From: John Stultz <john.stultz@linaro.org>
To: LKML <linux-kernel@vger.kernel.org>
Cc: Greg KH <gregkh@linuxfoundation.org>,
Android Kernel Team <kernel-team@android.com>,
Sumit Semwal <sumit.semwal@linaro.org>,
Jesse Barker <jesse.barker@arm.com>,
Colin Cross <ccross@android.com>,
KyongHo Cho <pullip.cho@samsung.com>,
John Stultz <john.stultz@linaro.org>
Subject: [PATCH 005/115] gpu: ion: several bugfixes and enhancements of ION
Date: Fri, 13 Dec 2013 14:23:39 -0800 [thread overview]
Message-ID: <1386973529-4884-6-git-send-email-john.stultz@linaro.org> (raw)
In-Reply-To: <1386973529-4884-1-git-send-email-john.stultz@linaro.org>
From: KyongHo Cho <pullip.cho@samsung.com>
1. Verifying if the size of memory allocation in ion_alloc() is aligned
by PAGE_SIZE at least. If it is not, this change makes the size to be
aligned by PAGE_SIZE.
2. Unmaps all mappings to the kernel and DMA address spaces when
destroying ion_buffer in ion_buffer_destroy(). This prevents leaks in
those virtual address spaces.
3. Makes the return value of ion_alloc() to be explicit Linux error code
when it fails to allocate a buffer.
4. Makes ion_alloc() implementation simpler. Removes 'goto' statement and
relavant call to ion_buffer_put().
5. Checks if the task is valid before calling put_task_struct() due
to failure on creating a ion client in ion_client_create().
6. Returns error when buffer allocation requested by userspace is failed.
Signed-off-by: KyongHo Cho <pullip.cho@samsung.com>
[jstultz: modified patch to apply to staging directory]
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
drivers/staging/android/ion/ion.c | 52 +++++++++++++++++++++++++++++----------
1 file changed, 39 insertions(+), 13 deletions(-)
diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c
index 004c0d4..3c9ca31 100644
--- a/drivers/staging/android/ion/ion.c
+++ b/drivers/staging/android/ion/ion.c
@@ -166,6 +166,12 @@ static void ion_buffer_destroy(struct kref *kref)
struct ion_buffer *buffer = container_of(kref, struct ion_buffer, ref);
struct ion_device *dev = buffer->dev;
+ if (WARN_ON(buffer->kmap_cnt > 0))
+ buffer->heap->ops->unmap_kernel(buffer->heap, buffer);
+
+ if (WARN_ON(buffer->dmap_cnt > 0))
+ buffer->heap->ops->unmap_dma(buffer->heap, buffer);
+
buffer->heap->ops->free(buffer);
mutex_lock(&dev->lock);
rb_erase(&buffer->node, &dev->buffers);
@@ -296,6 +302,11 @@ struct ion_handle *ion_alloc(struct ion_client *client, size_t len,
* request of the caller allocate from it. Repeat until allocate has
* succeeded or all heaps have been tried
*/
+ if (WARN_ON(!len))
+ return ERR_PTR(-EINVAL);
+
+ len = PAGE_ALIGN(len);
+
mutex_lock(&dev->lock);
for (n = rb_first(&dev->heaps); n != NULL; n = rb_next(n)) {
struct ion_heap *heap = rb_entry(n, struct ion_heap, node);
@@ -311,27 +322,26 @@ struct ion_handle *ion_alloc(struct ion_client *client, size_t len,
}
mutex_unlock(&dev->lock);
- if (IS_ERR_OR_NULL(buffer))
+ if (buffer == NULL)
+ return ERR_PTR(-ENODEV);
+
+ if (IS_ERR(buffer))
return ERR_PTR(PTR_ERR(buffer));
handle = ion_handle_create(client, buffer);
- if (IS_ERR_OR_NULL(handle))
- goto end;
-
/*
* ion_buffer_create will create a buffer with a ref_cnt of 1,
* and ion_handle_create will take a second reference, drop one here
*/
ion_buffer_put(buffer);
- mutex_lock(&client->lock);
- ion_handle_add(client, handle);
- mutex_unlock(&client->lock);
- return handle;
