| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Dec 2017 11:29:47 -0800
From: Dongwon Kim <dongwon.kim@...el.com>
To: linux-kernel@...r.kernel.org
Cc: dri-devel@...ts.freedesktop.org, xen-devel@...ts.xenproject.org,
mateuszx.potrola@...el.com, dongwon.kim@...el.com
Subject: [RFC PATCH 31/60] hyper_dmabuf: built-in compilation option
From: Mateusz Polrola <mateuszx.potrola@...el.com>
Enabled built-in compilation option of hyper_dmabuf driver.
Also, moved backend initialization into open() to remove
its dependencies on Kernel booting sequence.
hyper_dmabuf.h is now installed as one of standard header
files of Kernel.
This patch also addresses possible memory leaks in various
places.
Signed-off-by: Dongwon Kim <dongwon.kim@...el.com>
---
drivers/xen/hyper_dmabuf/Kconfig | 1 +
drivers/xen/hyper_dmabuf/hyper_dmabuf_drv.c | 17 ++--
drivers/xen/hyper_dmabuf/hyper_dmabuf_drv.h | 1 +
drivers/xen/hyper_dmabuf/hyper_dmabuf_id.c | 14 +++
drivers/xen/hyper_dmabuf/hyper_dmabuf_imp.c | 13 ++-
drivers/xen/hyper_dmabuf/hyper_dmabuf_ioctl.c | 113 +++++++++++++++++----
drivers/xen/hyper_dmabuf/hyper_dmabuf_list.c | 15 +++
drivers/xen/hyper_dmabuf/hyper_dmabuf_msg.c | 20 ++++
.../xen/hyper_dmabuf/hyper_dmabuf_remote_sync.c | 32 +++++-
.../xen/hyper_dmabuf/xen/hyper_dmabuf_xen_comm.c | 6 ++
.../hyper_dmabuf/xen/hyper_dmabuf_xen_comm_list.c | 15 +++
.../xen/hyper_dmabuf/xen/hyper_dmabuf_xen_shm.c | 6 ++
include/uapi/xen/Kbuild | 6 ++
13 files changed, 227 insertions(+), 32 deletions(-)
create mode 100644 include/uapi/xen/Kbuild
diff --git a/drivers/xen/hyper_dmabuf/Kconfig b/drivers/xen/hyper_dmabuf/Kconfig
index 56633a2..185fdf8 100644
--- a/drivers/xen/hyper_dmabuf/Kconfig
+++ b/drivers/xen/hyper_dmabuf/Kconfig
@@ -14,6 +14,7 @@ config HYPER_DMABUF_XEN
config HYPER_DMABUF_SYSFS
bool "Enable sysfs information about hyper DMA buffers"
default y
+ depends on HYPER_DMABUF
help
Expose information about imported and exported buffers using
hyper_dmabuf driver
diff --git a/drivers/xen/hyper_dmabuf/hyper_dmabuf_drv.c b/drivers/xen/hyper_dmabuf/hyper_dmabuf_drv.c
index a12d4dc..92d710e 100644
--- a/drivers/xen/hyper_dmabuf/hyper_dmabuf_drv.c
+++ b/drivers/xen/hyper_dmabuf/hyper_dmabuf_drv.c
@@ -66,6 +66,15 @@ static int __init hyper_dmabuf_drv_init(void)
#ifdef CONFIG_HYPER_DMABUF_XEN
hyper_dmabuf_private.backend_ops = &xen_backend_ops;
#endif
+ /*
+ * Defer backend setup to first open call.
+ * Due to fact that some hypervisors eg. Xen, may have dependencies
+ * to userspace daemons like xenstored, in that case all xenstore
+ * calls done from kernel will block until that deamon will be
+ * started, in case where module is built in that will block entire
+ * kernel initialization.
