Re: [PATCH] drm/gem-shmem: When drm_gem_object_init failed, should release object

[Thomas Zimmermann <tzimmermann@xxxxxxx>]

Hi

Am 09.11.22 um 10:07 schrieb Chunyou Tang:
> Hi,
>
> drm_gem_object_init() will do these before failed:
>
> void drm_gem_private_object_init(struct drm_device *dev,
>                                   struct drm_gem_object *obj, size_t
> size) {
>          BUG_ON((size & (PAGE_SIZE - 1)) != 0);
>
>          obj->dev = dev;
>          obj->filp = NULL;
>
>          kref_init(&obj->refcount);
>          obj->handle_count = 0;
>          obj->size = size;
>          dma_resv_init(&obj->_resv);
>          if (!obj->resv)
>                  obj->resv = &obj->_resv;
>
>          drm_vma_node_reset(&obj->vma_node);
>          INIT_LIST_HEAD(&obj->lru_node);
> }
>
> so I think when it failed, should use drm_gem_object_release()
> to do dma_resv_fini() and others.

Thanks for bringing this up. We should indeed call dma_resv_fini(), but 
not via drm_gem_object_relaese().  If the branch at [1] has an error, it 
should call dma_resv_fini() so that the GEM object is still 
uninitialized and can be freed.

IMHO it would make sense to introduce drm_gem_private_object_fini() to 
revert the effects of drm_gem_private_object_init().

Best regards
Thomas

[1] 
https://elixir.bootlin.com/linux/latest/source/drivers/gpu/drm/drm_gem.c#L133

> another, if drm_gem_object_init() fails, the drm_gem_handle_create()
> can not be called.
>
> 于 Tue, 8 Nov 2022 09:28:34 +0100
> Thomas Zimmermann <tzimmermann@xxxxxxx> 写道:
>
> > Hi
> >
> > Am 08.11.22 um 03:03 schrieb ChunyouTang:
> > > when goto err_free, the object had init, so it should be release
> > > when fail.
> >
> > If the call to drm_gem_object_init() fails, the object is still
> > uninitialized. Admittedly, the call to gem_create_object could need
> > additional cleanup, but it appears as if no one has had a need for
> > this so far.
> >
> > Is there anything that might leak?
> >
> > > Signed-off-by: ChunyouTang <tangchunyou@xxxxxxx>
> > > ---
> > >    drivers/gpu/drm/drm_gem_shmem_helper.c | 4 ++--
> > >    1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c
> > > b/drivers/gpu/drm/drm_gem_shmem_helper.c index
> > > 35138f8a375c..2e5e3207355f 100644 ---
> > > a/drivers/gpu/drm/drm_gem_shmem_helper.c +++
> > > b/drivers/gpu/drm/drm_gem_shmem_helper.c @@ -104,10 +104,10 @@
> > > __drm_gem_shmem_create(struct drm_device *dev, size_t size, bool
> > > private) return shmem;
> > >    
> > > -err_release:
> > > -	drm_gem_object_release(obj);
> > >    err_free:
> > >    	kfree(obj);
> > > +err_release:
> > > +	drm_gem_object_release(obj);
> >
> > You have now freed the object's memory before releasing it. Not going
> > to work.
> >
> > Best regards
> > Thomas
> >
> > >    
> > >    	return ERR_PTR(ret);
> > >    }

--
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev

Attachment: OpenPGP_signature
Description: OpenPGP digital signature