On Thu, 16 Aug 2018 12:24:16 -0400
Tony Krowiak <akrowiak@xxxxxxxxxxxxx> wrote:
> On 08/14/2018 07:19 AM, Cornelia Huck wrote:
> > On Mon, 13 Aug 2018 17:48:06 -0400
> > Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx> wrote:
> >> +static int vfio_ap_mdev_create(struct kobject *kobj, struct mdev_device *mdev)
> >> +{
> >> + struct ap_matrix_mdev *matrix_mdev;
> >> +
> >> + matrix_mdev = kzalloc(sizeof(*matrix_mdev), GFP_KERNEL);
> >> + if (!matrix_mdev)
> >> + return -ENOMEM;
> >> +
> >> + matrix_mdev->name = dev_name(mdev_dev(mdev));
> >> + vfio_ap_matrix_init(&matrix_dev.info, &matrix_mdev->matrix);
> >> + mdev_set_drvdata(mdev, matrix_mdev);
> >> +
> >> + if (atomic_dec_if_positive(&matrix_dev.available_instances) < 0) {
> >> + kfree(matrix_mdev);
> >> + return -EPERM;
> >> + }
> > Maybe move this check to the top of the function?
>
> Please ignore my previous response to your comment. I can't move the call to
> atomic_dec_if_positive() to the top of the function because it
> decrements the
> available_instances and if the kzalloc() of matrix_mdev fails, then the
> value
> would have to then be incremented to remain valid. What I can do is this:
>
> 1. Check the value of available_instances using atomic_read() at the top of
> the function and if it is zero, return an error.
>
> 2. Replace the call to atomic_dec_if_positive() with a call to atomic_dec()
> to decrement the available_instances.
>
> I agree that it makes sense to return before attempting to allocate the
> matrix_mdev if available_instances is zero.
Wouldn't that be racy, though?
I don't think re-incrementing the counter is too bad, and it's
certainly better than going through allocation/freeing of structures.
>
> >
> >> +
> >> + mutex_lock(&matrix_dev.lock);
> >> + list_add(&matrix_mdev->list, &matrix_dev.mdev_list);
> >> + mutex_unlock(&matrix_dev.lock);
> >> +
> >> + return 0;
> >> +}
>
>