+ */
+ hyper_dmabuf_private.backend_initialized = false;
dev_info(hyper_dmabuf_private.device,
"initializing database for imported/exported dmabufs\n");
@@ -73,7 +82,6 @@ static int __init hyper_dmabuf_drv_init(void)
/* device structure initialization */
/* currently only does work-queue initialization */
hyper_dmabuf_private.work_queue = create_workqueue("hyper_dmabuf_wqueue");
- hyper_dmabuf_private.domid = hyper_dmabuf_private.backend_ops->get_vm_id();
ret = hyper_dmabuf_table_init();
if (ret < 0) {
@@ -82,13 +90,6 @@ static int __init hyper_dmabuf_drv_init(void)
return ret;
}
- ret = hyper_dmabuf_private.backend_ops->init_comm_env();
- if (ret < 0) {
- dev_err(hyper_dmabuf_private.device,
- "failed to initiailize hypervisor-specific comm env\n");
- return ret;
- }
-
#ifdef CONFIG_HYPER_DMABUF_SYSFS
ret = hyper_dmabuf_register_sysfs(hyper_dmabuf_private.device);
if (ret < 0) {
diff --git a/drivers/xen/hyper_dmabuf/hyper_dmabuf_drv.h b/drivers/xen/hyper_dmabuf/hyper_dmabuf_drv.h
index 8445416..91fda04 100644
--- a/drivers/xen/hyper_dmabuf/hyper_dmabuf_drv.h
+++ b/drivers/xen/hyper_dmabuf/hyper_dmabuf_drv.h
@@ -77,6 +77,7 @@ struct hyper_dmabuf_private {
/* backend ops - hypervisor specific */
struct hyper_dmabuf_backend_ops *backend_ops;
struct mutex lock;
+ bool backend_initialized;
};
#endif /* __LINUX_PUBLIC_HYPER_DMABUF_DRV_H__ */
diff --git a/drivers/xen/hyper_dmabuf/hyper_dmabuf_id.c b/drivers/xen/hyper_dmabuf/hyper_dmabuf_id.c
index 35bfdfb..fe95091 100644
--- a/drivers/xen/hyper_dmabuf/hyper_dmabuf_id.c
+++ b/drivers/xen/hyper_dmabuf/hyper_dmabuf_id.c
@@ -40,6 +40,13 @@ void store_reusable_id(int id)
struct list_reusable_id *new_reusable;
new_reusable = kmalloc(sizeof(*new_reusable), GFP_KERNEL);
+
+ if (!new_reusable) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return;
+ }
+
new_reusable->id = id;
list_add(&new_reusable->list, &reusable_head->list);
@@ -94,6 +101,13 @@ int hyper_dmabuf_get_id(void)
/* first cla to hyper_dmabuf_get_id */
if (id == 0) {
reusable_head = kmalloc(sizeof(*reusable_head), GFP_KERNEL);
+
+ if (!reusable_head) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return -ENOMEM;
+ }
+
reusable_head->id = -1; /* list head have invalid id */
INIT_LIST_HEAD(&reusable_head->list);
hyper_dmabuf_private.id_queue = reusable_head;
diff --git a/drivers/xen/hyper_dmabuf/hyper_dmabuf_imp.c b/drivers/xen/hyper_dmabuf/hyper_dmabuf_imp.c
index 5a034ffb..34dfa18 100644
--- a/drivers/xen/hyper_dmabuf/hyper_dmabuf_imp.c
+++ b/drivers/xen/hyper_dmabuf/hyper_dmabuf_imp.c
@@ -270,6 +270,12 @@ inline int hyper_dmabuf_sync_request(int id, int dmabuf_ops)
req = kcalloc(1, sizeof(*req), GFP_KERNEL);
+ if (!req) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return -ENOMEM;
+ }
+
hyper_dmabuf_create_request(req, HYPER_DMABUF_OPS_TO_SOURCE, &operands[0]);
/* send request and wait for a response */
