Patch "drm/i915: Fix a memory leak with reused mmap_offset" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 29 Jan 2023 22:56:51 -0500

This is a note to let you know that I've just added the patch titled

    drm/i915: Fix a memory leak with reused mmap_offset

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     drm-i915-fix-a-memory-leak-with-reused-mmap_offset.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 521da3152406aed7f94bb089d6128be64a5c8e9f
Author: Nirmoy Das <nirmoy.das@xxxxxxxxx>
Date:   Tue Jan 17 18:52:36 2023 +0100

    drm/i915: Fix a memory leak with reused mmap_offset
    
    [ Upstream commit 0220e4fe178c3390eb0291cdb34912d66972db8a ]
    
    drm_vma_node_allow() and drm_vma_node_revoke() should be called in
    balanced pairs. We call drm_vma_node_allow() once per-file everytime a
    user calls mmap_offset, but only call drm_vma_node_revoke once per-file
    on each mmap_offset. As the mmap_offset is reused by the client, the
    per-file vm_count may remain non-zero and the rbtree leaked.
    
    Call drm_vma_node_allow_once() instead to prevent that memory leak.
    
    Cc: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxxxxxxxx>
    Cc: Andi Shyti <andi.shyti@xxxxxxxxxxxxxxx>
    
    Signed-off-by: Nirmoy Das <nirmoy.das@xxxxxxxxx>
    Fixes: 786555987207 ("drm/i915/gem: Store mmap_offsets in an rbtree rather than a plain list")
    Reported-by: Chuansheng Liu <chuansheng.liu@xxxxxxxxx>
    Reported-by: Mirsad Todorovac <mirsad.todorovac@xxxxxxxxxxxx>
    Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx>
    Reviewed-by: Andi Shyti <andi.shyti@xxxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230117175236.22317-2-nirmoy.das@xxxxxxxxx
    Signed-off-by: Maxime Ripard <maxime@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
index 354c1d6dab84..d445e2d63c9c 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
@@ -697,7 +697,7 @@ mmap_offset_attach(struct drm_i915_gem_object *obj,
 	GEM_BUG_ON(lookup_mmo(obj, mmap_type) != mmo);
 out:
 	if (file)
-		drm_vma_node_allow(&mmo->vma_node, file);
+		drm_vma_node_allow_once(&mmo->vma_node, file);
 	return mmo;
 
 err:






