[PATCHv2] accel/qaic: kcalloc + kzalloc to kzalloc

[PATCHv2] accel/qaic: kcalloc + kzalloc to kzalloc

[Rosen Penev]

Consolidate the two-element allocation into a single allocation using a
flexible array member. This reduces memory fragmentation and simplifies
the error path by eliminating the need to check for allocation failure
between the two allocations.

Add __counted_by for runtime bounds checking.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
 v2: use macro for number of elements. reword commit message.
 drivers/accel/qaic/qaic.h     | 4 ++--
 drivers/accel/qaic/qaic_drv.c | 8 +++-----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/drivers/accel/qaic/qaic.h b/drivers/accel/qaic/qaic.h
index fa7a8155658c..e237020f6aa9 100644
--- a/drivers/accel/qaic/qaic.h
+++ b/drivers/accel/qaic/qaic.h
@@ -152,8 +152,6 @@ struct qaic_device {
 	struct list_head	cntl_xfer_list;
 	/* Synchronizes MHI control device transactions and its xfer list */
 	struct mutex		cntl_mutex;
-	/* Array of DBC struct of this device */
-	struct dma_bridge_chan	*dbc;
 	/* Work queue for tasks related to MHI control device */
 	struct workqueue_struct	*cntl_wq;
 	/* Synchronizes all the users of device during cleanup */
@@ -206,6 +204,8 @@ struct qaic_device {
 	void			*ssr_mhi_buf;
 	/* DBC which is under SSR. Sentinel U32_MAX would mean that no SSR in progress */
 	u32			ssr_dbc;
+	/* Array of DBC struct of this device */
+	struct dma_bridge_chan	dbc[] __counted_by(num_dbc);
 };

 struct qaic_drm_device {
diff --git a/drivers/accel/qaic/qaic_drv.c b/drivers/accel/qaic/qaic_drv.c
index 63fb8c7b4abc..1dda8dfea5a4 100644
--- a/drivers/accel/qaic/qaic_drv.c
+++ b/drivers/accel/qaic/qaic_drv.c
@@ -43,6 +43,7 @@ MODULE_IMPORT_NS("DMA_BUF");
 #define QAIC_DESC			"Qualcomm Cloud AI Accelerators"
 #define CNTL_MAJOR			5
 #define CNTL_MINOR			0
+#define DBC_NUM				16

 struct qaic_device_config {
 	/* Indicates the AIC family the device belongs to */
@@ -405,15 +406,12 @@ static struct qaic_device *create_qdev(struct pci_dev *pdev,
 	struct drm_device *drm;
 	int i, ret;

-	qdev = devm_kzalloc(dev, sizeof(*qdev), GFP_KERNEL);
+	qdev = devm_kzalloc(dev, struct_size(qdev, dbc, DBC_NUM), GFP_KERNEL);
 	if (!qdev)
 		return NULL;

+	qdev->num_dbc = DBC_NUM;
 	qdev->dev_state = QAIC_OFFLINE;
-	qdev->num_dbc = 16;
-	qdev->dbc = devm_kcalloc(dev, qdev->num_dbc, sizeof(*qdev->dbc), GFP_KERNEL);
-	if (!qdev->dbc)
-		return NULL;

 	qddev = devm_drm_dev_alloc(&pdev->dev, &qaic_accel_driver, struct qaic_drm_device, drm);
 	if (IS_ERR(qddev))
--
2.53.0

Re: [PATCHv2] accel/qaic: kcalloc + kzalloc to kzalloc

[Jeff Hugo]

For future reference, $SUBJECT should have a space between "PATCH" and 
the version. git format-patch will do it correctly for you if you use 
the -v option.

On 4/1/2026 4:06 PM, Rosen Penev wrote:
> Consolidate the two-element allocation into a single allocation using a
> flexible array member. This reduces memory fragmentation and simplifies
> the error path by eliminating the need to check for allocation failure
> between the two allocations.
> 
> Add __counted_by for runtime bounds checking.

