje Bergstrom <tbergstrom@nvidia.com>
Reviewed-on: http://git-master/r/1250004
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>

drivers/gpu/nvgpu/gk20a/channel_gk20a.c

@@ -3467,18 +3467,6 @@ long gk20a_channel_ioctl(struct file *filp,
 				(struct nvgpu_alloc_obj_ctx_args *)buf);
 		gk20a_idle(dev);
 		break;
-	case NVGPU_IOCTL_CHANNEL_FREE_OBJ_CTX:
-		err = gk20a_busy(dev);
-		if (err) {
-			dev_err(dev,
-				"%s: failed to host gk20a for ioctl cmd: 0x%x",
-				__func__, cmd);
-			break;
-		}
-		err = ch->g->ops.gr.free_obj_ctx(ch,
-				(struct nvgpu_free_obj_ctx_args *)buf);
-		gk20a_idle(dev);
-		break;
 	case NVGPU_IOCTL_CHANNEL_ALLOC_GPFIFO_EX:
 	{
 		struct nvgpu_alloc_gpfifo_ex_args *alloc_gpfifo_ex_args =

drivers/gpu/nvgpu/gk20a/channel_gk20a.h

@@ -155,7 +155,6 @@ struct channel_gk20a {
 	u64 userd_iova;
 	u64 userd_gpu_va;
 
-	s32 num_objects;
 	u32 obj_class;	/* we support only one obj per channel */
 
 	struct priv_cmd_queue priv_cmd_q;

drivers/gpu/nvgpu/gk20a/gk20a.h

@@ -196,8 +196,6 @@ struct gpu_ops {
 		void (*free_channel_ctx)(struct channel_gk20a *c);
 		int (*alloc_obj_ctx)(struct channel_gk20a  *c,
 				struct nvgpu_alloc_obj_ctx_args *args);
-		int (*free_obj_ctx)(struct channel_gk20a  *c,
-				struct nvgpu_free_obj_ctx_args *args);
 		int (*bind_ctxsw_zcull)(struct gk20a *g, struct gr_gk20a *gr,
 				struct channel_gk20a *c, u64 zcull_va,
 				u32 mode);

drivers/gpu/nvgpu/gk20a/gr_gk20a.c

@@ -2957,7 +2957,6 @@ void gk20a_free_channel_ctx(struct channel_gk20a *c)
 
 	memset(&c->ch_ctx, 0, sizeof(struct channel_ctx_gk20a));
 
-	c->num_objects = 0;
 	c->first_init = false;
 }
 
@@ -3169,8 +3168,6 @@ int gk20a_alloc_obj_ctx(struct channel_gk20a  *c,
 		c->first_init = true;
 	}
 
-	c->num_objects++;
-
 	gk20a_dbg_fn("done");
 	return 0;
 out:
@@ -3182,25 +3179,6 @@ out:
 	return err;
 }
 
-int gk20a_free_obj_ctx(struct channel_gk20a  *c,
-		       struct nvgpu_free_obj_ctx_args *args)
-{
-	gk20a_dbg_fn("");
-
-	if (c->num_objects == 0)
-		return 0;
-
-	c->num_objects--;
-
-	if (c->num_objects == 0) {
-		c->first_init = false;
-		gk20a_disable_channel(c);
-		gr_gk20a_free_channel_patch_ctx(c);
-	}
-
-	return 0;
-}
-
 int gk20a_comptag_allocator_init(struct gk20a_comptag_allocator *allocator,
 		unsigned long size)
 {
@@ -9082,7 +9060,6 @@ void gk20a_init_gr_ops(struct gpu_ops *gops)
 	gops->gr.get_gpc_tpc_mask = gr_gk20a_get_gpc_tpc_mask;
 	gops->gr.free_channel_ctx = gk20a_free_channel_ctx;
 	gops->gr.alloc_obj_ctx = gk20a_alloc_obj_ctx;
-	gops->gr.free_obj_ctx = gk20a_free_obj_ctx;
 	gops->gr.bind_ctxsw_zcull = gr_gk20a_bind_ctxsw_zcull;
 	gops->gr.get_zcull_info = gr_gk20a_get_zcull_info;
 	gops->gr.is_tpc_addr = gr_gk20a_is_tpc_addr;