@@ -366,8 +372,11 @@ static struct sg_table* hyper_dmabuf_ops_map(struct dma_buf_attachment *attachme
return st;
err_free_sg:
- sg_free_table(st);
- kfree(st);
+ if (st) {
+ sg_free_table(st);
+ kfree(st);
+ }
+
return NULL;
}
diff --git a/drivers/xen/hyper_dmabuf/hyper_dmabuf_ioctl.c b/drivers/xen/hyper_dmabuf/hyper_dmabuf_ioctl.c
index fa700f2..c0048d9 100644
--- a/drivers/xen/hyper_dmabuf/hyper_dmabuf_ioctl.c
+++ b/drivers/xen/hyper_dmabuf/hyper_dmabuf_ioctl.c
@@ -115,22 +115,24 @@ static int hyper_dmabuf_export_remote(struct file *filp, void *data)
*/
ret = hyper_dmabuf_find_id_exported(dma_buf, export_remote_attr->remote_domain);
sgt_info = hyper_dmabuf_find_exported(ret);
- if (ret != -ENOENT && sgt_info->valid) {
- /*
- * Check if unexport is already scheduled for that buffer,
- * if so try to cancel it. If that will fail, buffer needs
- * to be reexport once again.
- */
- if (sgt_info->unexport_scheduled) {
- if (!cancel_delayed_work_sync(&sgt_info->unexport_work)) {
- dma_buf_put(dma_buf);
- goto reexport;
+ if (ret != -ENOENT && sgt_info != NULL) {
+ if (sgt_info->valid) {
+ /*
+ * Check if unexport is already scheduled for that buffer,
+ * if so try to cancel it. If that will fail, buffer needs
+ * to be reexport once again.
+ */
+ if (sgt_info->unexport_scheduled) {
+ if (!cancel_delayed_work_sync(&sgt_info->unexport_work)) {
+ dma_buf_put(dma_buf);
+ goto reexport;
+ }
+ sgt_info->unexport_scheduled = 0;
}
- sgt_info->unexport_scheduled = 0;
+ dma_buf_put(dma_buf);
+ export_remote_attr->hyper_dmabuf_id = ret;
+ return 0;
}
- dma_buf_put(dma_buf);
- export_remote_attr->hyper_dmabuf_id = ret;
- return 0;
}
reexport:
@@ -162,9 +164,32 @@ static int hyper_dmabuf_export_remote(struct file *filp, void *data)
sgt_info->valid = 1;
sgt_info->active_sgts = kmalloc(sizeof(struct sgt_list), GFP_KERNEL);
+ if (!sgt_info->active_sgts) {
+ dev_err(hyper_dmabuf_private.device, "no more space left\n");
+ ret = -ENOMEM;
+ goto fail_map_active_sgts;
+ }
+
sgt_info->active_attached = kmalloc(sizeof(struct attachment_list), GFP_KERNEL);
+ if (!sgt_info->active_attached) {
+ dev_err(hyper_dmabuf_private.device, "no more space left\n");
+ ret = -ENOMEM;
+ goto fail_map_active_attached;
+ }
+
sgt_info->va_kmapped = kmalloc(sizeof(struct kmap_vaddr_list), GFP_KERNEL);
+ if (!sgt_info->va_kmapped) {
+ dev_err(hyper_dmabuf_private.device, "no more space left\n");
+ ret = -ENOMEM;
+ goto fail_map_va_kmapped;
+ }
+
sgt_info->va_vmapped = kmalloc(sizeof(struct vmap_vaddr_list), GFP_KERNEL);
+ if (!sgt_info->va_vmapped) {
+ dev_err(hyper_dmabuf_private.device, "no more space left\n");
+ ret = -ENOMEM;
+ goto fail_map_va_vmapped;
+ }
sgt_info->active_sgts->sgt = sgt;
sgt_info->active_attached->attach = attachment;
@@ -211,6 +236,11 @@ static int hyper_dmabuf_export_remote(struct file *filp, void *data)
req = kcalloc(1, sizeof(*req), GFP_KERNEL);
