udmabuf: improve udmabuf_create error handling

Reported-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/20180911134216.9760-9-kraxel@redhat.com
This commit is contained in:
Gerd Hoffmann 2018-09-11 15:42:11 +02:00
parent dc4716d751
commit 0d17455ca8

View File

@ -126,7 +126,7 @@ static long udmabuf_create(const struct udmabuf_create_list *head,
struct file *memfd = NULL;
struct udmabuf *ubuf;
struct dma_buf *buf;
pgoff_t pgoff, pgcnt, pgidx, pgbuf, pglimit;
pgoff_t pgoff, pgcnt, pgidx, pgbuf = 0, pglimit;
struct page *page;
int seals, ret = -EINVAL;
u32 i, flags;
@ -138,32 +138,32 @@ static long udmabuf_create(const struct udmabuf_create_list *head,
pglimit = (size_limit_mb * 1024 * 1024) >> PAGE_SHIFT;
for (i = 0; i < head->count; i++) {
if (!IS_ALIGNED(list[i].offset, PAGE_SIZE))
goto err_free_ubuf;
goto err;
if (!IS_ALIGNED(list[i].size, PAGE_SIZE))
goto err_free_ubuf;
goto err;
ubuf->pagecount += list[i].size >> PAGE_SHIFT;
if (ubuf->pagecount > pglimit)
goto err_free_ubuf;
goto err;
}
ubuf->pages = kmalloc_array(ubuf->pagecount, sizeof(struct page *),
GFP_KERNEL);
if (!ubuf->pages) {
ret = -ENOMEM;
goto err_free_ubuf;
goto err;
}
pgbuf = 0;
for (i = 0; i < head->count; i++) {
memfd = fget(list[i].memfd);
if (!memfd)
goto err_put_pages;
goto err;
if (!shmem_mapping(file_inode(memfd)->i_mapping))
goto err_put_pages;
goto err;
seals = memfd_fcntl(memfd, F_GET_SEALS, 0);
if (seals == -EINVAL ||
(seals & SEALS_WANTED) != SEALS_WANTED ||
(seals & SEALS_DENIED) != 0)
goto err_put_pages;
goto err;
pgoff = list[i].offset >> PAGE_SHIFT;
pgcnt = list[i].size >> PAGE_SHIFT;
for (pgidx = 0; pgidx < pgcnt; pgidx++) {
@ -171,13 +171,13 @@ static long udmabuf_create(const struct udmabuf_create_list *head,
file_inode(memfd)->i_mapping, pgoff + pgidx);
if (IS_ERR(page)) {
ret = PTR_ERR(page);
goto err_put_pages;
goto err;
}
ubuf->pages[pgbuf++] = page;
}
fput(memfd);
memfd = NULL;
}
memfd = NULL;
exp_info.ops = &udmabuf_ops;
exp_info.size = ubuf->pagecount << PAGE_SHIFT;
@ -186,7 +186,7 @@ static long udmabuf_create(const struct udmabuf_create_list *head,
buf = dma_buf_export(&exp_info);
if (IS_ERR(buf)) {
ret = PTR_ERR(buf);
goto err_put_pages;
goto err;
}
flags = 0;
@ -194,10 +194,9 @@ static long udmabuf_create(const struct udmabuf_create_list *head,
flags |= O_CLOEXEC;
return dma_buf_fd(buf, flags);
err_put_pages:
err:
while (pgbuf > 0)
put_page(ubuf->pages[--pgbuf]);
err_free_ubuf:
if (memfd)
fput(memfd);
kfree(ubuf->pages);