+ if (!IS_ERR(handle)) {
+ mutex_lock(&client->lock);
+ ion_handle_add(client, handle);
+ mutex_unlock(&client->lock);
+ }
-end:
- ion_buffer_put(buffer);
return handle;
}
@@ -680,7 +690,8 @@ struct ion_client *ion_client_create(struct ion_device *dev,
client = kzalloc(sizeof(struct ion_client), GFP_KERNEL);
if (!client) {
- put_task_struct(current->group_leader);
+ if (task)
+ put_task_struct(current->group_leader);
return ERR_PTR(-ENOMEM);
}
@@ -798,6 +809,15 @@ static void ion_vma_open(struct vm_area_struct *vma)
vma->vm_private_data = NULL;
return;
}
+
+ if (!ion_handle_validate(client, handle)) {
+ ion_client_put(client);
+ vma->vm_private_data = NULL;
+ return;
+ }
+
+ ion_handle_get(handle);
+
pr_debug("%s: %d client_cnt %d handle_cnt %d alloc_cnt %d\n",
__func__, __LINE__,
atomic_read(&client->ref.refcount),
@@ -919,7 +939,7 @@ static int ion_ioctl_share(struct file *parent, struct ion_client *client,
struct file *file;
if (fd < 0)
- return -ENFILE;
+ return fd;
file = anon_inode_getfile("ion_share_fd", &ion_share_fops,
handle->buffer, O_RDWR);
@@ -948,8 +968,14 @@ static long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
return -EFAULT;
data.handle = ion_alloc(client, data.len, data.align,
data.flags);
- if (copy_to_user((void __user *)arg, &data, sizeof(data)))
+
+ if (IS_ERR(data.handle))
+ return PTR_ERR(data.handle);
+
+ if (copy_to_user((void __user *)arg, &data, sizeof(data))) {
+ ion_free(client, data.handle);
return -EFAULT;
+ }
break;
}
case ION_IOC_FREE:
--
1.8.3.2
next prev parent reply other threads:[~2013-12-13 22:50 UTC|newest]
Thread overview: 134+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-13 22:23 [PATCH 000/115] Android ION for drivers/staging John Stultz
2013-12-13 22:23 ` [PATCH 001/115] gpu: ion: Add ION Memory Manager John Stultz
2013-12-13 23:50 ` Greg KH
2013-12-13 23:54 ` John Stultz
2013-12-14 0:53 ` John Stultz
2013-12-14 1:18 ` John Stultz
2013-12-14 17:06 ` Greg KH
2013-12-14 19:43 ` John Stultz
2013-12-14 19:53 ` John Stultz
2013-12-14 20:06 ` [PATCH 1/2] ion: Don't allow building ION as a module John Stultz
2013-12-14 20:06 ` [PATCH 2/2] ion: Reenable the build John Stultz
2013-12-14 21:48 ` [PATCH 1/2] ion: Don't allow building ION as a module Greg KH
2013-12-14 22:19 ` John Stultz
2013-12-14 23:15 ` Colin Cross
2013-12-14 16:52 ` [PATCH 001/115] gpu: ion: Add ION Memory Manager Greg KH
2013-12-14 21:10 ` Colin Cross
2013-12-14 21:44 ` Greg KH
2013-12-14 22:21 ` Colin Cross
2013-12-14 23:14 ` Greg KH
2013-12-13 22:23 ` [PATCH 002/115] gpu: ion: ion_carveout_heap: fix for 3.4 John Stultz
2013-12-13 22:23 ` [PATCH 003/115] ion: Switch map/unmap dma api to sg_tables John Stultz
2013-12-13 22:23 ` [PATCH 004/115] ion: Add reserve function to ion John Stultz
2013-12-13 22:23 ` John Stultz [this message]
2013-12-13 22:23 ` [PATCH 006/115] ion: Switch ion to use dma-buf John Stultz
2013-12-13 22:23 ` [PATCH 007/115] gpu: ion: Use alloc_pages instead of vmalloc from the system heap John Stultz
2013-12-13 22:23 ` [PATCH 008/115] gpu: ion: support begin/end and kmap/kunmap dma_buf ops John Stultz
2013-12-13 22:23 ` [PATCH 009/115] gpu: ion: Allocate the sg_table at creation time rather than dynamically John Stultz
2013-12-13 22:23 ` [PATCH 010/115] gpu: ion: Get an sg_table from an ion handle John Stultz
2013-12-13 22:23 ` [PATCH 011/115] gpu: ion: fill in buffer->{dev,size} before mapping new buffers John Stultz
