From f46a3abfc63d8d29fae1fd984eb1456e6997a67a Mon Sep 17 00:00:00 2001 From: ht Date: Wed, 17 Aug 2022 10:22:46 +0000 Subject: [PATCH] gpu: nvgpu: Fix devg_nvgpu_igpu process crash. As part of the negative test case we replace the ACR binaries with corrupted one(by editing the binary in hex editor). The expectaion was the process should log the error and exit properly but instead the process crashed. We have found the root cause and it was because we were trying to flush a memory which was not allocated. To mitigate this issue we added a checking condition to check if the memory was allocated before flushing. Bug 3670576 Change-Id: I6b510388fb913695210c791e2253c7514bb7a0a9 Signed-off-by: ht Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2762276 Reviewed-by: svcacv Reviewed-by: Mahantesh Kumbar Reviewed-by: svc-mobile-coverity Reviewed-by: svc-mobile-cert Reviewed-by: Vaibhav Kachore GVS: Gerrit_Virtual_Submit --- .../common/pmu/super_surface/super_surface.c | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/nvgpu/common/pmu/super_surface/super_surface.c b/drivers/gpu/nvgpu/common/pmu/super_surface/super_surface.c index 2b802058b..734a6832d 100644 --- a/drivers/gpu/nvgpu/common/pmu/super_surface/super_surface.c +++ b/drivers/gpu/nvgpu/common/pmu/super_surface/super_surface.c @@ -216,15 +216,19 @@ u32 nvgpu_pmu_get_ss_msg_fbq_element_offset(struct gk20a *g, void nvgpu_pmu_ss_fbq_flush(struct gk20a *g, struct nvgpu_pmu *pmu) { - nvgpu_memset(g, nvgpu_pmu_super_surface_mem(g, - pmu, pmu->super_surface), - (u64)offsetof(struct super_surface, fbq.cmd_queues), - 0x00, sizeof(struct nv_pmu_fbq_cmd_queues)); + if (pmu->super_surface != NULL) { + if (nvgpu_mem_is_valid(nvgpu_pmu_super_surface_mem(g, pmu, pmu->super_surface))) { + nvgpu_memset(g, nvgpu_pmu_super_surface_mem(g, + pmu, pmu->super_surface), + (u64)offsetof(struct super_surface, fbq.cmd_queues), + 0x00, sizeof(struct nv_pmu_fbq_cmd_queues)); - nvgpu_memset(g, nvgpu_pmu_super_surface_mem(g, - pmu, pmu->super_surface), - (u64)offsetof(struct super_surface, fbq.msg_queue), - 0x00, sizeof(struct nv_pmu_fbq_msg_queue)); + nvgpu_memset(g, nvgpu_pmu_super_surface_mem(g, + pmu, pmu->super_surface), + (u64)offsetof(struct super_surface, fbq.msg_queue), + 0x00, sizeof(struct nv_pmu_fbq_msg_queue)); + } + } } void nvgpu_pmu_super_surface_deinit(struct gk20a *g, struct nvgpu_pmu *pmu,