This reword addresses my "why" comment on v1.  However I don't see that 
you responded to my question about how this was validated. I don't 
require a v3 of this patch, nor do I really want one. I want you to 
reply to this message and detail what validation you performed on this 
patch.

> Signed-off-by: Rosen Penev <rosenp@gmail.com>
> ---
>   v2: use macro for number of elements. reword commit message.

Also for future reference, a blank line to separate the change log from 
the patch diff here makes the change log easier to find and read.

>   drivers/accel/qaic/qaic.h     | 4 ++--
>   drivers/accel/qaic/qaic_drv.c | 8 +++-----
>   2 files changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/accel/qaic/qaic.h b/drivers/accel/qaic/qaic.h
> index fa7a8155658c..e237020f6aa9 100644
> --- a/drivers/accel/qaic/qaic.h
> +++ b/drivers/accel/qaic/qaic.h
> @@ -152,8 +152,6 @@ struct qaic_device {
>   	struct list_head	cntl_xfer_list;
>   	/* Synchronizes MHI control device transactions and its xfer list */
>   	struct mutex		cntl_mutex;
> -	/* Array of DBC struct of this device */
> -	struct dma_bridge_chan	*dbc;
>   	/* Work queue for tasks related to MHI control device */
>   	struct workqueue_struct	*cntl_wq;
>   	/* Synchronizes all the users of device during cleanup */
> @@ -206,6 +204,8 @@ struct qaic_device {
>   	void			*ssr_mhi_buf;
>   	/* DBC which is under SSR. Sentinel U32_MAX would mean that no SSR in progress */
>   	u32			ssr_dbc;
> +	/* Array of DBC struct of this device */
> +	struct dma_bridge_chan	dbc[] __counted_by(num_dbc);
>   };
> 
>   struct qaic_drm_device {
> diff --git a/drivers/accel/qaic/qaic_drv.c b/drivers/accel/qaic/qaic_drv.c
> index 63fb8c7b4abc..1dda8dfea5a4 100644
> --- a/drivers/accel/qaic/qaic_drv.c
> +++ b/drivers/accel/qaic/qaic_drv.c
> @@ -43,6 +43,7 @@ MODULE_IMPORT_NS("DMA_BUF");
>   #define QAIC_DESC			"Qualcomm Cloud AI Accelerators"
>   #define CNTL_MAJOR			5
>   #define CNTL_MINOR			0
> +#define DBC_NUM				16
> 
>   struct qaic_device_config {
>   	/* Indicates the AIC family the device belongs to */
> @@ -405,15 +406,12 @@ static struct qaic_device *create_qdev(struct pci_dev *pdev,
>   	struct drm_device *drm;
>   	int i, ret;
> 
> -	qdev = devm_kzalloc(dev, sizeof(*qdev), GFP_KERNEL);
> +	qdev = devm_kzalloc(dev, struct_size(qdev, dbc, DBC_NUM), GFP_KERNEL);
>   	if (!qdev)
>   		return NULL;
> 
> +	qdev->num_dbc = DBC_NUM;
>   	qdev->dev_state = QAIC_OFFLINE;
> -	qdev->num_dbc = 16;
> -	qdev->dbc = devm_kcalloc(dev, qdev->num_dbc, sizeof(*qdev->dbc), GFP_KERNEL);
> -	if (!qdev->dbc)
> -		return NULL;
> 
>   	qddev = devm_drm_dev_alloc(&pdev->dev, &qaic_accel_driver, struct qaic_drm_device, drm);
>   	if (IS_ERR(qddev))
> --
> 2.53.0
> 

Re: [PATCHv2] accel/qaic: kcalloc + kzalloc to kzalloc

[Rosen Penev]

