nv-tegra-mirror/linux-nvgpu
1
0
Fork 0
mirror of git://nv-tegra.nvidia.com/linux-nvgpu.git synced 2025-12-24 10:34:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

gpu: nvgpu: fix race condition in pmu_rpc_handler

Browse Source 
There was a race condition between pmu_rpc_handler and
nvgpu_pmu_rpc_execute. The later could free the buffer before
pmu_rpc_handler could access related data.
Added explicit field in rpc_payload, so that nvgpu_pmu_rpc_execute
can wait until pmu_rpc_handler completes.

Bug 2331655

Change-Id: Ic2653524159eff10504b9c2625b5241610b5f5f0
Reviewed-on: https://git-master.nvidia.com/r/1811299
Signed-off-by: Vaikundanathan S <vaikuns@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1817582
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
This commit is contained in:
Thomas Fleury
2018-09-01 14:05:36 -07:00
committed by mobile promotions
parent eada4a3823
commit c28e73ee2f
2 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
drivers/gpu/nvgpu/common/pmu/pmu_ipc.c
View File

@@ -740,7 +740,9 @@ int pmu_wait_message_cond(struct nvgpu_pmu *pmu, u32 timeout_ms,
nvgpu_timeout_init(g, &timeout, timeout_ms, NVGPU_TIMER_CPU_TIMER);
do {
if (*(u8 *)var == val) {
nvgpu_rmb();
if (*(volatile u8 *)var == val) {
return 0;
}
@@ -859,6 +861,8 @@ static void pmu_rpc_handler(struct gk20a *g, struct pmu_msg *msg,
}
exit:
rpc_payload->complete = true;
/* free allocated memory */
if (rpc_payload->is_mem_free_set) {
nvgpu_kfree(g, rpc_payload);
@@ -914,6 +918,7 @@ int nvgpu_pmu_rpc_execute(struct nvgpu_pmu *pmu, struct nv_pmu_rpc_header *rpc,
rpc_payload->rpc_buff = caller_cb_param;
rpc_payload->is_mem_free_set = true;
callback = caller_cb;
WARN_ON(is_copy_back);
}
rpc_buff = rpc_payload->rpc_buff;
@@ -945,12 +950,9 @@ int nvgpu_pmu_rpc_execute(struct nvgpu_pmu *pmu, struct nv_pmu_rpc_header *rpc,
* to read data back in nvgpu
*/
if (is_copy_back) {
/* clear buff */
memset(rpc_buff, 0xFF, size_rpc);
/* wait till RPC execute in PMU & ACK */
pmu_wait_message_cond(pmu, gk20a_get_gr_idle_timeout(g),
&((struct nv_pmu_rpc_header *)rpc_buff)->function,
rpc->function);
&rpc_payload->complete, true);
/* copy back data to caller */
memcpy(rpc, rpc_buff, size_rpc);
/* free allocated memory */

1
drivers/gpu/nvgpu/include/nvgpu/pmu.h
View File

@@ -192,6 +192,7 @@ typedef void (*pmu_callback)(struct gk20a *, struct pmu_msg *, void *, u32,
struct rpc_handler_payload {
void *rpc_buff;
bool is_mem_free_set;
bool complete;
};
struct pmu_rpc_desc {