[v4,4/5] udmabuf: udmabuf_create codestyle cleanup

Message ID	20240822084342.1574914-5-link@vivo.com (mailing list archive)
State	New
Headers	show Received: from APC01-PSA-obe.outbound.protection.outlook.com (mail-psaapc01on2065.outbound.protection.outlook.com [40.107.255.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1EED617DFE8; Thu, 22 Aug 2024 08:44:53 +0000 (UTC) From: Huan Yang <link@vivo.com> To: Sumit Semwal <sumit.semwal@linaro.org>, =?utf-8?q?Christian_K=C3=B6nig?= <christian.koenig@amd.com>, Gerd Hoffmann <kraxel@redhat.com>, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org Cc: opensource.kernel@vivo.com, Huan Yang <link@vivo.com> Subject: [PATCH v4 4/5] udmabuf: udmabuf_create codestyle cleanup Date: Thu, 22 Aug 2024 16:43:36 +0800 Message-ID: <20240822084342.1574914-5-link@vivo.com> In-Reply-To: <20240822084342.1574914-1-link@vivo.com> References: <20240822084342.1574914-1-link@vivo.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: bulk MIME-Version: 1.0
Series	udmbuf bug fix and some improvements \| expand [v4,0/5] udmbuf bug fix and some improvements [v4,1/5] udmabuf: direct map pfn when first page fault [v4,2/5] udmabuf: change folios array from kmalloc to kvmalloc [v4,3/5] udmabuf: fix vmap_udmabuf error page set [v4,4/5] udmabuf: udmabuf_create codestyle cleanup [v4,5/5] udmabuf: remove udmabuf_folio

Message ID

20240822084342.1574914-5-link@vivo.com (mailing list archive)

State

New

Headers

From: Huan Yang <link@vivo.com>
To: Sumit Semwal <sumit.semwal@linaro.org>,
 =?utf-8?q?Christian_K=C3=B6nig?= <christian.koenig@amd.com>,
 Gerd Hoffmann <kraxel@redhat.com>, linux-media@vger.kernel.org,
 dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
 linux-kernel@vger.kernel.org
Cc: opensource.kernel@vivo.com,
	Huan Yang <link@vivo.com>
Subject: [PATCH v4 4/5] udmabuf: udmabuf_create codestyle cleanup
Date: Thu, 22 Aug 2024 16:43:36 +0800
Message-ID: <20240822084342.1574914-5-link@vivo.com>
In-Reply-To: <20240822084342.1574914-1-link@vivo.com>
References: <20240822084342.1574914-1-link@vivo.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 eXLg/F8rKdFDQ+nk84OczwlHJhQKeTUsIi049Gw1E3gM541QAEcBXjxeRQ3CHyKW6/LznaaKJFWmO/ctgAq7rWzRZ50suqwWAMFIg0zswxXOPFPpPZqCHmyDMzcuvfAj/m4Q2OuEaQOUvd43NBexEIrlX9z9z+t88jDHPewh+VltTw9+vU93gGzqyncsn1Jv0a3TlLE0gMCdqgBV8FXoJApcsNNFTusESwQ5jgta3uuWU6qmuvh53/si94AevI2mWlvadxyxlYTk1IhaFi4/6BdvgHee7nxfmWYDav3tceRmOsazrfXnGApKVPyPd6Stz2xmvYl5sUyAE3vWZBGbTqHOMmO7gk+b+rWsOfTQWGFwALar+YGFyKyXZ3uPXGvWkNqOqaiBXuR8uey0uqHUa3fz8f1SBDR6Qx7DtXDwGIz9CWZodvl+jZ4iqzfQsnTAqMoqrQSoDC7XECS0H1e49dPdIu7O9M46TnLvV6c6TZpU4R4EDtYX5mmbXBaG2UHYeOYNlAuDbujQKZP3R9My61PA0ZOq08PkoMdeXzoj0N7dl4WMDMBO41McZBpFMVoODMYOQgHxHPWDYiM9CEK5tAd9K/xqzUcBRwOveqLO1HuiPjk14IqV5GjE5MAMllIXfOvbgo9K+a7NBNbzWVVSgPThL+0stEQWXb7tbMvGsCtm4J0+thDLT0PiwsxpmdCocviGORfz35rOjrcLavT80fmyjjjgC5f5aVTpDCpuPpL5j0uIxBeDs6XnHEZa08nUvUCaB3N3JUbi7DDyBoyFuMNHoponV40t9zjQ3RilsRp8Wn7iDHQC+pImPU7Mj2DBfFNdhTQI3nq8Dx80uyqv7d3Yey8MNTZHloQ9svVGE3MyIpRsJOqIBBHzDBD+U+ICsOYAKM1q1FAKCAhJLn9/jqwd2uklcqYZq1xuUE88/aQn6HagE+y9aseRj/zH8graWSpZvut5oPRc4+REV3dEOn35tJuLQdzujW0H17I+fAU5dGh5jmal4i/UopAvPyHUvfjBO5V39Thxsq6UtBw8Cr6hdXYzamKSnb7/xrZ+nAm/9bF8Gb0V4grvsldoWYFOB9y9/eQ3J6k3SlwsNoxByyGaWwZH7KNaj+X2RlvdxYwdzCGj39/wdrGmFsCqpzdiFj2Y/hRZlBKyy31iIuR3E/O+eSKkcMtLaFhtI+7CbYRFXq+YXtHWlfsHJLzDk5woRYml2IkBPfwKiLmcjCEqv85HA8gCyuZKlIjbYVM1OYloNyD8nj+LfSRbI06HfPTBsoqX5gGQ1F4sHnHgwBqPJ4ZwRHPa6zDy9+Tsrmr4Dr1wx8LIIfnuPv34kmCj/47gjFax/r1tdWIF5onnMsUP8yjxrrloQIJyOAxqXbs/RtkK+SsEYGtOhmsJzExrSDE8PSJG6My+fkBZuc3T+WQ1izteCwKHCrxbzferMOmyHCcQM0yIqQ7fNzBnfqVBO+yl9CDPBI2G39bVDfuRm9h9Cfp0TywDogB2dezwLB4/54RIW32vvqlEzTQZx1KeBivCWDvAnrS+ctoN4favX3HJwYJIMKxMVVigoIZAKUyrtRg2Wx42mi0mi77Lp38yOOcQ
X-OriginatorOrg: vivo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 978bb938-e095-4fe6-7b85-08dcc286ae9c
X-MS-Exchange-CrossTenant-AuthSource: PUZPR06MB5676.apcprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2024 08:44:49.2046
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 923e42dc-48d5-4cbe-b582-1a797a6412ed
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 oarDdgCnLLu1bD0YNdAgpPGtiN5V7zz7B0iUSxDUTG5R+/2H6xOuZgBM2/gEIBX9BNqLVEb6aS7vL/9feVYqYg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR06MB6402