+ if(!req) {
+ dev_err(hyper_dmabuf_private.device, "no more space left\n");
+ goto fail_map_req;
+ }
+
/* composing a message to the importer */
hyper_dmabuf_create_request(req, HYPER_DMABUF_EXPORT, &operands[0]);
@@ -233,6 +263,8 @@ static int hyper_dmabuf_export_remote(struct file *filp, void *data)
fail_send_request:
kfree(req);
+
+fail_map_req:
hyper_dmabuf_remove_exported(sgt_info->hyper_dmabuf_id);
fail_export:
@@ -242,10 +274,14 @@ static int hyper_dmabuf_export_remote(struct file *filp, void *data)
dma_buf_detach(sgt_info->dma_buf, sgt_info->active_attached->attach);
dma_buf_put(sgt_info->dma_buf);
- kfree(sgt_info->active_attached);
- kfree(sgt_info->active_sgts);
- kfree(sgt_info->va_kmapped);
kfree(sgt_info->va_vmapped);
+fail_map_va_vmapped:
+ kfree(sgt_info->va_kmapped);
+fail_map_va_kmapped:
+ kfree(sgt_info->active_sgts);
+fail_map_active_sgts:
+ kfree(sgt_info->active_attached);
+fail_map_active_attached:
return ret;
}
@@ -288,6 +324,13 @@ static int hyper_dmabuf_export_fd_ioctl(struct file *filp, void *data)
dev_dbg(hyper_dmabuf_private.device, "Exporting fd of buffer %d\n", operand);
req = kcalloc(1, sizeof(*req), GFP_KERNEL);
+
+ if (!req) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return -ENOMEM;
+ }
+
hyper_dmabuf_create_request(req, HYPER_DMABUF_EXPORT_FD, &operand);
ret = ops->send_req(HYPER_DMABUF_DOM_ID(operand), req, true);
@@ -381,6 +424,12 @@ static void hyper_dmabuf_delayed_unexport(struct work_struct *work)
req = kcalloc(1, sizeof(*req), GFP_KERNEL);
+ if (!req) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return;
+ }
+
hyper_dmabuf_create_request(req, HYPER_DMABUF_NOTIFY_UNEXPORT, &hyper_dmabuf_id);
/* Now send unexport request to remote domain, marking that buffer should not be used anymore */
@@ -540,6 +589,11 @@ static long hyper_dmabuf_ioctl(struct file *filp,
hyper_dmabuf_ioctl_t func;
char *kdata;
+ if (nr > ARRAY_SIZE(hyper_dmabuf_ioctls)) {
+ dev_err(hyper_dmabuf_private.device, "invalid ioctl\n");
+ return -EINVAL;
+ }
+
ioctl = &hyper_dmabuf_ioctls[nr];
func = ioctl->func;
@@ -574,11 +628,34 @@ static long hyper_dmabuf_ioctl(struct file *filp,
int hyper_dmabuf_open(struct inode *inode, struct file *filp)
{
+ int ret = 0;
+
/* Do not allow exclusive open */
if (filp->f_flags & O_EXCL)
return -EBUSY;
- return 0;
+ /*
+ * Initialize backend if neededm,
+ * use mutex to prevent race conditions when
+ * two userspace apps will open device at the same time
+ */
+ mutex_lock(&hyper_dmabuf_private.lock);
+
+ if (!hyper_dmabuf_private.backend_initialized) {
+ hyper_dmabuf_private.domid = hyper_dmabuf_private.backend_ops->get_vm_id();
+
+ ret = hyper_dmabuf_private.backend_ops->init_comm_env();
+ if (ret < 0) {
+ dev_err(hyper_dmabuf_private.device,
+ "failed to initiailize hypervisor-specific comm env\n");
+ } else {
+ hyper_dmabuf_private.backend_initialized = true;
