On Tue, Nov 10, 2020 at 01:41:12PM -0800, Jianxin Xiong wrote:
> +struct ib_umem *ib_umem_dmabuf_get(struct ib_device *device,
> + unsigned long offset, size_t size,
> + int fd, int access,
> + const struct dma_buf_attach_ops *ops)
> +{
> + struct dma_buf *dmabuf;
> + struct ib_umem_dmabuf *umem_dmabuf;
> + struct ib_umem *umem;
> + unsigned long end;
> + long ret;
> +
> + if (check_add_overflow(offset, (unsigned long)size, &end))
> + return ERR_PTR(-EINVAL);
> +
> + if (unlikely(PAGE_ALIGN(end) < PAGE_SIZE))
> + return ERR_PTR(-EINVAL);
This is weird, what does it do?
> +
> + if (unlikely(!ops || !ops->move_notify))
> + return ERR_PTR(-EINVAL);
> +
> + umem_dmabuf = kzalloc(sizeof(*umem_dmabuf), GFP_KERNEL);
> + if (!umem_dmabuf)
> + return ERR_PTR(-ENOMEM);
> +
> + umem = &umem_dmabuf->umem;
> + umem->ibdev = device;
> + umem->length = size;
> + umem->address = offset;
> + umem->writable = ib_access_writable(access);
> + umem->is_dmabuf = 1;
> +
> + if (unlikely(!ib_umem_num_pages(umem))) {
> + ret = -EINVAL;
> + goto out_free_umem;
> + }
> +
> + dmabuf = dma_buf_get(fd);
> + if (IS_ERR(dmabuf)) {
> + ret = PTR_ERR(dmabuf);
> + goto out_free_umem;
> + }
> +
> + if (dmabuf->size < offset + size) {
> + ret = -EINVAL;
> + goto out_release_dmabuf;
offset + size == end, already computed, in fact move this above the
kzalloc
Jason
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