Series

udmbuf bug fix and some improvements | expand

Commit Message

Huan Yang Aug. 22, 2024, 8:43 a.m. UTC

There are some variables in udmabuf_create that are only used inside the
loop. Therefore, there is no need to declare them outside the scope.
This patch moved it into loop.

It is difficult to understand the loop condition of the code that adds
folio to the unpin_list.

This patch move item folio pin and record into a single function, when
pinned success, the outer loop of this patch iterates through folios,
while the inner loop correctly sets the folio and corresponding offset
into the udmabuf starting from the offset. if reach to pgcnt or nr_folios,
end of loop.

If item size is huge, folios may use vmalloc to get memory, which can't
cache but return into pcp(or buddy) when vfree. So, each pin may waste
some time in folios array alloc.
This patch also reuse of folios when iter create head, just use max size
of item.

Signed-off-by: Huan Yang <link@vivo.com>
---
 drivers/dma-buf/udmabuf.c | 165 +++++++++++++++++++++++---------------
 1 file changed, 101 insertions(+), 64 deletions(-)

Comments

Kasireddy, Vivek Aug. 29, 2024, 6:39 a.m. UTC | #1

Hi Huan,

> Subject: [PATCH v4 4/5] udmabuf: udmabuf_create codestyle cleanup
> 
> There are some variables in udmabuf_create that are only used inside the
> loop. Therefore, there is no need to declare them outside the scope.
> This patch moved it into loop.
> 
> It is difficult to understand the loop condition of the code that adds
> folio to the unpin_list.
> 
> This patch move item folio pin and record into a single function, when
> pinned success, the outer loop of this patch iterates through folios,
> while the inner loop correctly sets the folio and corresponding offset
> into the udmabuf starting from the offset. if reach to pgcnt or nr_folios,
> end of loop.
> 
> If item size is huge, folios may use vmalloc to get memory, which can't
> cache but return into pcp(or buddy) when vfree. So, each pin may waste
> some time in folios array alloc.
> This patch also reuse of folios when iter create head, just use max size
> of item.
> 
> Signed-off-by: Huan Yang <link@vivo.com>
> ---
>  drivers/dma-buf/udmabuf.c | 165 +++++++++++++++++++++++---------------
>  1 file changed, 101 insertions(+), 64 deletions(-)
> 
> diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
> index 0bbc9df36c0a..eb55bb4a5fcc 100644
> --- a/drivers/dma-buf/udmabuf.c
> +++ b/drivers/dma-buf/udmabuf.c
> @@ -321,17 +321,87 @@ static int export_udmabuf(struct udmabuf *ubuf,
>  	return dma_buf_fd(buf, flags);
>  }
> 
> +static int __udmabuf_pin_list_folios(struct udmabuf_create_item *item,
I think the name udmabuf_pin_folios() for this function would be simple and apt.

> +				     struct udmabuf *ubuf,
> +				     struct folio **folios)
> +{
> +	struct file *memfd = NULL;
> +	pgoff_t pgoff, ipgcnt, upgcnt = ubuf->pagecount;
> +	u32 cur_folio, cur_pgcnt;
> +	struct folio **ubuf_folios;
> +	pgoff_t *ubuf_offsets;
> +	long nr_folios;
> +	loff_t end, start;
> +	int ret;
> +
> +	memfd = fget(item->memfd);
> +	ret = check_memfd_seals(memfd);
> +	if (ret < 0)
> +		goto err;
Please move the above hunk to udmabuf_create(). Lets just have pinning and
processing of folios in this function.

> +
> +	start = item->offset;
> +	ipgcnt = item->size >> PAGE_SHIFT;
I think it would be a bit more clear to have udmabuf_create() pass start and size
values directly to this function instead of item. And rename ipgcnt to something
like subpgcnt or nr_subpgs.

> +	end = start + (ipgcnt << PAGE_SHIFT) - 1;
> +
> +	nr_folios = memfd_pin_folios(memfd, start, end, folios, ipgcnt,
> &pgoff);
> +	if (nr_folios <= 0) {
> +		kvfree(folios);
Please free folios in udmabuf_create() which is where it was allocated.

> +		ret = nr_folios ? nr_folios : -EINVAL;
> +		goto err;
> +	}
> +
> +	cur_pgcnt = 0;
> +	ubuf_folios = ubuf->folios;
> +	ubuf_offsets = ubuf->offsets;
Please initialize these temp variables at declaration time above. No strong
opinion but I am not sure if they are really helpful here. Something like
upgcnt would be OK as it definitely improves readability.

> +
> +	for (cur_folio = 0; cur_folio < nr_folios; ++cur_folio) {
> +		pgoff_t subpgoff = pgoff;
> +		long fsize = folio_size(folios[cur_folio]);
The return type for folio_size() is size_t. Please use that for consistency.

