Revert "gpu: pvr: Harden MMU code's use-after-free checks."

Not needed anymore, was just to get a prebuild that QA could use.


This reverts commit d00c00ef81aba03db7d7ebcdbc0ca7c11de5d2ec

1 files changed, 9 insertions, 31 deletions

diff --git a/drivers/gpu/pvr/sgx/mmu.c b/drivers/gpu/pvr/sgx/mmu.c
index 825ed84..c069bd8 100644
--- a/drivers/gpu/pvr/sgx/mmu.c
+++ b/drivers/gpu/pvr/sgx/mmu.c
@@ -43,9 +43,6 @@ extern IMG_UINT32 ui32BridgeLockPID;
 
 #define UINT32_MAX_VALUE	0xFFFFFFFFUL
 
-#define PT_INFO_LIST_SIGNATURE 0xDEADBE01
-#define MMU_CONTEXT_SIGNATURE  0xDEADBE02
-
 #define SGX_MAX_PD_ENTRIES	(1<<(SGX_FEATURE_ADDRESS_SPACE_SIZE - SGX_MMU_PT_SHIFT - SGX_MMU_PAGE_SHIFT))
 
 #if defined(FIX_HW_BRN_31620)
@@ -82,21 +79,17 @@ extern IMG_UINT32 ui32BridgeLockPID;
 
 typedef struct _MMU_PT_INFO_
 {
-	IMG_UINT32 ui32Signature1;
-
+	
 	IMG_VOID *hPTPageOSMemHandle;
 	IMG_CPU_VIRTADDR PTPageCpuVAddr;
 	
 	
 	IMG_UINT32 ui32ValidPTECount;
-
-	IMG_UINT32 ui32Signature2;
 } MMU_PT_INFO;
 
 struct _MMU_CONTEXT_
 {
-	IMG_UINT32 ui32Signature1;
-
+	
 	PVRSRV_DEVICE_NODE *psDeviceNode;
 
 	
@@ -123,8 +116,6 @@ struct _MMU_CONTEXT_
 	MMU_PT_INFO *apsPTInfoListSave[SGX_MAX_PD_ENTRIES];
 #endif
 	struct _MMU_CONTEXT_ *psNext;
-
-	IMG_UINT32 ui32Signature2;
 };
 
 struct _MMU_HEAP_
@@ -757,20 +748,12 @@ _DeferredFreePageTable (MMU_HEAP *pMMUHeap, IMG_UINT32 ui32PTIndex, IMG_BOOL bOS
 	ppsPTInfoList = &pMMUHeap->psMMUContext->apsPTInfoList[ui32PDIndex];
 
 	{
-		PVR_ASSERT(pMMUHeap->psMMUContext->ui32Signature1 == MMU_CONTEXT_SIGNATURE);
-		PVR_ASSERT(pMMUHeap->psMMUContext->ui32Signature2 == MMU_CONTEXT_SIGNATURE);
-
-		if(ppsPTInfoList[ui32PTIndex])
+		if(ppsPTInfoList[ui32PTIndex] && ppsPTInfoList[ui32PTIndex]->ui32ValidPTECount > 0)
 		{
-			if(ppsPTInfoList[ui32PTIndex]->ui32ValidPTECount > 0)
-			{
-				DumpPT(ppsPTInfoList[ui32PTIndex]);
-			}
-
-			PVR_ASSERT(ppsPTInfoList[ui32PTIndex]->ui32Signature1 == PT_INFO_LIST_SIGNATURE);
-			PVR_ASSERT(ppsPTInfoList[ui32PTIndex]->ui32Signature2 == PT_INFO_LIST_SIGNATURE);
-			PVR_ASSERT(ppsPTInfoList[ui32PTIndex]->ui32ValidPTECount == 0);
+			DumpPT(ppsPTInfoList[ui32PTIndex]);
 		}
+		
+		PVR_ASSERT(ppsPTInfoList[ui32PTIndex] == IMG_NULL || ppsPTInfoList[ui32PTIndex]->ui32ValidPTECount == 0);
 	}
 
 #if defined(PDUMP)
@@ -905,8 +888,7 @@ _DeferredFreePageTable (MMU_HEAP *pMMUHeap, IMG_UINT32 ui32PTIndex, IMG_BOOL bOS
 
 		if(bOSFreePT)
 		{
-			ppsPTInfoList[ui32PTIndex]->ui32Signature1 = 0;
-			ppsPTInfoList[ui32PTIndex]->ui32Signature2 = 0;
+			
 			OSFreeMem(PVRSRV_OS_PAGEABLE_HEAP,
 						sizeof(MMU_PT_INFO),
 						ppsPTInfoList[ui32PTIndex],
@@ -1136,8 +1118,6 @@ _DeferredAllocPagetables(MMU_HEAP *pMMUHeap, IMG_DEV_VIRTADDR DevVAddr, IMG_UINT
 				return IMG_FALSE;
 			}
 			OSMemSet (ppsPTInfoList[i], 0, sizeof(MMU_PT_INFO));
-			ppsPTInfoList[i]->ui32Signature1 = PT_INFO_LIST_SIGNATURE;
-			ppsPTInfoList[i]->ui32Signature2 = PT_INFO_LIST_SIGNATURE;
 #if defined(FIX_HW_BRN_31620)
 			}
 #endif
@@ -1435,8 +1415,7 @@ MMU_Initialise (PVRSRV_DEVICE_NODE *psDeviceNode, MMU_CONTEXT **ppsMMUContext, I
 		return PVRSRV_ERROR_OUT_OF_MEMORY;
 	}
 	OSMemSet (psMMUContext, 0, sizeof(MMU_CONTEXT));
-	psMMUContext->ui32Signature1 = MMU_CONTEXT_SIGNATURE;
-	psMMUContext->ui32Signature2 = MMU_CONTEXT_SIGNATURE;
+
 	
 	psDevInfo = (PVRSRV_SGXDEV_INFO*)psDeviceNode->pvDevice;
 	psMMUContext->psDevInfo = psDevInfo;
@@ -2222,8 +2201,7 @@ MMU_Finalise (MMU_CONTEXT *psMMUContext)
 		ppsMMUContext = &((*ppsMMUContext)->psNext);
 	}
 
-	psMMUContext->ui32Signature1 = 0;
-	psMMUContext->ui32Signature2 = 0;
+	
 	OSFreeMem(PVRSRV_OS_PAGEABLE_HEAP, sizeof(MMU_CONTEXT), psMMUContext, IMG_NULL);
 	
 }