mirror of
git://nv-tegra.nvidia.com/linux-nvgpu.git
synced 2025-12-22 17:36:20 +03:00
15739c52e9
g->fifo.runlists[] has size of g->fifo.max_runlists. During quiesce, U32_MAX bitmask is passed to g->ops.runlist.write_state() HAL to disable all the runlist. The Ga10b HAL implementation of g->ops.runlist.write_state() references into runlists[] structure for all the bits set in input runlist mask. For mask=U32_MAX, there is NULL pointer dereference when runlist_id exceeds g->fifo.max_runlists. Add runlist_id boundary check before dereferencing the runlists[] structure. Update Gk20a HAL too with similar guard to make sure incorrect mask doesn't get written to the register. JIRA NVGPU-8102 Change-Id: Ic613aa38361b8b23d953c76d6924aba6bf6d5ea9 Signed-off-by: Tejal Kudav <tkudav@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2680847 Reviewed-by: Konsta Holtta <kholtta@nvidia.com> Reviewed-by: svcacv <svcacv@nvidia.com> Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com> Reviewed-by: svc-mobile-misra <svc-mobile-misra@nvidia.com> Reviewed-by: Vaibhav Kachore <vkachore@nvidia.com> Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com> GVS: Gerrit_Virtual_Submit