> +
> +		ret = add_to_unpin_list(&ubuf->unpin_list, folios[cur_folio]);
> +		if (ret < 0) {
> +			kfree(folios);
> +			goto err;
> +		}
> +
> +		for (; subpgoff < fsize; subpgoff += PAGE_SIZE) {
> +			ubuf->folios[upgcnt] = folios[cur_folio];
> +			ubuf->offsets[upgcnt] = subpgoff;
> +			++upgcnt;
> +
> +			if (++cur_pgcnt >= ipgcnt)
> +				goto end;
> +		}
> +
> +		/**
> +		 * Only first folio in item may start from offset,
I prefer to use the term range instead of item, in this context.

> +		 * so remain folio start from 0.
> +		 */
> +		pgoff = 0;
> +	}
> +end:
> +	ubuf->pagecount = upgcnt;
> +	fput(memfd);
> +
> +	return 0;
> +
> +err:
> +	ubuf->pagecount = upgcnt;
> +	if (memfd)
> +		fput(memfd);
> +
> +	return ret;
> +}
> +
>  static long udmabuf_create(struct miscdevice *device,
>  			   struct udmabuf_create_list *head,
>  			   struct udmabuf_create_item *list)
>  {
> -	pgoff_t pgoff, pgcnt, pglimit, pgbuf = 0;
> -	long nr_folios, ret = -EINVAL;
> -	struct file *memfd = NULL;
> -	struct folio **folios;
> +	pgoff_t pgcnt = 0, pglimit, max_ipgcnt = 0;
> +	long ret = -EINVAL;
>  	struct udmabuf *ubuf;
> -	u32 i, j, k, flags;
> -	loff_t end;
> +	struct folio **folios = NULL;
> +	u32 i, flags;
> 
>  	ubuf = kzalloc(sizeof(*ubuf), GFP_KERNEL);
>  	if (!ubuf)
> @@ -340,82 +410,50 @@ static long udmabuf_create(struct miscdevice
> *device,
>  	INIT_LIST_HEAD(&ubuf->unpin_list);
>  	pglimit = (size_limit_mb * 1024 * 1024) >> PAGE_SHIFT;
>  	for (i = 0; i < head->count; i++) {
> -		if (!IS_ALIGNED(list[i].offset, PAGE_SIZE))
> +		pgoff_t itempgcnt;
> +
> +		if (!PAGE_ALIGNED(list[i].offset))
>  			goto err;
> -		if (!IS_ALIGNED(list[i].size, PAGE_SIZE))
> +		if (!PAGE_ALIGNED(list[i].size))
>  			goto err;
> -		ubuf->pagecount += list[i].size >> PAGE_SHIFT;
> -		if (ubuf->pagecount > pglimit)
> +
> +		itempgcnt = list[i].size >> PAGE_SHIFT;
> +		pgcnt += itempgcnt;
> +
> +		if (pgcnt > pglimit)
>  			goto err;
> +
> +		max_ipgcnt = max_t(unsigned long, itempgcnt, max_ipgcnt);
Is this optimization really necessary given that, in practice, the userspace provides
only a few ranges? It can stay but please pull these changes into a separate patch.

Thanks,
Vivek

>  	}
> 
> -	if (!ubuf->pagecount)
> +	if (!pgcnt)
>  		goto err;
> 
> -	ubuf->folios = kvmalloc_array(ubuf->pagecount, sizeof(*ubuf-
> >folios),
> +	ubuf->folios = kvmalloc_array(pgcnt, sizeof(*ubuf->folios),
>  				      GFP_KERNEL);
>  	if (!ubuf->folios) {
>  		ret = -ENOMEM;
>  		goto err;
>  	}
> -	ubuf->offsets = kvcalloc(ubuf->pagecount, sizeof(*ubuf->offsets),
> -				 GFP_KERNEL);
> +
> +	ubuf->offsets = kvcalloc(pgcnt, sizeof(*ubuf->offsets), GFP_KERNEL);
>  	if (!ubuf->offsets) {
>  		ret = -ENOMEM;
>  		goto err;
>  	}
> 
> -	pgbuf = 0;
> -	for (i = 0; i < head->count; i++) {
> -		memfd = fget(list[i].memfd);
> -		ret = check_memfd_seals(memfd);
> -		if (ret < 0)
> -			goto err;
> -
> -		pgcnt = list[i].size >> PAGE_SHIFT;
> -		folios = kvmalloc_array(pgcnt, sizeof(*folios), GFP_KERNEL);
> -		if (!folios) {
> -			ret = -ENOMEM;
> -			goto err;
> -		}
> +	folios = kvmalloc_array(max_ipgcnt, sizeof(*folios), GFP_KERNEL);
> +	if (!folios) {
> +		ret = -ENOMEM;
> +		goto err;
> +	}
> 
> -		end = list[i].offset + (pgcnt << PAGE_SHIFT) - 1;
> -		ret = memfd_pin_folios(memfd, list[i].offset, end,
> -				       folios, pgcnt, &pgoff);
> -		if (ret <= 0) {
> -			kvfree(folios);
> -			if (!ret)
> -				ret = -EINVAL;
> +	for (i = 0; i < head->count; i++) {
> +		ret = __udmabuf_pin_list_folios(&list[i], ubuf, folios);
> +		if (ret)
>  			goto err;
> -		}
> -
> -		nr_folios = ret;
> -		pgoff >>= PAGE_SHIFT;
> -		for (j = 0, k = 0; j < pgcnt; j++) {
> -			ubuf->folios[pgbuf] = folios[k];
> -			ubuf->offsets[pgbuf] = pgoff << PAGE_SHIFT;
> -
> -			if (j == 0 || ubuf->folios[pgbuf-1] != folios[k]) {
> -				ret = add_to_unpin_list(&ubuf->unpin_list,
> -							folios[k]);
> -				if (ret < 0) {
> -					kfree(folios);
> -					goto err;
> -				}
> -			}
> -
> -			pgbuf++;
> -			if (++pgoff == folio_nr_pages(folios[k])) {
> -				pgoff = 0;
> -				if (++k == nr_folios)
> -					break;
> -			}
> -		}
> -
> -		kvfree(folios);
> -		fput(memfd);
> -		memfd = NULL;
>  	}
> +	kvfree(folios);
> 
>  	flags = head->flags & UDMABUF_FLAGS_CLOEXEC ? O_CLOEXEC : 0;
>  	ret = export_udmabuf(ubuf, device, flags);
> @@ -425,9 +463,8 @@ static long udmabuf_create(struct miscdevice
> *device,
>  	return ret;
> 
>  err:
> -	if (memfd)
> -		fput(memfd);
>  	unpin_all_folios(&ubuf->unpin_list);
> +	kvfree(folios);
>  	kvfree(ubuf->offsets);
>  	kvfree(ubuf->folios);
>  	kfree(ubuf);
> --
> 2.45.2

