gpu: nvgpu: fix use-after-free in case of error notifier
authorGagan Grover <ggrover@nvidia.com>
Wed, 12 Oct 2016 11:35:06 +0000 (16:35 +0530)
committerWinnie Hsu <whsu@nvidia.com>
Wed, 26 Oct 2016 22:39:18 +0000 (15:39 -0700)
commit1b1420c3fd59880e0a9220bae507b2191d73e2b0
tree3201da11e0aabc459f0a9c0e4cfb5305853b464a
parent563bca879a039771c666a03965e14d10989a5b07
gpu: nvgpu: fix use-after-free in case of error notifier

A use-after-free scenario is possible where one thread in
gk20a_free_error_notifiers() is trying to free the error
notifier and another thread in gk20a_set_error_notifier()
is still using the error notifier

Fix this by introducing mutex error_notifier_mutex for
error notifier accesses

Take mutex in gk20a_free_error_notifiers() and in
gk20a_set_error_notifier() before accessing notifier

In gk20a_init_error_notifier(), set the pointer
ch->error_notifier_ref inside the mutex and only
after notifier is completely initialized

Bug 1824788

Change-Id: I47e1ab57d54f391799f5a0999840b663fd34585f
Reviewed-on: http://git-master/r/1233988
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Signed-off-by: Gaurav Singh <gaursingh@nvidia.com>
Reviewed-on: http://git-master/r/1236695
GVS: Gerrit_Virtual_Submit
Reviewed-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
drivers/gpu/nvgpu/gk20a/channel_gk20a.c
drivers/gpu/nvgpu/gk20a/channel_gk20a.h