2013-12-13 22:23 ` [PATCH 012/115] gpu: ion: Set the dma_address of the sg list at alloc time John Stultz
2013-12-13 22:23 ` [PATCH 013/115] gpu: ion: ion_system_heap: Change allocations to GFP_HIGHUSER John Stultz
2013-12-13 22:23 ` [PATCH 014/115] gpu: ion: Loop on the handle count when destroying John Stultz
2013-12-13 22:23 ` [PATCH 015/115] gpu: ion: Map only the vma size given John Stultz
2013-12-13 22:23 ` [PATCH 016/115] gpu: ion: Add cache maintenance to ion John Stultz
2013-12-13 22:23 ` [PATCH 017/115] gpu: ion: Modify the system heap to try to allocate large/huge pages John Stultz
2013-12-13 22:23 ` [PATCH 018/115] gpu: ion: Add explicit sync ioctl John Stultz
2013-12-13 22:23 ` [PATCH 019/115] gpu: ion: do not ask for compound pages in system heap John Stultz
2013-12-13 22:23 ` [PATCH 020/115] gpu: ion: Add missing argument to WARN call John Stultz
2013-12-13 22:23 ` [PATCH 021/115] gpu: ion: Add EXPORT_SYMBOL to functions John Stultz
2013-12-13 22:23 ` [PATCH 022/115] gpu: ion: IOCTL return success when error occurs John Stultz
2013-12-13 22:23 ` [PATCH 023/115] gpu: ion: Don't call ion_buffer_put on error path John Stultz
2013-12-13 22:23 ` [PATCH 024/115] gpu: ion: Only map as much of the vma as the user requested John Stultz
2013-12-13 22:23 ` [PATCH 025/115] gpu: ion: Switch to using kmalloc rather than kmap during allocation John Stultz
2013-12-13 22:24 ` [PATCH 026/115] gpu: ion: fix page offset in dma_buf_kmap() John Stultz
2013-12-13 22:24 ` [PATCH 027/115] gpu: ion: Fix race between ion_import and ion_free John Stultz
2013-12-13 22:24 ` [PATCH 028/115] gpu: ion: Fix bug in ion_free John Stultz
2013-12-13 22:24 ` [PATCH 029/115] gpu: ion: Add debug information for orphaned handles John Stultz
2013-12-13 22:24 ` [PATCH 030/115] gpu: ion: Fix memory leak of dirty bits John Stultz
2013-12-13 22:24 ` [PATCH 031/115] gpu: ion: Add support for cached mappings that don't fault John Stultz
2013-12-13 22:24 ` [PATCH 032/115] gpu: ion: optimize system heap for non fault buffers John Stultz
2013-12-13 22:24 ` [PATCH 033/115] gpu: ion: Stop trying to allocate from an order on first failure John Stultz
2013-12-13 22:24 ` [PATCH 034/115] gpu: ion: ion_system_heap: Fix bug preventing compilation John Stultz
2013-12-13 22:24 ` [PATCH 035/115] gpu: ion: use vmalloc to allocate page array to map kernel John Stultz
2013-12-13 22:24 ` [PATCH 036/115] gpu: ion: Add ion_page_pool John Stultz
2013-12-13 22:24 ` [PATCH 037/115] gpu: ion: Use the ion_page_pool from the system heap John Stultz
2013-12-13 22:24 ` [PATCH 038/115] gpu: ion: Modify gfp flags in ion_system_heap John Stultz
2013-12-13 22:24 ` [PATCH 039/115] gpu: ion: Fix several issues with page pool John Stultz
2013-12-13 22:24 ` [PATCH 040/115] gpu: ion: Fix lockdep issue in ion_page_pool John Stultz
2013-12-13 22:24 ` [PATCH 041/115] gpu: ion: Switch to using a single shrink function John Stultz
2013-12-13 22:24 ` [PATCH 042/115] gpu: ion: Refactor locking John Stultz
2013-12-13 22:24 ` [PATCH 043/115] gpu: ion: Clear GFP_WAIT flag on high order allocations John Stultz
2013-12-13 22:24 ` [PATCH 044/115] gpu: ion: Don't flush allocatoins that come from the page pools John Stultz
2013-12-13 22:24 ` [PATCH 045/115] gpu: ion: Fix bug in ion_system_heap map_user John Stultz
2013-12-13 22:24 ` [PATCH 046/115] gpu: ion: Fix bug in zeroing pages in system heap John Stultz