Huan Yang Aug. 29, 2024, 6:51 a.m. UTC | #2

在 2024/8/29 14:39, Kasireddy, Vivek 写道:
> Hi Huan,
>
>> Subject: [PATCH v4 4/5] udmabuf: udmabuf_create codestyle cleanup
>>
>> There are some variables in udmabuf_create that are only used inside the
>> loop. Therefore, there is no need to declare them outside the scope.
>> This patch moved it into loop.
>>
>> It is difficult to understand the loop condition of the code that adds
>> folio to the unpin_list.
>>
>> This patch move item folio pin and record into a single function, when
>> pinned success, the outer loop of this patch iterates through folios,
>> while the inner loop correctly sets the folio and corresponding offset
>> into the udmabuf starting from the offset. if reach to pgcnt or nr_folios,
>> end of loop.
>>
>> If item size is huge, folios may use vmalloc to get memory, which can't
>> cache but return into pcp(or buddy) when vfree. So, each pin may waste
>> some time in folios array alloc.
>> This patch also reuse of folios when iter create head, just use max size
>> of item.
>>
>> Signed-off-by: Huan Yang <link@vivo.com>
>> ---
>>   drivers/dma-buf/udmabuf.c | 165 +++++++++++++++++++++++---------------
>>   1 file changed, 101 insertions(+), 64 deletions(-)
>>
>> diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
>> index 0bbc9df36c0a..eb55bb4a5fcc 100644
>> --- a/drivers/dma-buf/udmabuf.c
>> +++ b/drivers/dma-buf/udmabuf.c
>> @@ -321,17 +321,87 @@ static int export_udmabuf(struct udmabuf *ubuf,
>>   	return dma_buf_fd(buf, flags);
>>   }
>>
>> +static int __udmabuf_pin_list_folios(struct udmabuf_create_item *item,
> I think the name udmabuf_pin_folios() for this function would be simple and apt.
>
>> +				     struct udmabuf *ubuf,
>> +				     struct folio **folios)
>> +{
>> +	struct file *memfd = NULL;
>> +	pgoff_t pgoff, ipgcnt, upgcnt = ubuf->pagecount;
>> +	u32 cur_folio, cur_pgcnt;
>> +	struct folio **ubuf_folios;
>> +	pgoff_t *ubuf_offsets;
>> +	long nr_folios;
>> +	loff_t end, start;
>> +	int ret;
>> +
>> +	memfd = fget(item->memfd);
>> +	ret = check_memfd_seals(memfd);
>> +	if (ret < 0)
>> +		goto err;
> Please move the above hunk to udmabuf_create(). Lets just have pinning and
> processing of folios in this function.
>
>> +
>> +	start = item->offset;
>> +	ipgcnt = item->size >> PAGE_SHIFT;
> I think it would be a bit more clear to have udmabuf_create() pass start and size
> values directly to this function instead of item. And rename ipgcnt to something
> like subpgcnt or nr_subpgs.
>
>> +	end = start + (ipgcnt << PAGE_SHIFT) - 1;
>> +
>> +	nr_folios = memfd_pin_folios(memfd, start, end, folios, ipgcnt,
>> &pgoff);
>> +	if (nr_folios <= 0) {
>> +		kvfree(folios);
> Please free folios in udmabuf_create() which is where it was allocated.
>
>> +		ret = nr_folios ? nr_folios : -EINVAL;
>> +		goto err;
>> +	}
>> +
>> +	cur_pgcnt = 0;
>> +	ubuf_folios = ubuf->folios;
>> +	ubuf_offsets = ubuf->offsets;
> Please initialize these temp variables at declaration time above. No strong
> opinion but I am not sure if they are really helpful here. Something like
> upgcnt would be OK as it definitely improves readability.
>
>> +
>> +	for (cur_folio = 0; cur_folio < nr_folios; ++cur_folio) {
>> +		pgoff_t subpgoff = pgoff;
>> +		long fsize = folio_size(folios[cur_folio]);
> The return type for folio_size() is size_t. Please use that for consistency.
>
>> +
>> +		ret = add_to_unpin_list(&ubuf->unpin_list, folios[cur_folio]);
>> +		if (ret < 0) {
>> +			kfree(folios);
>> +			goto err;
>> +		}
>> +
>> +		for (; subpgoff < fsize; subpgoff += PAGE_SIZE) {
>> +			ubuf->folios[upgcnt] = folios[cur_folio];
>> +			ubuf->offsets[upgcnt] = subpgoff;
>> +			++upgcnt;
>> +
>> +			if (++cur_pgcnt >= ipgcnt)
>> +				goto end;
>> +		}
>> +
>> +		/**
>> +		 * Only first folio in item may start from offset,
> I prefer to use the term range instead of item, in this context.
All above I'll rework.
>
>> +		 * so remain folio start from 0.
>> +		 */
>> +		pgoff = 0;
>> +	}
>> +end:
>> +	ubuf->pagecount = upgcnt;
>> +	fput(memfd);
>> +
>> +	return 0;
>> +
>> +err:
>> +	ubuf->pagecount = upgcnt;
>> +	if (memfd)
>> +		fput(memfd);
>> +
>> +	return ret;
>> +}
>> +
>>   static long udmabuf_create(struct miscdevice *device,
>>   			   struct udmabuf_create_list *head,
>>   			   struct udmabuf_create_item *list)
>>   {
>> -	pgoff_t pgoff, pgcnt, pglimit, pgbuf = 0;
>> -	long nr_folios, ret = -EINVAL;
>> -	struct file *memfd = NULL;
>> -	struct folio **folios;
>> +	pgoff_t pgcnt = 0, pglimit, max_ipgcnt = 0;
>> +	long ret = -EINVAL;
>>   	struct udmabuf *ubuf;
>> -	u32 i, j, k, flags;
>> -	loff_t end;
>> +	struct folio **folios = NULL;
>> +	u32 i, flags;
>>
>>   	ubuf = kzalloc(sizeof(*ubuf), GFP_KERNEL);
>>   	if (!ubuf)
>> @@ -340,82 +410,50 @@ static long udmabuf_create(struct miscdevice
>> *device,
>>   	INIT_LIST_HEAD(&ubuf->unpin_list);
>>   	pglimit = (size_limit_mb * 1024 * 1024) >> PAGE_SHIFT;
>>   	for (i = 0; i < head->count; i++) {
>> -		if (!IS_ALIGNED(list[i].offset, PAGE_SIZE))
>> +		pgoff_t itempgcnt;
>> +
>> +		if (!PAGE_ALIGNED(list[i].offset))
>>   			goto err;
>> -		if (!IS_ALIGNED(list[i].size, PAGE_SIZE))
>> +		if (!PAGE_ALIGNED(list[i].size))
>>   			goto err;
>> -		ubuf->pagecount += list[i].size >> PAGE_SHIFT;
>> -		if (ubuf->pagecount > pglimit)
>> +
>> +		itempgcnt = list[i].size >> PAGE_SHIFT;
>> +		pgcnt += itempgcnt;
>> +
>> +		if (pgcnt > pglimit)
>>   			goto err;
>> +
>> +		max_ipgcnt = max_t(unsigned long, itempgcnt, max_ipgcnt);
> Is this optimization really necessary given that, in practice, the userspace provides
> only a few ranges? It can stay but please pull these changes into a separate patch.

