gpu: nvgpu: Add ref counting to channels
Alex Waterman [Thu, 13 Oct 2016 17:03:59 +0000 (10:03 -0700)]
Make sure that the VM owned by a channel lives for at least
as long as that channel does. If the channel's VM is cleaned
up before the channel then use-after-free bugs can occur.

It seems like the gk20a_vm_get() was simply missing from the
bind channel. This patch adds it. The corresponding
gk20a_vm_put() happens during channel close.

Bug: 31680980
NvBug 1825464

Change-Id: If745ad4c1454386ddad9a83ff22ccd9ba2a72168
Signed-off-by: Alex Waterman <alexw@nvidia.com>
Reviewed-on: http://git-master/r/1265358
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Vinayak Pane <vpane@nvidia.com>

drivers/gpu/nvgpu/gk20a/mm_gk20a.c

index e0347ae..9c61570 100644 (file)
@@ -3134,6 +3134,7 @@ int gk20a_vm_bind_channel(struct gk20a_as_share *as_share,
 
        gk20a_dbg_fn("");
 
+       gk20a_vm_get(vm);
        ch->vm = vm;
        err = channel_gk20a_commit_va(ch);
        if (err)