mic: vop: Fix use-after-free on remove
[linux/fpc-iii.git] / drivers / scsi / sym53c8xx_2 / sym_malloc.c
blob6f9af0de7ec3ef55a6a75a16a231e96dd485cce8
1 /*
2 * Device driver for the SYMBIOS/LSILOGIC 53C8XX and 53C1010 family
3 * of PCI-SCSI IO processors.
5 * Copyright (C) 1999-2001 Gerard Roudier <groudier@free.fr>
7 * This driver is derived from the Linux sym53c8xx driver.
8 * Copyright (C) 1998-2000 Gerard Roudier
10 * The sym53c8xx driver is derived from the ncr53c8xx driver that had been
11 * a port of the FreeBSD ncr driver to Linux-1.2.13.
13 * The original ncr driver has been written for 386bsd and FreeBSD by
14 * Wolfgang Stanglmeier <wolf@cologne.de>
15 * Stefan Esser <se@mi.Uni-Koeln.de>
16 * Copyright (C) 1994 Wolfgang Stanglmeier
18 * Other major contributions:
20 * NVRAM detection and reading.
21 * Copyright (C) 1997 Richard Waltham <dormouse@farsrobt.demon.co.uk>
23 *-----------------------------------------------------------------------------
25 * This program is free software; you can redistribute it and/or modify
26 * it under the terms of the GNU General Public License as published by
27 * the Free Software Foundation; either version 2 of the License, or
28 * (at your option) any later version.
30 * This program is distributed in the hope that it will be useful,
31 * but WITHOUT ANY WARRANTY; without even the implied warranty of
32 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
33 * GNU General Public License for more details.
35 * You should have received a copy of the GNU General Public License
36 * along with this program; if not, write to the Free Software
37 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
40 #include "sym_glue.h"
43 * Simple power of two buddy-like generic allocator.
44 * Provides naturally aligned memory chunks.
46 * This simple code is not intended to be fast, but to
47 * provide power of 2 aligned memory allocations.
48 * Since the SCRIPTS processor only supplies 8 bit arithmetic,
49 * this allocator allows simple and fast address calculations
50 * from the SCRIPTS code. In addition, cache line alignment
51 * is guaranteed for power of 2 cache line size.
53 * This allocator has been developed for the Linux sym53c8xx
54 * driver, since this O/S does not provide naturally aligned
55 * allocations.
56 * It has the advantage of allowing the driver to use private
57 * pages of memory that will be useful if we ever need to deal
58 * with IO MMUs for PCI.
60 static void *___sym_malloc(m_pool_p mp, int size)
62 int i = 0;
63 int s = (1 << SYM_MEM_SHIFT);
64 int j;
65 void *a;
66 m_link_p h = mp->h;
68 if (size > SYM_MEM_CLUSTER_SIZE)
69 return NULL;
71 while (size > s) {
72 s <<= 1;
73 ++i;
76 j = i;
77 while (!h[j].next) {
78 if (s == SYM_MEM_CLUSTER_SIZE) {
79 h[j].next = (m_link_p) M_GET_MEM_CLUSTER();
80 if (h[j].next)
81 h[j].next->next = NULL;
82 break;
84 ++j;
85 s <<= 1;
87 a = h[j].next;
88 if (a) {
89 h[j].next = h[j].next->next;
90 while (j > i) {
91 j -= 1;
92 s >>= 1;
93 h[j].next = (m_link_p) (a+s);
94 h[j].next->next = NULL;
97 #ifdef DEBUG
98 printf("___sym_malloc(%d) = %p\n", size, (void *) a);
99 #endif
100 return a;
104 * Counter-part of the generic allocator.