OK, I'll separate it.

If few ranges, folios can alloc from kmalloc, if low, from slub is fast. 
If low than PCP order, also fast.

But if trigger vmalloc, I think it's slow more. Consider 3GB udmabuf 
create(even if currently not used)

page array will cost 6MB, from vmalloc will iter alloc 4K page upon to 
1536 time.

So, a little help if only reuse the max size folio.

Thanks for your suggestions.

>
> Thanks,
> Vivek
>
>>   	}
>>
>> -	if (!ubuf->pagecount)
>> +	if (!pgcnt)
>>   		goto err;
>>
>> -	ubuf->folios = kvmalloc_array(ubuf->pagecount, sizeof(*ubuf-
>>> folios),
>> +	ubuf->folios = kvmalloc_array(pgcnt, sizeof(*ubuf->folios),
>>   				      GFP_KERNEL);
>>   	if (!ubuf->folios) {
>>   		ret = -ENOMEM;
>>   		goto err;
>>   	}
>> -	ubuf->offsets = kvcalloc(ubuf->pagecount, sizeof(*ubuf->offsets),
>> -				 GFP_KERNEL);
>> +
>> +	ubuf->offsets = kvcalloc(pgcnt, sizeof(*ubuf->offsets), GFP_KERNEL);
>>   	if (!ubuf->offsets) {
>>   		ret = -ENOMEM;
>>   		goto err;
>>   	}
>>
>> -	pgbuf = 0;
>> -	for (i = 0; i < head->count; i++) {
>> -		memfd = fget(list[i].memfd);
>> -		ret = check_memfd_seals(memfd);
>> -		if (ret < 0)
>> -			goto err;
>> -
>> -		pgcnt = list[i].size >> PAGE_SHIFT;
>> -		folios = kvmalloc_array(pgcnt, sizeof(*folios), GFP_KERNEL);
>> -		if (!folios) {
>> -			ret = -ENOMEM;
>> -			goto err;
>> -		}
>> +	folios = kvmalloc_array(max_ipgcnt, sizeof(*folios), GFP_KERNEL);
>> +	if (!folios) {
>> +		ret = -ENOMEM;
>> +		goto err;
>> +	}
>>
>> -		end = list[i].offset + (pgcnt << PAGE_SHIFT) - 1;
>> -		ret = memfd_pin_folios(memfd, list[i].offset, end,
>> -				       folios, pgcnt, &pgoff);
>> -		if (ret <= 0) {
>> -			kvfree(folios);
>> -			if (!ret)
>> -				ret = -EINVAL;
>> +	for (i = 0; i < head->count; i++) {
>> +		ret = __udmabuf_pin_list_folios(&list[i], ubuf, folios);
>> +		if (ret)
>>   			goto err;
>> -		}
>> -
>> -		nr_folios = ret;
>> -		pgoff >>= PAGE_SHIFT;
>> -		for (j = 0, k = 0; j < pgcnt; j++) {
>> -			ubuf->folios[pgbuf] = folios[k];
>> -			ubuf->offsets[pgbuf] = pgoff << PAGE_SHIFT;
>> -
>> -			if (j == 0 || ubuf->folios[pgbuf-1] != folios[k]) {
>> -				ret = add_to_unpin_list(&ubuf->unpin_list,
>> -							folios[k]);
>> -				if (ret < 0) {
>> -					kfree(folios);
>> -					goto err;
>> -				}
>> -			}
>> -
>> -			pgbuf++;
>> -			if (++pgoff == folio_nr_pages(folios[k])) {
>> -				pgoff = 0;
>> -				if (++k == nr_folios)
>> -					break;
>> -			}
>> -		}
>> -
>> -		kvfree(folios);
>> -		fput(memfd);
>> -		memfd = NULL;
>>   	}
>> +	kvfree(folios);
>>
>>   	flags = head->flags & UDMABUF_FLAGS_CLOEXEC ? O_CLOEXEC : 0;
>>   	ret = export_udmabuf(ubuf, device, flags);
>> @@ -425,9 +463,8 @@ static long udmabuf_create(struct miscdevice
>> *device,
>>   	return ret;
>>
>>   err:
>> -	if (memfd)
>> -		fput(memfd);
>>   	unpin_all_folios(&ubuf->unpin_list);
>> +	kvfree(folios);
>>   	kvfree(ubuf->offsets);
>>   	kvfree(ubuf->folios);
>>   	kfree(ubuf);
>> --
>> 2.45.2