+ }
+ }
+
+ mutex_unlock(&hyper_dmabuf_private.lock);
+
+ return ret;
}
static void hyper_dmabuf_emergency_release(struct hyper_dmabuf_sgt_info* sgt_info,
diff --git a/drivers/xen/hyper_dmabuf/hyper_dmabuf_list.c b/drivers/xen/hyper_dmabuf/hyper_dmabuf_list.c
index c1285eb..90c8c56 100644
--- a/drivers/xen/hyper_dmabuf/hyper_dmabuf_list.c
+++ b/drivers/xen/hyper_dmabuf/hyper_dmabuf_list.c
@@ -34,8 +34,11 @@
#include <asm/uaccess.h>
#include <linux/hashtable.h>
#include <linux/dma-buf.h>
+#include "hyper_dmabuf_drv.h"
#include "hyper_dmabuf_list.h"
+extern struct hyper_dmabuf_private hyper_dmabuf_private;
+
DECLARE_HASHTABLE(hyper_dmabuf_hash_imported, MAX_ENTRY_IMPORTED);
DECLARE_HASHTABLE(hyper_dmabuf_hash_exported, MAX_ENTRY_EXPORTED);
@@ -132,6 +135,12 @@ int hyper_dmabuf_register_exported(struct hyper_dmabuf_sgt_info *info)
info_entry = kmalloc(sizeof(*info_entry), GFP_KERNEL);
+ if (!info_entry) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return -ENOMEM;
+ }
+
info_entry->info = info;
hash_add(hyper_dmabuf_hash_exported, &info_entry->node,
@@ -146,6 +155,12 @@ int hyper_dmabuf_register_imported(struct hyper_dmabuf_imported_sgt_info* info)
info_entry = kmalloc(sizeof(*info_entry), GFP_KERNEL);
+ if (!info_entry) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return -ENOMEM;
+ }
+
info_entry->info = info;
hash_add(hyper_dmabuf_hash_imported, &info_entry->node,
diff --git a/drivers/xen/hyper_dmabuf/hyper_dmabuf_msg.c b/drivers/xen/hyper_dmabuf/hyper_dmabuf_msg.c
index 3111cdc..5f64261 100644
--- a/drivers/xen/hyper_dmabuf/hyper_dmabuf_msg.c
+++ b/drivers/xen/hyper_dmabuf/hyper_dmabuf_msg.c
@@ -134,6 +134,13 @@ void cmd_process_work(struct work_struct *work)
* operands5~8 : Driver-specific private data (e.g. graphic buffer's meta info)
*/
imported_sgt_info = kcalloc(1, sizeof(*imported_sgt_info), GFP_KERNEL);
+
+ if (!imported_sgt_info) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ break;
+ }
+
imported_sgt_info->hyper_dmabuf_id = req->operands[0];
imported_sgt_info->frst_ofst = req->operands[2];
imported_sgt_info->last_len = req->operands[3];
@@ -288,9 +295,22 @@ int hyper_dmabuf_msg_parse(int domid, struct hyper_dmabuf_req *req)
"%s: putting request to workqueue\n", __func__);
temp_req = kmalloc(sizeof(*temp_req), GFP_KERNEL);
+ if (!temp_req) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return -ENOMEM;
+ }
+
memcpy(temp_req, req, sizeof(*temp_req));
proc = kcalloc(1, sizeof(struct cmd_process), GFP_KERNEL);
+
+ if (!proc) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return -ENOMEM;
+ }
+
proc->rq = temp_req;
proc->domid = domid;
diff --git a/drivers/xen/hyper_dmabuf/hyper_dmabuf_remote_sync.c b/drivers/xen/hyper_dmabuf/hyper_dmabuf_remote_sync.c
index 0eded61..2dab833 100644
--- a/drivers/xen/hyper_dmabuf/hyper_dmabuf_remote_sync.c
+++ b/drivers/xen/hyper_dmabuf/hyper_dmabuf_remote_sync.c
