mirror of
git://nv-tegra.nvidia.com/linux-nvgpu.git
synced 2025-12-22 17:36:20 +03:00
9f8d5acfbb
The return value in case of failure of dma_buf_attach and
dma_buf_map_attachment was ignored and NULL was returned.
This would lead to following null pointer access. Fix it.
[ 293.622880] Unable to handle kernel NULL pointer dereference
at virtual address 0000000000000000
...
[ 293.711860] Hardware name: quill (DT)
[ 293.720393] pc : nvgpu_linux_sgt_create+0x14/0xa8 [nvgpu]
[ 293.725871] lr : nvgpu_vm_map_linux+0x104/0x1c8 [nvgpu]
...
[ 293.813934] Call trace:
[ 293.816455] nvgpu_linux_sgt_create+0x14/0xa8 [nvgpu]
[ 293.821573] nvgpu_vm_map_linux+0x104/0x1c8 [nvgpu]
[ 293.826515] nvgpu_vm_map_buffer+0x120/0x290 [nvgpu]
[ 293.831542] gk20a_as_dev_ioctl+0x364/0xfb8 [nvgpu]
[ 293.836416] ksys_ioctl+0x17c/0xba8
[ 293.839899] __arm64_sys_ioctl+0x18/0x28
[ 293.843817] do_el0_svc+0xf8/0x1b8
[ 293.847214] el0_sync_handler+0x11c/0x28c
[ 293.851217] el0_sync+0x140/0x180
Bug 2834141
Change-Id: I0d9e863d0326946c8091bfb1b907b62b055f7272
Signed-off-by: Sagar Kamble <skamble@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2332204
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: automaticguardword <automaticguardword@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Konsta Holtta <kholtta@nvidia.com>
Reviewed-by: Debarshi Dutta <ddutta@nvidia.com>
Reviewed-by: Vijayakumar Subbu <vsubbu@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
GVS: Gerrit_Virtual_Submit
209 lines
4.9 KiB
C
209 lines
4.9 KiB
C
/*
|
|
* Copyright (c) 2017-2020, NVIDIA CORPORATION. All rights reserved.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms and conditions of the GNU General Public License,
|
|
* version 2, as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
* more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <linux/device.h>
|
|
#include <linux/dma-buf.h>
|
|
#include <linux/scatterlist.h>
|
|
|
|
#include <nvgpu/comptags.h>
|
|
#include <nvgpu/enabled.h>
|
|
#include <nvgpu/gk20a.h>
|
|
#include <nvgpu/linux/vm.h>
|
|
#include <nvgpu/bug.h>
|
|
#include <nvgpu/fence.h>
|
|
|
|
#include "platform_gk20a.h"
|
|
#include "dmabuf.h"
|
|
#include "dmabuf_priv.h"
|
|
#include "os_linux.h"
|
|
#include "dmabuf_vidmem.h"
|
|
|
|
struct sg_table *gk20a_mm_pin_has_drvdata(struct device *dev,
|
|
struct dma_buf *dmabuf,
|
|
struct dma_buf_attachment **attachment)
|
|
{
|
|
struct gk20a *g = get_gk20a(dev);
|
|
struct gk20a_dmabuf_priv *priv;
|
|
|
|
priv = dma_buf_get_drvdata(dmabuf, dev);
|
|
if (!priv) {
|
|
nvgpu_do_assert();
|
|
return ERR_PTR(-EINVAL);
|
|
}
|
|
|
|
nvgpu_mutex_acquire(&priv->lock);
|
|
|
|
if (priv->pin_count == 0) {
|
|
priv->attach = dma_buf_attach(dmabuf, dev);
|
|
if (IS_ERR(priv->attach)) {
|
|
nvgpu_mutex_release(&priv->lock);
|
|
nvgpu_err(g, "Failed to attach dma_buf (err = %ld)!",
|
|
PTR_ERR(priv->attach));
|
|
return ERR_CAST(priv->attach);
|
|
}
|
|
|
|
priv->sgt = dma_buf_map_attachment(priv->attach,
|
|
DMA_BIDIRECTIONAL);
|
|
if (IS_ERR(priv->sgt)) {
|
|
dma_buf_detach(dmabuf, priv->attach);
|
|
nvgpu_mutex_release(&priv->lock);
|
|
nvgpu_err(g, "Failed to map attachment (err = %ld)!",
|
|
PTR_ERR(priv->sgt));
|
|
return ERR_CAST(priv->sgt);
|
|
}
|
|
}
|
|
|
|
priv->pin_count++;
|
|
nvgpu_mutex_release(&priv->lock);
|
|
*attachment = priv->attach;
|
|
return priv->sgt;
|
|
}
|
|
|