Dan Carpenter Aug. 29, 2024, 10:17 a.m. UTC | #3

Hi Huan,

kernel test robot noticed the following build warnings:

url:    https://github.com/intel-lab-lkp/linux/commits/Huan-Yang/udmabuf-direct-map-pfn-when-first-page-fault/20240826-105359
base:   6a7917c89f219f09b1d88d09f376000914a52763
patch link:    https://lore.kernel.org/r/20240822084342.1574914-5-link%40vivo.com
patch subject: [PATCH v4 4/5] udmabuf: udmabuf_create codestyle cleanup
config: x86_64-randconfig-161-20240829 (https://download.01.org/0day-ci/archive/20240829/202408291101.WAf552sW-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
| Closes: https://lore.kernel.org/r/202408291101.WAf552sW-lkp@intel.com/

smatch warnings:
drivers/dma-buf/udmabuf.c:467 udmabuf_create() error: double free of 'folios'

vim +/folios +467 drivers/dma-buf/udmabuf.c

c1bbed66899726 Gurchetan Singh 2019-12-02  396  static long udmabuf_create(struct miscdevice *device,
c1bbed66899726 Gurchetan Singh 2019-12-02  397  			   struct udmabuf_create_list *head,
c1bbed66899726 Gurchetan Singh 2019-12-02  398  			   struct udmabuf_create_item *list)
fbb0de79507819 Gerd Hoffmann   2018-08-27  399  {
fb2c508270085b Huan Yang       2024-08-22  400  	pgoff_t pgcnt = 0, pglimit, max_ipgcnt = 0;
fb2c508270085b Huan Yang       2024-08-22  401  	long ret = -EINVAL;
fbb0de79507819 Gerd Hoffmann   2018-08-27  402  	struct udmabuf *ubuf;
fb2c508270085b Huan Yang       2024-08-22  403  	struct folio **folios = NULL;
fb2c508270085b Huan Yang       2024-08-22  404  	u32 i, flags;
fbb0de79507819 Gerd Hoffmann   2018-08-27  405  
33f35429fc49c0 Gerd Hoffmann   2018-09-11  406  	ubuf = kzalloc(sizeof(*ubuf), GFP_KERNEL);
fbb0de79507819 Gerd Hoffmann   2018-08-27  407  	if (!ubuf)
fbb0de79507819 Gerd Hoffmann   2018-08-27  408  		return -ENOMEM;
fbb0de79507819 Gerd Hoffmann   2018-08-27  409  
c6a3194c05e7e6 Vivek Kasireddy 2024-06-23  410  	INIT_LIST_HEAD(&ubuf->unpin_list);
dc4716d75154b3 Gerd Hoffmann   2018-09-11  411  	pglimit = (size_limit_mb * 1024 * 1024) >> PAGE_SHIFT;
fbb0de79507819 Gerd Hoffmann   2018-08-27  412  	for (i = 0; i < head->count; i++) {
fb2c508270085b Huan Yang       2024-08-22  413  		pgoff_t itempgcnt;
fb2c508270085b Huan Yang       2024-08-22  414  
fb2c508270085b Huan Yang       2024-08-22  415  		if (!PAGE_ALIGNED(list[i].offset))
0d17455ca85ecb Gerd Hoffmann   2018-09-11  416  			goto err;
fb2c508270085b Huan Yang       2024-08-22  417  		if (!PAGE_ALIGNED(list[i].size))
0d17455ca85ecb Gerd Hoffmann   2018-09-11  418  			goto err;
fb2c508270085b Huan Yang       2024-08-22  419  
fb2c508270085b Huan Yang       2024-08-22  420  		itempgcnt = list[i].size >> PAGE_SHIFT;
fb2c508270085b Huan Yang       2024-08-22  421  		pgcnt += itempgcnt;
fb2c508270085b Huan Yang       2024-08-22  422  
fb2c508270085b Huan Yang       2024-08-22  423  		if (pgcnt > pglimit)
0d17455ca85ecb Gerd Hoffmann   2018-09-11  424  			goto err;
fb2c508270085b Huan Yang       2024-08-22  425  
fb2c508270085b Huan Yang       2024-08-22  426  		max_ipgcnt = max_t(unsigned long, itempgcnt, max_ipgcnt);
fbb0de79507819 Gerd Hoffmann   2018-08-27  427  	}
2b6dd600dd7257 Pavel Skripkin  2021-12-30  428  
fb2c508270085b Huan Yang       2024-08-22  429  	if (!pgcnt)
2b6dd600dd7257 Pavel Skripkin  2021-12-30  430  		goto err;
2b6dd600dd7257 Pavel Skripkin  2021-12-30  431  
fb2c508270085b Huan Yang       2024-08-22  432  	ubuf->folios = kvmalloc_array(pgcnt, sizeof(*ubuf->folios),
fbb0de79507819 Gerd Hoffmann   2018-08-27  433  				      GFP_KERNEL);
5e72b2b41a21e5 Vivek Kasireddy 2024-06-23  434  	if (!ubuf->folios) {
fbb0de79507819 Gerd Hoffmann   2018-08-27  435  		ret = -ENOMEM;
0d17455ca85ecb Gerd Hoffmann   2018-09-11  436  		goto err;
fbb0de79507819 Gerd Hoffmann   2018-08-27  437  	}
fb2c508270085b Huan Yang       2024-08-22  438  
fb2c508270085b Huan Yang       2024-08-22  439  	ubuf->offsets = kvcalloc(pgcnt, sizeof(*ubuf->offsets), GFP_KERNEL);
0c8b91ef5100ea Vivek Kasireddy 2024-06-23  440  	if (!ubuf->offsets) {
0c8b91ef5100ea Vivek Kasireddy 2024-06-23  441  		ret = -ENOMEM;
0c8b91ef5100ea Vivek Kasireddy 2024-06-23  442  		goto err;
0c8b91ef5100ea Vivek Kasireddy 2024-06-23  443  	}
fbb0de79507819 Gerd Hoffmann   2018-08-27  444  
fb2c508270085b Huan Yang       2024-08-22  445  	folios = kvmalloc_array(max_ipgcnt, sizeof(*folios), GFP_KERNEL);
c6a3194c05e7e6 Vivek Kasireddy 2024-06-23  446  	if (!folios) {
c6a3194c05e7e6 Vivek Kasireddy 2024-06-23  447  		ret = -ENOMEM;
c6a3194c05e7e6 Vivek Kasireddy 2024-06-23  448  		goto err;
c6a3194c05e7e6 Vivek Kasireddy 2024-06-23  449  	}
c6a3194c05e7e6 Vivek Kasireddy 2024-06-23  450  
fb2c508270085b Huan Yang       2024-08-22  451  	for (i = 0; i < head->count; i++) {
fb2c508270085b Huan Yang       2024-08-22  452  		ret = __udmabuf_pin_list_folios(&list[i], ubuf, folios);

