On 2019/12/29 4:45, Markus Elfring wrote:
v3d_submit_cl_ioctl call kfree() with variable 'bin' twice.
I would prefer a wording like “kfree() was called for the same variable twice
within an if branch.”.
Fix it by removing the latter one.
I find the wording “Delete a duplicate function call.” more appropriate.
Thank you for your advise, I'll make changes in V2 patch.
Please add the tag “Fixes” to your change description.
I got the results from "git blame":
git blame -L 570,575 drivers/gpu/drm/v3d/v3d_gem.c
a783a09ee76d6 (Eric Anholt 2019-04-16 15:58:53 -0700 570)
if (ret) {
0d352a3a8a1f2 (Iago Toral Quiroga 2019-09-16 09:11:25 +0200 571)
kfree(bin);
a783a09ee76d6 (Eric Anholt 2019-04-16 15:58:53 -0700 572)
v3d_job_put(&render->base);
29cd13cfd7624 (Navid Emamdoost 2019-10-21 13:52:49 -0500 573)
kfree(bin);
a783a09ee76d6 (Eric Anholt 2019-04-16 15:58:53 -0700 574)
return ret;
a783a09ee76d6 (Eric Anholt 2019-04-16 15:58:53 -0700 575)
}
The first kfree belong to the patch 0d352a3a8a1f2 :
commit 0d352a3a8a1f26168d09f7073e61bb4b328e3bb9
Author: Iago Toral Quiroga <itoral@xxxxxxxxxx>
Date: Mon Sep 16 09:11:25 2019 +0200
drm/v3d: don't leak bin job if v3d_job_init fails.
If the initialization of the job fails we need to kfree() it
before returning.
Signed-off-by: Iago Toral Quiroga <itoral@xxxxxxxxxx>
Signed-off-by: Eric Anholt <eric@xxxxxxxxxx>
Link:
https://patchwork.freedesktop.org/patch/msgid/20190916071125.5255-1-itoral@xxxxxxxxxx
Fixes: a783a09ee76d ("drm/v3d: Refactor job management.")
Reviewed-by: Eric Anholt <eric@xxxxxxxxxx>
diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c
index 5d80507b539b..fb32cda18ffe 100644
--- a/drivers/gpu/drm/v3d/v3d_gem.c
+++ b/drivers/gpu/drm/v3d/v3d_gem.c
@@ -563,6 +563,7 @@ v3d_submit_cl_ioctl(struct drm_device *dev, void *data,
ret = v3d_job_init(v3d, file_priv, &bin->base,
v3d_job_free, args->in_sync_bcl);
if (ret) {
+ kfree(bin);
v3d_job_put(&render->base);
return ret;
}
And the second belong to 29cd13cfd7624:
commit 29cd13cfd7624726d9e6becbae9aa419ef35af7f
Author: Navid Emamdoost <navid.emamdoost@xxxxxxxxx>
Date: Mon Oct 21 13:52:49 2019 -0500
drm/v3d: Fix memory leak in v3d_submit_cl_ioctl
In the impelementation of v3d_submit_cl_ioctl() there are two memory
leaks. One is when allocation for bin fails, and the other is when bin
initialization fails. If kcalloc fails to allocate memory for bin then
render->base should be put. Also, if v3d_job_init() fails to initialize
bin->base then allocated memory for bin should be released.
Fixes: a783a09ee76d ("drm/v3d: Refactor job management.")
Signed-off-by: Navid Emamdoost <navid.emamdoost@xxxxxxxxx>
Reviewed-by: Eric Anholt <eric@xxxxxxxxxx>
Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxx>
Link:
https://patchwork.freedesktop.org/patch/msgid/20191021185250.26130-1-navid.emamdoost@xxxxxxxxx
diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c
index 5d80507b539b..19c092d75266 100644
--- a/drivers/gpu/drm/v3d/v3d_gem.c
+++ b/drivers/gpu/drm/v3d/v3d_gem.c
@@ -557,13 +557,16 @@ v3d_submit_cl_ioctl(struct drm_device *dev, void
*data,
if (args->bcl_start != args->bcl_end) {
bin = kcalloc(1, sizeof(*bin), GFP_KERNEL);
- if (!bin)
+ if (!bin) {
+ v3d_job_put(&render->base);
return -ENOMEM;
+ }
ret = v3d_job_init(v3d, file_priv, &bin->base,
v3d_job_free, args->in_sync_bcl);
if (ret) {
v3d_job_put(&render->base);
+ kfree(bin);
return ret;
}
It seems the two patches fix the same memory leak, but I have no idea
how thet get together without conflict.
Thanks
Yu Kuai
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
