From 0a0983fdc5b69e42a9e71998d03ee0086d611dcf Mon Sep 17 00:00:00 2001 From: leonidk Date: Sun, 17 Jun 2007 17:46:00 +0000 Subject: [PATCH] [MTHCA] bugfix: alloc_dma_mem leaves the output structure partly initialized on error, which causes crash on free_dma_mem. git-svn-id: svn://openib.tc.cornell.edu/gen1@713 ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86 --- trunk/hw/mthca/kernel/mt_memory.c | 41 +++++++++++++++++++++---------- trunk/hw/mthca/kernel/mt_memory.h | 1 - 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/trunk/hw/mthca/kernel/mt_memory.c b/trunk/hw/mthca/kernel/mt_memory.c index 755ea961..868472a9 100644 --- a/trunk/hw/mthca/kernel/mt_memory.c +++ b/trunk/hw/mthca/kernel/mt_memory.c @@ -236,6 +236,8 @@ int pci_unmap_sg(struct mthca_dev *dev, #endif } +/* The function zeroes 'struct scatterlist' and then fills it with values. + On error 'struct scatterlist' is returned zeroed */ void *alloc_dma_mem( IN struct mthca_dev *dev, IN unsigned long size, @@ -244,27 +246,34 @@ void *alloc_dma_mem( void *va; DMA_ADAPTER *p_dma = dev->ext->p_dma_adapter; - #ifndef USE_GET_SG_LIST - PHYSICAL_ADDRESS pa; + PHYSICAL_ADDRESS pa = {0}; ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL); RtlZeroMemory(p_sg,sizeof *p_sg); - p_sg->length = size; + if (!size) + return NULL; + va = p_dma->DmaOperations->AllocateCommonBuffer( p_dma, size, &pa, FALSE ); - p_sg->dma_address = pa.QuadPart; + if (va) { + p_sg->length = size; + p_sg->dma_address = pa.QuadPart; + p_sg->page = va; + } #else int err; PHYSICAL_ADDRESS la = {0}, ba = {0}, ha = {(u64)(-1I64)}; + PMDL p_mdl; ASSERT(KeGetCurrentIrql() <= DISPATCH_LEVEL); RtlZeroMemory(p_sg,sizeof *p_sg); - p_sg->length = size; + if (!size) + return NULL; // allocate memory va = MmAllocateContiguousMemorySpecifyCache( @@ -275,12 +284,17 @@ void *alloc_dma_mem( } // allocate MDL - p_sg->p_mdl = IoAllocateMdl( va, size, FALSE, FALSE, NULL ); - if (!p_sg->p_mdl) { + p_mdl = IoAllocateMdl( va, size, FALSE, FALSE, NULL ); + if (!p_mdl) { HCA_PRINT(TRACE_LEVEL_ERROR ,HCA_DBG_LOW ,("MmAllocateContiguousMemorySpecifyCache failed on %#x size\n", size ))); goto err_mdl; } - MmBuildMdlForNonPagedPool( p_sg->p_mdl ); + MmBuildMdlForNonPagedPool( p_mdl ); + + p_sg->p_mdl = p_mdl; + p_sg->length = size; + p_sg->page = va; + goto end; err_mdl: @@ -291,7 +305,6 @@ end: #endif - p_sg->page = va; return va; } @@ -306,10 +319,12 @@ void free_dma_mem( ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL); - pa.QuadPart = p_sg->dma_address; - p_dma->DmaOperations->FreeCommonBuffer( - p_dma, p_sg->length, pa, - p_sg->page, FALSE ); + if (p_sg->length) { + pa.QuadPart = p_sg->dma_address; + p_dma->DmaOperations->FreeCommonBuffer( + p_dma, p_sg->length, pa, + p_sg->page, FALSE ); + } #else diff --git a/trunk/hw/mthca/kernel/mt_memory.h b/trunk/hw/mthca/kernel/mt_memory.h index 98b0d545..66be696d 100644 --- a/trunk/hw/mthca/kernel/mt_memory.h +++ b/trunk/hw/mthca/kernel/mt_memory.h @@ -178,7 +178,6 @@ static inline void *alloc_dma_zmem_map( { void *va = alloc_dma_zmem( dev, size, p_sg ); if (va) { - RtlZeroMemory(va, size); if (!pci_map_sg( dev, p_sg, 1, direction )) { free_dma_mem( dev, p_sg ); va = NULL; -- 2.41.0