There is a kfree(folios) hidden inside this function.  It doesn't belong there.

fb2c508270085b Huan Yang       2024-08-22  453  		if (ret)
0d17455ca85ecb Gerd Hoffmann   2018-09-11  454  			goto err;
c6a3194c05e7e6 Vivek Kasireddy 2024-06-23  455  	}
452dc1b0221804 Huan Yang       2024-08-22  456  	kvfree(folios);
                                                        ^^^^^^^^^^^^^^
A second free

fbb0de79507819 Gerd Hoffmann   2018-08-27  457  
5e72b2b41a21e5 Vivek Kasireddy 2024-06-23  458  	flags = head->flags & UDMABUF_FLAGS_CLOEXEC ? O_CLOEXEC : 0;
5e72b2b41a21e5 Vivek Kasireddy 2024-06-23  459  	ret = export_udmabuf(ubuf, device, flags);
5e72b2b41a21e5 Vivek Kasireddy 2024-06-23  460  	if (ret < 0)
0d17455ca85ecb Gerd Hoffmann   2018-09-11  461  		goto err;
                                                                ^^^^^^^^

fbb0de79507819 Gerd Hoffmann   2018-08-27  462  
5e72b2b41a21e5 Vivek Kasireddy 2024-06-23  463  	return ret;
fbb0de79507819 Gerd Hoffmann   2018-08-27  464  
0d17455ca85ecb Gerd Hoffmann   2018-09-11  465  err:
c6a3194c05e7e6 Vivek Kasireddy 2024-06-23  466  	unpin_all_folios(&ubuf->unpin_list);
fb2c508270085b Huan Yang       2024-08-22 @467  	kvfree(folios);
                                                        ^^^^^^^^^^^^^
Double free

452dc1b0221804 Huan Yang       2024-08-22  468  	kvfree(ubuf->offsets);
452dc1b0221804 Huan Yang       2024-08-22  469  	kvfree(ubuf->folios);
fbb0de79507819 Gerd Hoffmann   2018-08-27  470  	kfree(ubuf);
fbb0de79507819 Gerd Hoffmann   2018-08-27  471  	return ret;
fbb0de79507819 Gerd Hoffmann   2018-08-27  472  }

diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
index 0bbc9df36c0a..eb55bb4a5fcc 100644
--- a/drivers/dma-buf/udmabuf.c
+++ b/drivers/dma-buf/udmabuf.c
@@ -321,17 +321,87 @@  static int export_udmabuf(struct udmabuf *ubuf,
 	return dma_buf_fd(buf, flags);
 }
 
+static int __udmabuf_pin_list_folios(struct udmabuf_create_item *item,
+				     struct udmabuf *ubuf,
+				     struct folio **folios)
+{
+	struct file *memfd = NULL;
+	pgoff_t pgoff, ipgcnt, upgcnt = ubuf->pagecount;
+	u32 cur_folio, cur_pgcnt;
+	struct folio **ubuf_folios;
+	pgoff_t *ubuf_offsets;
+	long nr_folios;
+	loff_t end, start;
+	int ret;
+
+	memfd = fget(item->memfd);
+	ret = check_memfd_seals(memfd);
+	if (ret < 0)
+		goto err;
+
+	start = item->offset;
+	ipgcnt = item->size >> PAGE_SHIFT;
+	end = start + (ipgcnt << PAGE_SHIFT) - 1;
+
+	nr_folios = memfd_pin_folios(memfd, start, end, folios, ipgcnt, &pgoff);
+	if (nr_folios <= 0) {
+		kvfree(folios);
+		ret = nr_folios ? nr_folios : -EINVAL;
+		goto err;
+	}
+
+	cur_pgcnt = 0;
+	ubuf_folios = ubuf->folios;
+	ubuf_offsets = ubuf->offsets;
+
+	for (cur_folio = 0; cur_folio < nr_folios; ++cur_folio) {
+		pgoff_t subpgoff = pgoff;
+		long fsize = folio_size(folios[cur_folio]);
+
+		ret = add_to_unpin_list(&ubuf->unpin_list, folios[cur_folio]);
+		if (ret < 0) {
+			kfree(folios);
+			goto err;
+		}
+
+		for (; subpgoff < fsize; subpgoff += PAGE_SIZE) {
+			ubuf->folios[upgcnt] = folios[cur_folio];
+			ubuf->offsets[upgcnt] = subpgoff;
+			++upgcnt;
+
+			if (++cur_pgcnt >= ipgcnt)
+				goto end;
+		}
+
+		/**
+		 * Only first folio in item may start from offset,
+		 * so remain folio start from 0.
+		 */
+		pgoff = 0;
+	}
+end:
+	ubuf->pagecount = upgcnt;
+	fput(memfd);
+
+	return 0;
+
+err:
+	ubuf->pagecount = upgcnt;
+	if (memfd)
+		fput(memfd);
+
+	return ret;
+}
+
 static long udmabuf_create(struct miscdevice *device,
 			   struct udmabuf_create_list *head,
 			   struct udmabuf_create_item *list)
 {
-	pgoff_t pgoff, pgcnt, pglimit, pgbuf = 0;
-	long nr_folios, ret = -EINVAL;
-	struct file *memfd = NULL;
-	struct folio **folios;
+	pgoff_t pgcnt = 0, pglimit, max_ipgcnt = 0;
+	long ret = -EINVAL;
 	struct udmabuf *ubuf;
-	u32 i, j, k, flags;
-	loff_t end;
+	struct folio **folios = NULL;
+	u32 i, flags;
 