2013-12-13 22:24 ` [PATCH 047/115] gpu: ion: fix carveout ops John Stultz
2013-12-13 22:24 ` [PATCH 048/115] gpu: ion: fix compilation warning John Stultz
2013-12-13 22:24 ` [PATCH 049/115] gpu: ion: Modify reserve function for carveouts with no start address John Stultz
2013-12-13 22:24 ` [PATCH 050/115] gpu: ion: Fix bug where MAP ioctl was no longer supported John Stultz
2013-12-13 22:24 ` [PATCH 051/115] gpu: ion: Switch heap rbtree to a prio list John Stultz
2013-12-13 22:24 ` [PATCH 052/115] gpu: ion: Refactor common mapping functions out of system heap John Stultz
2013-12-13 22:24 ` [PATCH 053/115] gpu: ion: Add chunk heap John Stultz
2013-12-13 22:24 ` [PATCH 054/115] gpu: ion: Clarify variable names and comments around heap ids v types John Stultz
2013-12-13 22:24 ` [PATCH 055/115] gpu: ion: Export ion_client_create John Stultz
2013-12-13 22:24 ` [PATCH 056/115] gpu: ion: Remove heapmask from client John Stultz
2013-12-13 22:24 ` [PATCH 057/115] gpu: ion: Modify zeroing code so it only allocates address space once John Stultz
2013-12-13 22:24 ` [PATCH 058/115] gpu: ion: Refactor the code to zero buffers John Stultz
2013-12-13 22:24 ` [PATCH 059/115] gpu: ion: Only flush buffers in the chunk heap if they were used cached John Stultz
2013-12-13 22:24 ` [PATCH 060/115] gpu: ion: Add support for sharing buffers with dma buf kernel handles John Stultz
2013-12-13 22:24 ` [PATCH 061/115] gpu: ion: Make ion_free asynchronous John Stultz
2013-12-13 22:24 ` [PATCH 062/115] gpu: ion: fix kfree/list_del order John Stultz
2013-12-13 22:24 ` [PATCH 063/115] gpu: ion: ion_chunk_heap: Zero chunk heap memory at creation time John Stultz
2013-12-13 22:24 ` [PATCH 064/115] gpu: ion: Fix bug in ion shrinker John Stultz
2013-12-13 22:24 ` [PATCH 065/115] gpu: ion: Also shrink memory cached in the deferred free list John Stultz
2013-12-13 22:24 ` [PATCH 066/115] gpu: ion: __dma_page_cpu_to_dev -> arm_dma_ops.sync_single_for_device hack John Stultz
2013-12-13 22:24 ` [PATCH 067/115] gpu: ion: Remove __GFP_NO_KSWAPD John Stultz
2013-12-13 22:24 ` [PATCH 068/115] ion: Add Kconfig dependency to ARM John Stultz
2013-12-13 22:24 ` [PATCH 069/115] gpu: ion: fix ion_platform_data definition John Stultz
2013-12-13 22:24 ` [PATCH 070/115] gpu: ion: add CMA heap John Stultz
2013-12-13 22:24 ` [PATCH 071/115] gpu: ion: Fix performance issue in faulting code John Stultz
2013-12-13 22:24 ` [PATCH 072/115] ion: chunk_heap: fix leak in allocated counter John Stultz
2013-12-13 22:24 ` [PATCH 073/115] ion: add free list size to heap debug files John Stultz
2013-12-13 22:24 ` [PATCH 074/115] ion: convert map_kernel to return ERR_PTR John Stultz
2013-12-13 22:24 ` [PATCH 075/115] ion: remove IS_ERR_OR_NULL John Stultz
2013-12-13 22:24 ` [PATCH 076/115] ion: replace userspace handle cookies with idr John Stultz
2013-12-13 22:24 ` [PATCH 077/115] ion: index client->handles rbtree by buffer John Stultz
2013-12-13 22:24 ` [PATCH 078/115] ion: don't use id 0 for handle cookie John Stultz
2013-12-13 22:24 ` [PATCH 079/115] ion: add new ion_user_handle_t type for the user-space token John Stultz
2013-12-13 22:24 ` [PATCH 080/115] ion: change ion_user_handle_t definition to int John Stultz
2013-12-13 22:24 ` [PATCH 081/115] ion: add compat_ioctl John Stultz
2013-12-13 22:24 ` [PATCH 082/115] gpu: ion: delete ion_system_mapper.c John Stultz