drivers/gpu/nvgpu/gm20b/gr_gm20b.c

@@ -1534,7 +1534,6 @@ void gm20b_init_gr(struct gpu_ops *gops)
 	gops->gr.get_gpc_tpc_mask = gr_gm20b_get_gpc_tpc_mask;
 	gops->gr.free_channel_ctx = gk20a_free_channel_ctx;
 	gops->gr.alloc_obj_ctx = gk20a_alloc_obj_ctx;
-	gops->gr.free_obj_ctx = gk20a_free_obj_ctx;
 	gops->gr.bind_ctxsw_zcull = gr_gk20a_bind_ctxsw_zcull;
 	gops->gr.get_zcull_info = gr_gk20a_get_zcull_info;
 	gops->gr.is_tpc_addr = gr_gm20b_is_tpc_addr;

drivers/gpu/nvgpu/vgpu/gr_vgpu.c

@@ -421,7 +421,6 @@ static void vgpu_gr_free_channel_ctx(struct channel_gk20a *c)
 
 	memset(&c->ch_ctx, 0, sizeof(struct channel_ctx_gk20a));
 
-	c->num_objects = 0;
 	c->first_init = false;
 }
 
@@ -586,8 +585,6 @@ static int vgpu_gr_alloc_obj_ctx(struct channel_gk20a  *c,
 		c->first_init = true;
 	}
 
-	c->num_objects++;
-
 	gk20a_dbg_fn("done");
 	return 0;
 out:
@@ -599,24 +596,6 @@ out:
 	return err;
 }
 
-static int vgpu_gr_free_obj_ctx(struct channel_gk20a  *c,
-				struct nvgpu_free_obj_ctx_args *args)
-{
-	gk20a_dbg_fn("");
-
-	if (c->num_objects == 0)
-		return 0;
-
-	c->num_objects--;
-
-	if (c->num_objects == 0) {
-		c->first_init = false;
-		gk20a_disable_channel(c);
-	}
-
-	return 0;
-}
-
 static int vgpu_gr_init_gr_config(struct gk20a *g, struct gr_gk20a *gr)
 {
 	struct vgpu_priv_data *priv = vgpu_get_priv_data(g);
@@ -1073,7 +1052,6 @@ void vgpu_init_gr_ops(struct gpu_ops *gops)
 	gops->gr.detect_sm_arch = vgpu_gr_detect_sm_arch;
 	gops->gr.free_channel_ctx = vgpu_gr_free_channel_ctx;
 	gops->gr.alloc_obj_ctx = vgpu_gr_alloc_obj_ctx;
-	gops->gr.free_obj_ctx = vgpu_gr_free_obj_ctx;
 	gops->gr.alloc_gr_ctx = vgpu_gr_alloc_gr_ctx;
 	gops->gr.free_gr_ctx = vgpu_gr_free_gr_ctx;
 	gops->gr.bind_ctxsw_zcull = vgpu_gr_bind_ctxsw_zcull;

include/uapi/linux/nvgpu.h

@@ -973,10 +973,6 @@ struct nvgpu_alloc_obj_ctx_args {
 	__u64 obj_id;    /* output, used to free later       */
 };
 
-struct nvgpu_free_obj_ctx_args {
-	__u64 obj_id; /* obj ctx to free */
-};
-
 struct nvgpu_alloc_gpfifo_args {
 	__u32 num_entries;
 #define NVGPU_ALLOC_GPFIFO_FLAGS_VPR_ENABLED	(1 << 0) /* set owner channel of this gpfifo as a vpr channel */
@@ -1216,8 +1212,6 @@ struct nvgpu_preemption_mode_args {
 	_IOWR(NVGPU_IOCTL_MAGIC, 107, struct nvgpu_submit_gpfifo_args)
 #define NVGPU_IOCTL_CHANNEL_ALLOC_OBJ_CTX	\
 	_IOWR(NVGPU_IOCTL_MAGIC, 108, struct nvgpu_alloc_obj_ctx_args)
-#define NVGPU_IOCTL_CHANNEL_FREE_OBJ_CTX	\
-	_IOR(NVGPU_IOCTL_MAGIC,  109, struct nvgpu_free_obj_ctx_args)
 #define NVGPU_IOCTL_CHANNEL_ZCULL_BIND		\
 	_IOWR(NVGPU_IOCTL_MAGIC, 110, struct nvgpu_zcull_bind_args)
 #define NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER  \