 	ubuf = kzalloc(sizeof(*ubuf), GFP_KERNEL);
 	if (!ubuf)
@@ -340,82 +410,50 @@  static long udmabuf_create(struct miscdevice *device,
 	INIT_LIST_HEAD(&ubuf->unpin_list);
 	pglimit = (size_limit_mb * 1024 * 1024) >> PAGE_SHIFT;
 	for (i = 0; i < head->count; i++) {
-		if (!IS_ALIGNED(list[i].offset, PAGE_SIZE))
+		pgoff_t itempgcnt;
+
+		if (!PAGE_ALIGNED(list[i].offset))
 			goto err;
-		if (!IS_ALIGNED(list[i].size, PAGE_SIZE))
+		if (!PAGE_ALIGNED(list[i].size))
 			goto err;
-		ubuf->pagecount += list[i].size >> PAGE_SHIFT;
-		if (ubuf->pagecount > pglimit)
+
+		itempgcnt = list[i].size >> PAGE_SHIFT;
+		pgcnt += itempgcnt;
+
+		if (pgcnt > pglimit)
 			goto err;
+
+		max_ipgcnt = max_t(unsigned long, itempgcnt, max_ipgcnt);
 	}
 
-	if (!ubuf->pagecount)
+	if (!pgcnt)
 		goto err;
 
-	ubuf->folios = kvmalloc_array(ubuf->pagecount, sizeof(*ubuf->folios),
+	ubuf->folios = kvmalloc_array(pgcnt, sizeof(*ubuf->folios),
 				      GFP_KERNEL);
 	if (!ubuf->folios) {
 		ret = -ENOMEM;
 		goto err;
 	}
-	ubuf->offsets = kvcalloc(ubuf->pagecount, sizeof(*ubuf->offsets),
-				 GFP_KERNEL);
+
+	ubuf->offsets = kvcalloc(pgcnt, sizeof(*ubuf->offsets), GFP_KERNEL);
 	if (!ubuf->offsets) {
 		ret = -ENOMEM;
 		goto err;
 	}
 
-	pgbuf = 0;
-	for (i = 0; i < head->count; i++) {
-		memfd = fget(list[i].memfd);
-		ret = check_memfd_seals(memfd);
-		if (ret < 0)
-			goto err;
-
-		pgcnt = list[i].size >> PAGE_SHIFT;
-		folios = kvmalloc_array(pgcnt, sizeof(*folios), GFP_KERNEL);
-		if (!folios) {
-			ret = -ENOMEM;
-			goto err;
-		}
+	folios = kvmalloc_array(max_ipgcnt, sizeof(*folios), GFP_KERNEL);
+	if (!folios) {
+		ret = -ENOMEM;
+		goto err;
+	}
 
-		end = list[i].offset + (pgcnt << PAGE_SHIFT) - 1;
-		ret = memfd_pin_folios(memfd, list[i].offset, end,
-				       folios, pgcnt, &pgoff);
-		if (ret <= 0) {
-			kvfree(folios);
-			if (!ret)
-				ret = -EINVAL;
+	for (i = 0; i < head->count; i++) {
+		ret = __udmabuf_pin_list_folios(&list[i], ubuf, folios);
+		if (ret)
 			goto err;
-		}
-
-		nr_folios = ret;
-		pgoff >>= PAGE_SHIFT;
-		for (j = 0, k = 0; j < pgcnt; j++) {
-			ubuf->folios[pgbuf] = folios[k];
-			ubuf->offsets[pgbuf] = pgoff << PAGE_SHIFT;
-
-			if (j == 0 || ubuf->folios[pgbuf-1] != folios[k]) {
-				ret = add_to_unpin_list(&ubuf->unpin_list,
-							folios[k]);
-				if (ret < 0) {
-					kfree(folios);
-					goto err;
-				}
-			}
-
-			pgbuf++;
-			if (++pgoff == folio_nr_pages(folios[k])) {
-				pgoff = 0;
-				if (++k == nr_folios)
-					break;
-			}
-		}
-
-		kvfree(folios);
-		fput(memfd);
-		memfd = NULL;
 	}
+	kvfree(folios);
 
 	flags = head->flags & UDMABUF_FLAGS_CLOEXEC ? O_CLOEXEC : 0;
 	ret = export_udmabuf(ubuf, device, flags);
@@ -425,9 +463,8 @@  static long udmabuf_create(struct miscdevice *device,
 	return ret;
 
 err:
-	if (memfd)
-		fput(memfd);
 	unpin_all_folios(&ubuf->unpin_list);
+	kvfree(folios);
 	kvfree(ubuf->offsets);
 	kvfree(ubuf->folios);
 	kfree(ubuf);

[v4,4/5] udmabuf: udmabuf_create codestyle cleanup

Commit Message

Comments

Patch