106 static void ___sym_mfree(m_pool_p mp, void *ptr, int size)
108 int i = 0;
109 int s = (1 << SYM_MEM_SHIFT);
110 m_link_p q;
111 unsigned long a, b;
112 m_link_p h = mp->h;
114 #ifdef DEBUG
115 printf("___sym_mfree(%p, %d)\n", ptr, size);
116 #endif
118 if (size > SYM_MEM_CLUSTER_SIZE)
119 return;
121 while (size > s) {
122 s <<= 1;
123 ++i;
126 a = (unsigned long)ptr;
128 while (1) {
129 if (s == SYM_MEM_CLUSTER_SIZE) {
130 #ifdef SYM_MEM_FREE_UNUSED
131 M_FREE_MEM_CLUSTER((void *)a);
132 #else
133 ((m_link_p) a)->next = h[i].next;
134 h[i].next = (m_link_p) a;
135 #endif
136 break;
138 b = a ^ s;
139 q = &h[i];
140 while (q->next && q->next != (m_link_p) b) {
141 q = q->next;
143 if (!q->next) {
144 ((m_link_p) a)->next = h[i].next;
145 h[i].next = (m_link_p) a;
146 break;
148 q->next = q->next->next;
149 a = a & b;
150 s <<= 1;
151 ++i;
156 * Verbose and zeroing allocator that wrapps to the generic allocator.
158 static void *__sym_calloc2(m_pool_p mp, int size, char *name, int uflags)
160 void *p;
162 p = ___sym_malloc(mp, size);
164 if (DEBUG_FLAGS & DEBUG_ALLOC) {
165 printf ("new %-10s[%4d] @%p.\n", name, size, p);
168 if (p)
169 memset(p, 0, size);
170 else if (uflags & SYM_MEM_WARN)
171 printf ("__sym_calloc2: failed to allocate %s[%d]\n", name, size);
172 return p;
174 #define __sym_calloc(mp, s, n) __sym_calloc2(mp, s, n, SYM_MEM_WARN)
177 * Its counter-part.
179 static void __sym_mfree(m_pool_p mp, void *ptr, int size, char *name)
181 if (DEBUG_FLAGS & DEBUG_ALLOC)
182 printf ("freeing %-10s[%4d] @%p.\n", name, size, ptr);
184 ___sym_mfree(mp, ptr, size);
188 * Default memory pool we donnot need to involve in DMA.
190 * With DMA abstraction, we use functions (methods), to
191 * distinguish between non DMAable memory and DMAable memory.
193 static void *___mp0_get_mem_cluster(m_pool_p mp)
195 void *m = sym_get_mem_cluster();
196 if (m)
197 ++mp->nump;
198 return m;
201 #ifdef SYM_MEM_FREE_UNUSED
202 static void ___mp0_free_mem_cluster(m_pool_p mp, void *m)
204 sym_free_mem_cluster(m);
205 --mp->nump;
207 #else
208 #define ___mp0_free_mem_cluster NULL
209 #endif
211 static struct sym_m_pool mp0 = {
212 NULL,
213 ___mp0_get_mem_cluster,
214 ___mp0_free_mem_cluster
218 * Methods that maintains DMAable pools according to user allocations.
219 * New pools are created on the fly when a new pool id is provided.
220 * They are deleted on the fly when they get emptied.
222 /* Get a memory cluster that matches the DMA constraints of a given pool */
223 static void * ___get_dma_mem_cluster(m_pool_p mp)
225 m_vtob_p vbp;
226 void *vaddr;
228 vbp = __sym_calloc(&mp0, sizeof(*vbp), "VTOB");
229 if (!vbp)
230 goto out_err;
232 vaddr = sym_m_get_dma_mem_cluster(mp, vbp);
233 if (vaddr) {
234 int hc = VTOB_HASH_CODE(vaddr);
235 vbp->next = mp->vtob[hc];
236 mp->vtob[hc] = vbp;
237 ++mp->nump;
239 return vaddr;
240 out_err:
241 return NULL;
244 #ifdef SYM_MEM_FREE_UNUSED
245 /* Free a memory cluster and associated resources for DMA */
246 static void ___free_dma_mem_cluster(m_pool_p mp, void *m)
248 m_vtob_p *vbpp, vbp;
