drm/vmwgfx: Protect from excessive execbuf kernel memory allocations v3

#define VMWGFX_REPO "In Tree"

#define VMWGFX_VALIDATION_MEM_GRAN (16*PAGE_SIZE)

/**

 * Fully encoded drm commands. Might move to vmw_drm.h

		spin_unlock(&dev_priv->cap_lock);

	}

	vmw_validation_mem_init_ttm(dev_priv, VMWGFX_VALIDATION_MEM_GRAN);

	ret = vmw_kms_init(dev_priv);

	if (unlikely(ret != 0))

		goto out_no_kms;

	struct vmw_cmdbuf_man *cman;

	DECLARE_BITMAP(irqthread_pending, VMW_IRQTHREAD_MAX);

	/* Validation memory reservation */

	struct vmw_validation_mem vvm;

};

static inline struct vmw_surface *vmw_res_to_srf(struct vmw_resource *res)

extern void vmw_ttm_global_release(struct vmw_private *dev_priv);

extern int vmw_mmap(struct file *filp, struct vm_area_struct *vma);

extern void vmw_validation_mem_init_ttm(struct vmw_private *dev_priv,

					size_t gran);

/**

 * TTM buffer object driver - vmwgfx_ttm_buffer.c

 */

	struct sync_file *sync_file = NULL;

	DECLARE_VAL_CONTEXT(val_ctx, &sw_context->res_ht, 1);

	vmw_validation_set_val_mem(&val_ctx, &dev_priv->vvm);

	if (flags & DRM_VMW_EXECBUF_FLAG_EXPORT_FENCE_FD) {

		out_fence_fd = get_unused_fd_flags(O_CLOEXEC);

		if (out_fence_fd < 0) {

	drm_global_item_unref(&dev_priv->bo_global_ref.ref);

	drm_global_item_unref(&dev_priv->mem_global_ref);

}

/* struct vmw_validation_mem callback */

static int vmw_vmt_reserve(struct vmw_validation_mem *m, size_t size)

{

	static struct ttm_operation_ctx ctx = {.interruptible = false,

					       .no_wait_gpu = false};

	struct vmw_private *dev_priv = container_of(m, struct vmw_private, vvm);

	return ttm_mem_global_alloc(vmw_mem_glob(dev_priv), size, &ctx);

}

/* struct vmw_validation_mem callback */

static void vmw_vmt_unreserve(struct vmw_validation_mem *m, size_t size)

{

	struct vmw_private *dev_priv = container_of(m, struct vmw_private, vvm);

	return ttm_mem_global_free(vmw_mem_glob(dev_priv), size);

}

/**

 * vmw_validation_mem_init_ttm - Interface the validation memory tracker

 * to ttm.

 * @dev_priv: Pointer to struct vmw_private. The reason we choose a vmw private

 * rather than a struct vmw_validation_mem is to make sure assumption in the

 * callbacks that struct vmw_private derives from struct vmw_validation_mem

 * holds true.

 * @gran: The recommended allocation granularity

 */

void vmw_validation_mem_init_ttm(struct vmw_private *dev_priv, size_t gran)

{

	struct vmw_validation_mem *vvm = &dev_priv->vvm;

	vvm->reserve_mem = vmw_vmt_reserve;

	vvm->unreserve_mem = vmw_vmt_unreserve;

	vvm->gran = gran;

}

		return NULL;

	if (ctx->mem_size_left < size) {

		struct page *page = alloc_page(GFP_KERNEL | __GFP_ZERO);

		struct page *page;

		if (ctx->vm && ctx->vm_size_left < PAGE_SIZE) {

			int ret = ctx->vm->reserve_mem(ctx->vm, ctx->vm->gran);

			if (ret)

				return NULL;

			ctx->vm_size_left += ctx->vm->gran;

			ctx->total_mem += ctx->vm->gran;

		}

		page = alloc_page(GFP_KERNEL | __GFP_ZERO);

		if (!page)

			return NULL;

		if (ctx->vm)

			ctx->vm_size_left -= PAGE_SIZE;

		list_add_tail(&page->lru, &ctx->page_list);

		ctx->page_address = page_address(page);

		ctx->mem_size_left = PAGE_SIZE;

	}

	ctx->mem_size_left = 0;

	if (ctx->vm && ctx->total_mem) {

		ctx->vm->unreserve_mem(ctx->vm, ctx->total_mem);

		ctx->total_mem = 0;

		ctx->vm_size_left = 0;

	}

}

/**