dma-buf/fence-array: Add flex array to struct dma_fence_array
This is an effort to get rid of all multiplications from allocation functions in order to prevent integer overflows [1][2]. The "struct dma_fence_array" can be refactored to add a flex array in order to have the "callback structures allocated behind the array" be more explicit. Do so: - makes the code more readable and safer. - allows using __counted_by() for additional checks - avoids some pointer arithmetic in dma_fence_array_enable_signaling() Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1] Link: https://github.com/KSPP/linux/issues/160 [2] Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Christian König <christian.koenig@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/8b4e556e07b5dd78bb8a39b67ea0a43b199083c8.1716652811.git.christophe.jaillet@wanadoo.fr Signed-off-by: Christian König <christian.koenig@amd.com>
This commit is contained in:
parent
3d9d313d51
commit
983095eaf6
@ -70,7 +70,7 @@ static void dma_fence_array_cb_func(struct dma_fence *f,
|
||||
static bool dma_fence_array_enable_signaling(struct dma_fence *fence)
|
||||
{
|
||||
struct dma_fence_array *array = to_dma_fence_array(fence);
|
||||
struct dma_fence_array_cb *cb = (void *)(&array[1]);
|
||||
struct dma_fence_array_cb *cb = array->callbacks;
|
||||
unsigned i;
|
||||
|
||||
for (i = 0; i < array->num_fences; ++i) {
|
||||
@ -168,22 +168,20 @@ struct dma_fence_array *dma_fence_array_create(int num_fences,
|
||||
bool signal_on_any)
|
||||
{
|
||||
struct dma_fence_array *array;
|
||||
size_t size = sizeof(*array);
|
||||
|
||||
WARN_ON(!num_fences || !fences);
|
||||
|
||||
/* Allocate the callback structures behind the array. */
|
||||
size += num_fences * sizeof(struct dma_fence_array_cb);
|
||||
array = kzalloc(size, GFP_KERNEL);
|
||||
array = kzalloc(struct_size(array, callbacks, num_fences), GFP_KERNEL);
|
||||
if (!array)
|
||||
return NULL;
|
||||
|
||||
array->num_fences = num_fences;
|
||||
|
||||
spin_lock_init(&array->lock);
|
||||
dma_fence_init(&array->base, &dma_fence_array_ops, &array->lock,
|
||||
context, seqno);
|
||||
init_irq_work(&array->work, irq_dma_fence_array_work);
|
||||
|
||||
array->num_fences = num_fences;
|
||||
atomic_set(&array->num_pending, signal_on_any ? 1 : num_fences);
|
||||
array->fences = fences;
|
||||
|
||||
|
@ -33,6 +33,7 @@ struct dma_fence_array_cb {
|
||||
* @num_pending: fences in the array still pending
|
||||
* @fences: array of the fences
|
||||
* @work: internal irq_work function
|
||||
* @callbacks: array of callback helpers
|
||||
*/
|
||||
struct dma_fence_array {
|
||||
struct dma_fence base;
|
||||
@ -43,6 +44,8 @@ struct dma_fence_array {
|
||||
struct dma_fence **fences;
|
||||
|
||||
struct irq_work work;
|
||||
|
||||
struct dma_fence_array_cb callbacks[] __counted_by(num_fences);
|
||||
};
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user