249 int hc = VTOB_HASH_CODE(m);
251 vbpp = &mp->vtob[hc];
252 while (*vbpp && (*vbpp)->vaddr != m)
253 vbpp = &(*vbpp)->next;
254 if (*vbpp) {
255 vbp = *vbpp;
256 *vbpp = (*vbpp)->next;
257 sym_m_free_dma_mem_cluster(mp, vbp);
258 __sym_mfree(&mp0, vbp, sizeof(*vbp), "VTOB");
259 --mp->nump;
262 #endif
264 /* Fetch the memory pool for a given pool id (i.e. DMA constraints) */
265 static inline m_pool_p ___get_dma_pool(m_pool_ident_t dev_dmat)
267 m_pool_p mp;
268 for (mp = mp0.next;
269 mp && !sym_m_pool_match(mp->dev_dmat, dev_dmat);
270 mp = mp->next);
271 return mp;
274 /* Create a new memory DMAable pool (when fetch failed) */
275 static m_pool_p ___cre_dma_pool(m_pool_ident_t dev_dmat)
277 m_pool_p mp = __sym_calloc(&mp0, sizeof(*mp), "MPOOL");
278 if (mp) {
279 mp->dev_dmat = dev_dmat;
280 mp->get_mem_cluster = ___get_dma_mem_cluster;
281 #ifdef SYM_MEM_FREE_UNUSED
282 mp->free_mem_cluster = ___free_dma_mem_cluster;
283 #endif
284 mp->next = mp0.next;
285 mp0.next = mp;
286 return mp;
288 return NULL;
291 #ifdef SYM_MEM_FREE_UNUSED
292 /* Destroy a DMAable memory pool (when got emptied) */
293 static void ___del_dma_pool(m_pool_p p)
295 m_pool_p *pp = &mp0.next;
297 while (*pp && *pp != p)
298 pp = &(*pp)->next;
299 if (*pp) {
300 *pp = (*pp)->next;
301 __sym_mfree(&mp0, p, sizeof(*p), "MPOOL");
304 #endif
306 /* This lock protects only the memory allocation/free. */
307 static DEFINE_SPINLOCK(sym53c8xx_lock);
310 * Actual allocator for DMAable memory.
312 void *__sym_calloc_dma(m_pool_ident_t dev_dmat, int size, char *name)
314 unsigned long flags;
315 m_pool_p mp;
316 void *m = NULL;
318 spin_lock_irqsave(&sym53c8xx_lock, flags);
319 mp = ___get_dma_pool(dev_dmat);
320 if (!mp)
321 mp = ___cre_dma_pool(dev_dmat);
322 if (!mp)
323 goto out;
324 m = __sym_calloc(mp, size, name);
325 #ifdef SYM_MEM_FREE_UNUSED
326 if (!mp->nump)
327 ___del_dma_pool(mp);
328 #endif
330 out:
331 spin_unlock_irqrestore(&sym53c8xx_lock, flags);
332 return m;
335 void __sym_mfree_dma(m_pool_ident_t dev_dmat, void *m, int size, char *name)
337 unsigned long flags;
338 m_pool_p mp;
340 spin_lock_irqsave(&sym53c8xx_lock, flags);
341 mp = ___get_dma_pool(dev_dmat);
342 if (!mp)
343 goto out;
344 __sym_mfree(mp, m, size, name);
345 #ifdef SYM_MEM_FREE_UNUSED
346 if (!mp->nump)
347 ___del_dma_pool(mp);
348 #endif
349 out:
350 spin_unlock_irqrestore(&sym53c8xx_lock, flags);
354 * Actual virtual to bus physical address translator
355 * for 32 bit addressable DMAable memory.
357 dma_addr_t __vtobus(m_pool_ident_t dev_dmat, void *m)
359 unsigned long flags;
360 m_pool_p mp;
361 int hc = VTOB_HASH_CODE(m);
362 m_vtob_p vp = NULL;
363 void *a = (void *)((unsigned long)m & ~SYM_MEM_CLUSTER_MASK);
364 dma_addr_t b;
366 spin_lock_irqsave(&sym53c8xx_lock, flags);
367 mp = ___get_dma_pool(dev_dmat);
368 if (mp) {
369 vp = mp->vtob[hc];
370 while (vp && vp->vaddr != a)
371 vp = vp->next;
373 if (!vp)
374 panic("sym: VTOBUS FAILED!\n");
375 b = vp->baddr + (m - a);
376 spin_unlock_irqrestore(&sym53c8xx_lock, flags);
377 return b;