gpu: nvgpu: Submit coverity fixes

Clear ioctl buffer and fix double free, and error case memory leak.

Bug 200059216

Change-Id: I21cc2b0f6a7e8fca09f72caf4c54d570b13f400b
Signed-off-by: Terje Bergstrom <tbergstrom@nvidia.com>
Reviewed-on: http://git-master/r/655347

diff --git a/drivers/gpu/nvgpu/gk20a/as_gk20a.c b/drivers/gpu/nvgpu/gk20a/as_gk20a.c
index 34423d211248e875f0ea24bff79c37f070bc418b..cd5cdd48819dd7247ca5d6cf85875190c5f9041f 100644 (file)
--- a/drivers/gpu/nvgpu/gk20a/as_gk20a.c
+++ b/drivers/gpu/nvgpu/gk20a/as_gk20a.c
@@ -265,6 +265,7 @@ long gk20a_as_dev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 
        BUG_ON(_IOC_SIZE(cmd) > NVGPU_AS_IOCTL_MAX_ARG_SIZE);
 
+       memset(buf, 0, sizeof(buf));
        if (_IOC_DIR(cmd) & _IOC_WRITE) {
                if (copy_from_user(buf, (void __user *)arg, _IOC_SIZE(cmd)))
                        return -EFAULT;

diff --git a/drivers/gpu/nvgpu/gk20a/ctrl_gk20a.c b/drivers/gpu/nvgpu/gk20a/ctrl_gk20a.c
index 34351f932c0043417673b2365d87ea0b04e0e418..4e85abc82a88b4cc3e74b478eb297ac3aa701b4c 100644 (file)
--- a/drivers/gpu/nvgpu/gk20a/ctrl_gk20a.c
+++ b/drivers/gpu/nvgpu/gk20a/ctrl_gk20a.c
@@ -268,6 +268,7 @@ long gk20a_ctrl_dev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg
 
        BUG_ON(_IOC_SIZE(cmd) > NVGPU_GPU_IOCTL_MAX_ARG_SIZE);
 
+       memset(buf, 0, sizeof(buf));
        if (_IOC_DIR(cmd) & _IOC_WRITE) {
                if (copy_from_user(buf, (void __user *)arg, _IOC_SIZE(cmd)))
                        return -EFAULT;

diff --git a/drivers/gpu/nvgpu/gk20a/dbg_gpu_gk20a.c b/drivers/gpu/nvgpu/gk20a/dbg_gpu_gk20a.c
index 72998280e8ac8e9d7a1479d759129e5f1068bbb4..35a43130cfdd5d0384896bcf8d6b7554c4b59c82 100644 (file)
--- a/drivers/gpu/nvgpu/gk20a/dbg_gpu_gk20a.c
+++ b/drivers/gpu/nvgpu/gk20a/dbg_gpu_gk20a.c
@@ -388,6 +388,7 @@ long gk20a_dbg_gpu_dev_ioctl(struct file *filp, unsigned int cmd,
 
        BUG_ON(_IOC_SIZE(cmd) > NVGPU_DBG_GPU_IOCTL_MAX_ARG_SIZE);
 
+       memset(buf, 0, sizeof(buf));
        if (_IOC_DIR(cmd) & _IOC_WRITE) {
                if (copy_from_user(buf, (void __user *)arg, _IOC_SIZE(cmd)))
                        return -EFAULT;

diff --git a/drivers/gpu/nvgpu/gk20a/tsg_gk20a.c b/drivers/gpu/nvgpu/gk20a/tsg_gk20a.c
index 3342e3b9e9f51f90b487ac60f34b4fe60b85469f..37a326d243116a058ca37c5a7e02097fa047ddf1 100644 (file)
--- a/drivers/gpu/nvgpu/gk20a/tsg_gk20a.c
+++ b/drivers/gpu/nvgpu/gk20a/tsg_gk20a.c
@@ -234,6 +234,7 @@ long gk20a_tsg_dev_ioctl(struct file *filp, unsigned int cmd,
 
        BUG_ON(_IOC_SIZE(cmd) > NVGPU_TSG_IOCTL_MAX_ARG_SIZE);
 
+       memset(buf, 0, sizeof(buf));
        if (_IOC_DIR(cmd) & _IOC_WRITE) {
                if (copy_from_user(buf, (void __user *)arg, _IOC_SIZE(cmd)))
                        return -EFAULT;

diff --git a/drivers/gpu/nvgpu/gm20b/acr_gm20b.c b/drivers/gpu/nvgpu/gm20b/acr_gm20b.c
index 7c6b734b3f1a6e9b9bc280d74c870e6fd73de60e..2fb3bf9d40771d94e707634002e6c5d933966410 100644 (file)
--- a/drivers/gpu/nvgpu/gm20b/acr_gm20b.c
+++ b/drivers/gpu/nvgpu/gm20b/acr_gm20b.c
@@ -163,7 +163,6 @@ int fecs_ucode_details(struct gk20a *g, struct flcn_ucode_img *p_img)
 
        p_img->desc = kzalloc(sizeof(struct pmu_ucode_desc), GFP_KERNEL);
        if (p_img->desc == NULL) {
-               kfree(lsf_desc);
                err = -ENOMEM;
                goto free_lsf_desc;
        }

diff --git a/drivers/gpu/nvgpu/vgpu/gr_vgpu.c b/drivers/gpu/nvgpu/vgpu/gr_vgpu.c
index 46b48b33eb7f8f846f1b44417322ac10b3266d4d..b1a8027e28295253ea234edfdc4994b0c2a0bd57 100644 (file)
--- a/drivers/gpu/nvgpu/vgpu/gr_vgpu.c
+++ b/drivers/gpu/nvgpu/vgpu/gr_vgpu.c
@@ -273,6 +273,7 @@ static int vgpu_gr_alloc_channel_gr_ctx(struct gk20a *g,
        err = vgpu_comm_sendrecv(&msg, sizeof(msg), sizeof(msg));
 
        if (err || msg.ret) {
+               kfree(gr_ctx);
                gk20a_vm_free_va(ch_vm, gr_ctx->gpu_va, gr_ctx->size, 0);
                err = -ENOMEM;
        } else