@@ -78,6 +78,12 @@ int hyper_dmabuf_remote_sync(int id, int ops)
case HYPER_DMABUF_OPS_ATTACH:
attachl = kcalloc(1, sizeof(*attachl), GFP_KERNEL);
+ if (!attachl) {
+ dev_err(hyper_dmabuf_private.device,
+ "dmabuf remote sync::error while processing HYPER_DMABUF_OPS_ATTACH\n");
+ return -ENOMEM;
+ }
+
attachl->attach = dma_buf_attach(sgt_info->dma_buf,
hyper_dmabuf_private.device);
@@ -85,7 +91,7 @@ int hyper_dmabuf_remote_sync(int id, int ops)
kfree(attachl);
dev_err(hyper_dmabuf_private.device,
"dmabuf remote sync::error while processing HYPER_DMABUF_OPS_ATTACH\n");
- return PTR_ERR(attachl->attach);
+ return -ENOMEM;
}
list_add(&attachl->list, &sgt_info->active_attached->list);
@@ -121,12 +127,19 @@ int hyper_dmabuf_remote_sync(int id, int ops)
struct attachment_list, list);
sgtl = kcalloc(1, sizeof(*sgtl), GFP_KERNEL);
+
+ if (!sgtl) {
+ dev_err(hyper_dmabuf_private.device,
+ "dmabuf remote sync::error while processing HYPER_DMABUF_OPS_MAP\n");
+ return -ENOMEM;
+ }
+
sgtl->sgt = dma_buf_map_attachment(attachl->attach, DMA_BIDIRECTIONAL);
if (!sgtl->sgt) {
kfree(sgtl);
dev_err(hyper_dmabuf_private.device,
"dmabuf remote sync::error while processing HYPER_DMABUF_OPS_MAP\n");
- return PTR_ERR(sgtl->sgt);
+ return -ENOMEM;
}
list_add(&sgtl->list, &sgt_info->active_sgts->list);
break;
@@ -201,6 +214,11 @@ int hyper_dmabuf_remote_sync(int id, int ops)
case HYPER_DMABUF_OPS_KMAP_ATOMIC:
case HYPER_DMABUF_OPS_KMAP:
va_kmapl = kcalloc(1, sizeof(*va_kmapl), GFP_KERNEL);
+ if (!va_kmapl) {
+ dev_err(hyper_dmabuf_private.device,
+ "dmabuf remote sync::error while processing HYPER_DMABUF_OPS_KMAP(_ATOMIC)\n");
+ return -ENOMEM;
+ }
/* dummy kmapping of 1 page */
if (ops == HYPER_DMABUF_OPS_KMAP_ATOMIC)
@@ -212,7 +230,7 @@ int hyper_dmabuf_remote_sync(int id, int ops)
kfree(va_kmapl);
dev_err(hyper_dmabuf_private.device,
"dmabuf remote sync::error while processing HYPER_DMABUF_OPS_KMAP(_ATOMIC)\n");
- return PTR_ERR(va_kmapl->vaddr);
+ return -ENOMEM;
}
list_add(&va_kmapl->list, &sgt_info->va_kmapped->list);
break;
@@ -255,6 +273,12 @@ int hyper_dmabuf_remote_sync(int id, int ops)
case HYPER_DMABUF_OPS_VMAP:
va_vmapl = kcalloc(1, sizeof(*va_vmapl), GFP_KERNEL);
+ if (!va_vmapl) {
+ dev_err(hyper_dmabuf_private.device,
+ "dmabuf remote sync::error while processing HYPER_DMABUF_OPS_VMAP\n");
+ return -ENOMEM;
+ }
+
/* dummy vmapping */
va_vmapl->vaddr = dma_buf_vmap(sgt_info->dma_buf);
@@ -262,7 +286,7 @@ int hyper_dmabuf_remote_sync(int id, int ops)
kfree(va_vmapl);
dev_err(hyper_dmabuf_private.device,
"dmabuf remote sync::error while processing HYPER_DMABUF_OPS_VMAP\n");
- return PTR_ERR(va_vmapl->vaddr);
+ return -ENOMEM;
}
list_add(&va_vmapl->list, &sgt_info->va_vmapped->list);
break;
diff --git a/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_comm.c b/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_comm.c