2013-12-13 22:24 ` [PATCH 083/115] ion: move userspace api into uapi/ion.h John Stultz
2013-12-13 22:24 ` [PATCH 084/115] ion: Fix compat support to use proper compat ioctl numbers John Stultz
2013-12-13 22:24 ` [PATCH 085/115] ion: hold reference to handle after ion_uhandle_get John Stultz
2013-12-13 22:25 ` [PATCH 086/115] ion: fix crash when alloc len is -1 John Stultz
2013-12-13 22:25 ` [PATCH 087/115] ion: fix dma APIs John Stultz
2013-12-13 22:25 ` [PATCH 088/115] ion: convert sg_dma_len(sg) to sg->length John Stultz
2013-12-13 22:25 ` [PATCH 089/115] ion: check invalid values in ion_system_heap John Stultz
2013-12-13 22:25 ` [PATCH 090/115] ion: add test device for unit tests to interact with dma_bufs John Stultz
2013-12-13 22:25 ` [PATCH 091/115] ion: update idr to avoid deprecated apis John Stultz
2013-12-13 22:25 ` [PATCH 092/115] ion: don't use __arm_ioremap to map pages John Stultz
2013-12-14 3:26 ` [PATCH 093/115] ion: don't use phys_to_page or __phys_to_pfn John Stultz
2013-12-14 3:26 ` [PATCH 094/115] ion: fix printk warnings John Stultz
2013-12-14 4:27 ` Joe Perches
2013-12-14 3:26 ` [PATCH 095/115] gpu: ion: remove unnecessary function from system heap John Stultz
2013-12-14 3:26 ` [PATCH 096/115] ion: clean up ioctls John Stultz
2013-12-14 3:26 ` [PATCH 097/115] gpu: ion: fix use-after-free in ion_heap_freelist_drain John Stultz
2013-12-14 3:26 ` [PATCH 098/115] ion: Fix two small issues in system_heap allocation John Stultz
2013-12-14 3:26 ` [PATCH 099/115] ion: drop dependency on ARM John Stultz
2013-12-14 3:26 ` [PATCH 100/115] ion: add alignment check to carveout heap John Stultz
2013-12-14 3:26 ` [PATCH 101/115] ion: optimize ion_heap_buffer_zero John Stultz
2013-12-14 3:26 ` [PATCH 102/115] ion: free low memory from page pools first John Stultz
2013-12-14 3:26 ` [PATCH 103/115] ion: check return value from remap_pfn_range John Stultz
2013-12-14 3:26 ` [PATCH 104/115] ion: use vm_insert_pfn for faulted pages John Stultz
2013-12-14 3:26 ` [PATCH 105/115] ion: remove ion_heap_alloc_pages John Stultz
2013-12-14 3:26 ` [PATCH 106/115] ion: allow cached mappings of chunk and system heap buffers John Stultz
2013-12-14 3:26 ` [PATCH 107/115] ion: use alloc_pages in system contig heap John Stultz
2013-12-14 3:26 ` [PATCH 108/115] ion: fix sparse warnings John Stultz
2013-12-14 3:26 ` [PATCH 109/115] ion: carveout heap: zero buffers on free, fix memory leak John Stultz
2013-12-14 3:26 ` [PATCH 110/115] ion: add helper to zero contiguous region of pages John Stultz
2013-12-14 3:26 ` [PATCH 111/115] ion: add alignment check to chunk heap John Stultz
2013-12-14 3:26 ` [PATCH 112/115] ion: fix bugs in cma heap John Stultz
2013-12-14 3:26 ` [PATCH 113/115] ion: Cleanup whitespace issues and other checkpatch problems John Stultz
2013-12-14 3:26 ` [PATCH 114/115] ion: Improve ION config description John Stultz
2013-12-14 3:26 ` [PATCH 115/115] ion: Update system heap shrinker to use the new count/scan interface John Stultz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1386973529-4884-6-git-send-email-john.stultz@linaro.org \
--to=john.stultz@linaro.org \
--cc=ccross@android.com \
--cc=gregkh@linuxfoundation.org \
--cc=jesse.barker@arm.com \
--cc=kernel-team@android.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pullip.cho@samsung.com \
--cc=sumit.semwal@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox