> -----Original Message----- > From: Jason Gunthorpe <jgg@xxxxxxxx> > Sent: Thursday, November 12, 2020 4:31 PM > To: Xiong, Jianxin <jianxin.xiong@xxxxxxxxx> > Cc: linux-rdma@xxxxxxxxxxxxxxx; dri-devel@xxxxxxxxxxxxxxxxxxxxx; Doug Ledford <dledford@xxxxxxxxxx>; Leon Romanovsky > <leon@xxxxxxxxxx>; Sumit Semwal <sumit.semwal@xxxxxxxxxx>; Christian Koenig <christian.koenig@xxxxxxx>; Vetter, Daniel > <daniel.vetter@xxxxxxxxx> > Subject: Re: [PATCH v10 1/6] RDMA/umem: Support importing dma-buf as user memory region > > On Tue, Nov 10, 2020 at 01:41:12PM -0800, Jianxin Xiong wrote: > > +struct ib_umem *ib_umem_dmabuf_get(struct ib_device *device, > > + unsigned long offset, size_t size, > > + int fd, int access, > > + const struct dma_buf_attach_ops *ops) { > > + struct dma_buf *dmabuf; > > + struct ib_umem_dmabuf *umem_dmabuf; > > + struct ib_umem *umem; > > + unsigned long end; > > + long ret; > > + > > + if (check_add_overflow(offset, (unsigned long)size, &end)) > > + return ERR_PTR(-EINVAL); > > + > > + if (unlikely(PAGE_ALIGN(end) < PAGE_SIZE)) > > + return ERR_PTR(-EINVAL); > > This is weird, what does it do? This sequence is modeled after the following code from ib_umem_init_odp(): if (check_add_overflow(umem_odp->umem.address, (unsigned long)umem_odp->umem.length, &end)) return -EOVERFLOW; end = ALIGN(end, page_size); if (unlikely(end < page_size)) return -EOVERFLOW; The weird part seems to be checking if 'end' is 0, but that should have been covered by check_add_overflow() already. > > > + > > + if (unlikely(!ops || !ops->move_notify)) > > + return ERR_PTR(-EINVAL); > > + > > + umem_dmabuf = kzalloc(sizeof(*umem_dmabuf), GFP_KERNEL); > > + if (!umem_dmabuf) > > + return ERR_PTR(-ENOMEM); > > + > > + umem = &umem_dmabuf->umem; > > + umem->ibdev = device; > > + umem->length = size; > > + umem->address = offset; > > + umem->writable = ib_access_writable(access); > > + umem->is_dmabuf = 1; > > + > > + if (unlikely(!ib_umem_num_pages(umem))) { > > + ret = -EINVAL; > > + goto out_free_umem; > > + } > > + > > + dmabuf = dma_buf_get(fd); > > + if (IS_ERR(dmabuf)) { > > + ret = PTR_ERR(dmabuf); > > + goto out_free_umem; > > + } > > + > > + if (dmabuf->size < offset + size) { > > + ret = -EINVAL; > > + goto out_release_dmabuf; > > offset + size == end, already computed, in fact move this above the kzalloc > > Jason