index ce9862a..43dd3b6 100644
--- a/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_comm.c
+++ b/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_comm.c
@@ -381,6 +381,12 @@ int hyper_dmabuf_xen_init_rx_rbuf(int domid)
ring_info = kmalloc(sizeof(*ring_info), GFP_KERNEL);
+ if (!ring_info) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return -ENOMEM;
+ }
+
ring_info->sdomain = domid;
ring_info->evtchn = rx_port;
diff --git a/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_comm_list.c b/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_comm_list.c
index 2f469da..4708b49 100644
--- a/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_comm_list.c
+++ b/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_comm_list.c
@@ -34,9 +34,12 @@
#include <asm/uaccess.h>
#include <linux/hashtable.h>
#include <xen/grant_table.h>
+#include "../hyper_dmabuf_drv.h"
#include "hyper_dmabuf_xen_comm.h"
#include "hyper_dmabuf_xen_comm_list.h"
+extern struct hyper_dmabuf_private hyper_dmabuf_private;
+
DECLARE_HASHTABLE(xen_comm_tx_ring_hash, MAX_ENTRY_TX_RING);
DECLARE_HASHTABLE(xen_comm_rx_ring_hash, MAX_ENTRY_RX_RING);
@@ -52,6 +55,12 @@ int xen_comm_add_tx_ring(struct xen_comm_tx_ring_info *ring_info)
info_entry = kmalloc(sizeof(*info_entry), GFP_KERNEL);
+ if (!info_entry) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return -ENOMEM;
+ }
+
info_entry->info = ring_info;
hash_add(xen_comm_tx_ring_hash, &info_entry->node,
@@ -66,6 +75,12 @@ int xen_comm_add_rx_ring(struct xen_comm_rx_ring_info *ring_info)
info_entry = kmalloc(sizeof(*info_entry), GFP_KERNEL);
+ if (!info_entry) {
+ dev_err(hyper_dmabuf_private.device,
+ "No memory left to be allocated\n");
+ return -ENOMEM;
+ }
+
info_entry->info = ring_info;
hash_add(xen_comm_rx_ring_hash, &info_entry->node,
diff --git a/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_shm.c b/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_shm.c
index 524f75c..c6a2993 100644
--- a/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_shm.c
+++ b/drivers/xen/hyper_dmabuf/xen/hyper_dmabuf_xen_shm.c
@@ -96,6 +96,12 @@ int hyper_dmabuf_xen_share_pages(struct page **pages, int domid, int nents,
lvl2_table = (grant_ref_t *)__get_free_pages(GFP_KERNEL, n_lvl2_grefs);
sh_pages_info = kmalloc(sizeof(*sh_pages_info), GFP_KERNEL);
+
+ if (!sh_pages_info) {
+ dev_err(hyper_dmabuf_private.device, "No more space left\n");
+ return -ENOMEM;
+ }
+
*refs_info = (void *)sh_pages_info;
/* share data pages in rw mode*/
diff --git a/include/uapi/xen/Kbuild b/include/uapi/xen/Kbuild
new file mode 100644
index 0000000..bf81f42
--- /dev/null
+++ b/include/uapi/xen/Kbuild
@@ -0,0 +1,6 @@
+# UAPI Header export list
+header-y += evtchn.h
+header-y += gntalloc.h
+header-y += gntdev.h
+header-y += privcmd.h
+header-y += hyper_dmabuf.h
--
2.7.4
Powered by blists - more mailing lists