|
void gk20a_mm_unpin_has_drvdata(struct device *dev,
|
|
struct dma_buf *dmabuf,
|
|
struct dma_buf_attachment *attachment,
|
|
struct sg_table *sgt)
|
|
{
|
|
struct gk20a_dmabuf_priv *priv = dma_buf_get_drvdata(dmabuf, dev);
|
|
dma_addr_t dma_addr;
|
|
|
|
if (IS_ERR(priv) || !priv)
|
|
return;
|
|
|
|
nvgpu_mutex_acquire(&priv->lock);
|
|
nvgpu_assert(priv->sgt == sgt);
|
|
nvgpu_assert(priv->attach == attachment);
|
|
priv->pin_count--;
|
|
nvgpu_assert(priv->pin_count >= 0);
|
|
dma_addr = sg_dma_address(priv->sgt->sgl);
|
|
if (priv->pin_count == 0) {
|
|
dma_buf_unmap_attachment(priv->attach, priv->sgt,
|
|
DMA_BIDIRECTIONAL);
|
|
dma_buf_detach(dmabuf, priv->attach);
|
|
}
|
|
nvgpu_mutex_release(&priv->lock);
|
|
}
|
|
|
|
static void gk20a_mm_delete_priv(void *_priv)
|
|
{
|
|
struct gk20a_buffer_state *s, *s_tmp;
|
|
struct gk20a_dmabuf_priv *priv = _priv;
|
|
struct gk20a *g;
|
|
|
|
if (!priv)
|
|
return;
|
|
|
|
g = priv->g;
|
|
|
|
if (priv->comptags.allocated && priv->comptags.lines) {
|
|
WARN_ON(!priv->comptag_allocator);
|
|
gk20a_comptaglines_free(priv->comptag_allocator,
|
|
priv->comptags.offset,
|
|
priv->comptags.lines);
|
|
}
|
|
|
|
/* Free buffer states */
|
|
nvgpu_list_for_each_entry_safe(s, s_tmp, &priv->states,
|
|
gk20a_buffer_state, list) {
|
|
nvgpu_fence_put(s->fence);
|
|
nvgpu_list_del(&s->list);
|
|
nvgpu_kfree(g, s);
|
|
}
|
|
|
|
nvgpu_kfree(g, priv);
|
|
}
|
|
|
|
int gk20a_dmabuf_alloc_drvdata(struct dma_buf *dmabuf, struct device *dev)
|
|
{
|
|
struct gk20a *g = gk20a_get_platform(dev)->g;
|
|
struct gk20a_dmabuf_priv *priv;
|
|
|
|
priv = dma_buf_get_drvdata(dmabuf, dev);
|
|
if (likely(priv))
|
|
return 0;
|
|
|
|
nvgpu_mutex_acquire(&g->mm.priv_lock);
|
|
priv = dma_buf_get_drvdata(dmabuf, dev);
|
|
if (priv)
|
|
goto priv_exist_or_err;
|
|
|
|
priv = nvgpu_kzalloc(g, sizeof(*priv));
|
|
if (!priv) {
|
|
priv = ERR_PTR(-ENOMEM);
|
|
goto priv_exist_or_err;
|
|
}
|
|
|
|
nvgpu_mutex_init(&priv->lock);
|
|
nvgpu_init_list_node(&priv->states);
|
|
priv->g = g;
|
|
dma_buf_set_drvdata(dmabuf, dev, priv, gk20a_mm_delete_priv);
|
|
|
|
priv_exist_or_err:
|
|
nvgpu_mutex_release(&g->mm.priv_lock);
|
|
if (IS_ERR(priv))
|
|
return -ENOMEM;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int gk20a_dmabuf_get_state(struct dma_buf *dmabuf, struct gk20a *g,
|
|
u64 offset, struct gk20a_buffer_state **state)
|
|
{
|
|
int err = 0;
|
|
struct gk20a_dmabuf_priv *priv;
|
|
struct gk20a_buffer_state *s;
|
|
struct device *dev = dev_from_gk20a(g);
|
|
|
|
if (offset >= (u64)dmabuf->size) {
|
|
nvgpu_do_assert();
|
|
return -EINVAL;
|
|
}
|
|
|
|
err = gk20a_dmabuf_alloc_drvdata(dmabuf, dev);
|
|
if (err)
|
|
return err;
|
|
|
|
priv = dma_buf_get_drvdata(dmabuf, dev);
|
|
if (!priv) {
|
|
nvgpu_do_assert();
|
|
return -ENOSYS;
|
|
}
|
|
|
|
nvgpu_mutex_acquire(&priv->lock);
|
|
|
|
nvgpu_list_for_each_entry(s, &priv->states, gk20a_buffer_state, list)
|
|
if (s->offset == offset)
|
|
goto out;
|
|
|
|
/* State not found, create state. */
|
|
s = nvgpu_kzalloc(g, sizeof(*s));
|
|
if (!s) {
|
|
err = -ENOMEM;
|
|
goto out;
|
|
}
|
|
|
|
s->offset = offset;
|
|
nvgpu_init_list_node(&s->list);
|
|
nvgpu_mutex_init(&s->lock);
|
|
nvgpu_list_add_tail(&s->list, &priv->states);
|
|
|
|
out:
|
|
nvgpu_mutex_release(&priv->lock);
|
|
if (!err)
|
|
*state = s;
|
|
return err;
|
|
}
|