On Fri, Apr 10, 2026 at 10:01 AM Jeff Hugo <jeff.hugo@oss.qualcomm.com> wrote:
>
> For future reference, $SUBJECT should have a space between "PATCH" and
> the version. git format-patch will do it correctly for you if you use
> the -v option.
>
> On 4/1/2026 4:06 PM, Rosen Penev wrote:
> > Consolidate the two-element allocation into a single allocation using a
> > flexible array member. This reduces memory fragmentation and simplifies
> > the error path by eliminating the need to check for allocation failure
> > between the two allocations.
> >
> > Add __counted_by for runtime bounds checking.
>
> This reword addresses my "why" comment on v1.  However I don't see that
> you responded to my question about how this was validated. I don't
> require a v3 of this patch, nor do I really want one. I want you to
> reply to this message and detail what validation you performed on this
> patch.
None. This is a straightforward conversion to a flexible array member
(and future devm_kzalloc_flex).
>
> > Signed-off-by: Rosen Penev <rosenp@gmail.com>
> > ---
> >   v2: use macro for number of elements. reword commit message.
>
> Also for future reference, a blank line to separate the change log from
> the patch diff here makes the change log easier to find and read.
>
> >   drivers/accel/qaic/qaic.h     | 4 ++--
> >   drivers/accel/qaic/qaic_drv.c | 8 +++-----
> >   2 files changed, 5 insertions(+), 7 deletions(-)
> >
> > diff --git a/drivers/accel/qaic/qaic.h b/drivers/accel/qaic/qaic.h
> > index fa7a8155658c..e237020f6aa9 100644
> > --- a/drivers/accel/qaic/qaic.h
> > +++ b/drivers/accel/qaic/qaic.h
> > @@ -152,8 +152,6 @@ struct qaic_device {
> >       struct list_head        cntl_xfer_list;
> >       /* Synchronizes MHI control device transactions and its xfer list */
> >       struct mutex            cntl_mutex;
> > -     /* Array of DBC struct of this device */
> > -     struct dma_bridge_chan  *dbc;
> >       /* Work queue for tasks related to MHI control device */
> >       struct workqueue_struct *cntl_wq;
> >       /* Synchronizes all the users of device during cleanup */
> > @@ -206,6 +204,8 @@ struct qaic_device {
> >       void                    *ssr_mhi_buf;
> >       /* DBC which is under SSR. Sentinel U32_MAX would mean that no SSR in progress */
> >       u32                     ssr_dbc;
> > +     /* Array of DBC struct of this device */
> > +     struct dma_bridge_chan  dbc[] __counted_by(num_dbc);
> >   };
> >
> >   struct qaic_drm_device {
> > diff --git a/drivers/accel/qaic/qaic_drv.c b/drivers/accel/qaic/qaic_drv.c
> > index 63fb8c7b4abc..1dda8dfea5a4 100644
> > --- a/drivers/accel/qaic/qaic_drv.c
> > +++ b/drivers/accel/qaic/qaic_drv.c
> > @@ -43,6 +43,7 @@ MODULE_IMPORT_NS("DMA_BUF");
> >   #define QAIC_DESC                   "Qualcomm Cloud AI Accelerators"
> >   #define CNTL_MAJOR                  5
> >   #define CNTL_MINOR                  0
> > +#define DBC_NUM                              16
> >
> >   struct qaic_device_config {
> >       /* Indicates the AIC family the device belongs to */
> > @@ -405,15 +406,12 @@ static struct qaic_device *create_qdev(struct pci_dev *pdev,
> >       struct drm_device *drm;
> >       int i, ret;
> >
> > -     qdev = devm_kzalloc(dev, sizeof(*qdev), GFP_KERNEL);
> > +     qdev = devm_kzalloc(dev, struct_size(qdev, dbc, DBC_NUM), GFP_KERNEL);
> >       if (!qdev)
> >               return NULL;
> >
> > +     qdev->num_dbc = DBC_NUM;
> >       qdev->dev_state = QAIC_OFFLINE;
> > -     qdev->num_dbc = 16;
> > -     qdev->dbc = devm_kcalloc(dev, qdev->num_dbc, sizeof(*qdev->dbc), GFP_KERNEL);
> > -     if (!qdev->dbc)
> > -             return NULL;
> >
> >       qddev = devm_drm_dev_alloc(&pdev->dev, &qaic_accel_driver, struct qaic_drm_device, drm);
> >       if (IS_ERR(qddev))
> > --
> > 2.53.0
> >
>