-----邮件原件-----
发件人: bernard@vivo.com bernard@vivo.com 代表 Jani Nikula
发送时间: 2021年12月31日 19:09
收件人: 赵军奎 bernard@vivo.com; Maarten Lankhorst maarten.lankhorst@linux.intel.com; Maxime Ripard mripard@kernel.org; Thomas Zimmermann tzimmermann@suse.de; David Airlie airlied@linux.ie; Daniel Vetter daniel@ffwll.ch; dri-devel@lists.freedesktop.org; linux-kernel@vger.kernel.org
抄送: 赵军奎 bernard@vivo.com
主题: Re: [PATCH] gpu/drm: fix potential memleak in error branch
On Tue, 16 Nov 2021, Bernard Zhao bernard@vivo.com wrote:
This patch try to fix potential memleak in error branch.
Please elaborate.
Hi Jani:
This patch try to fix potential memleak in error branch.
For example:
nv50_sor_create ->nv50_mstm_new-> drm_dp_mst_topology_mgr_init
In function drm_dp_mst_topology_mgr_init, there are five error branches, error branch just return error code, no free called.
And we see that the caller didn`t do the drm_dp_mst_topology_mgr_destroy job.
I am not sure if there some gap, I think this may bring in the risk of memleak issue.
Thanks!
BR//Bernard
BR,
Jani.
drivers/gpu/drm/drm_dp_mst_topology.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c
b/drivers/gpu/drm/drm_dp_mst_topology.c
index f3d79eda94bb..f73b180dee73 100644
--- a/drivers/gpu/drm/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/drm_dp_mst_topology.c
@@ -5501,7 +5501,10 @@ int drm_dp_mst_topology_mgr_init(struct drm_dp_mst_topology_mgr *mgr,
int max_lane_count, int max_link_rate,
int conn_base_id)
{
- struct drm_dp_mst_topology_state *mst_state;
struct drm_dp_mst_topology_state *mst_state = NULL;
mgr->payloads = NULL;
mgr->proposed_vcpis = NULL;
mutex_init(&mgr->lock);
mutex_init(&mgr->qlock);
@@ -5523,7 +5526,7 @@ int drm_dp_mst_topology_mgr_init(struct drm_dp_mst_topology_mgr *mgr,
*/
mgr->delayed_destroy_wq = alloc_ordered_workqueue("drm_dp_mst_wq", 0);
if (mgr->delayed_destroy_wq == NULL)
goto out;
INIT_WORK(&mgr->work, drm_dp_mst_link_probe_work);
INIT_WORK(&mgr->tx_work, drm_dp_tx_work); @@ -5539,18 +5542,18 @@
int drm_dp_mst_topology_mgr_init(struct drm_dp_mst_topology_mgr *mgr,
mgr->conn_base_id = conn_base_id;
if (max_payloads + 1 > sizeof(mgr->payload_mask) * 8 ||
max_payloads + 1 > sizeof(mgr->vcpi_mask) * 8)
goto failed;
mgr->payloads = kcalloc(max_payloads, sizeof(struct drm_dp_payload), GFP_KERNEL);
if (!mgr->payloads)
goto failed;
mgr->proposed_vcpis = kcalloc(max_payloads, sizeof(struct drm_dp_vcpi *), GFP_KERNEL);
if (!mgr->proposed_vcpis)
goto failed;
set_bit(0, &mgr->payload_mask);
mst_state = kzalloc(sizeof(*mst_state), GFP_KERNEL);
if (mst_state == NULL)
@@ -5563,6 +5566,13 @@ int drm_dp_mst_topology_mgr_init(struct drm_dp_mst_topology_mgr *mgr,
&drm_dp_mst_topology_state_funcs);
return 0;
+failed:
- kfree(mgr->proposed_vcpis);
- kfree(mgr->payloads);
- destroy_workqueue(mgr->delayed_destroy_wq);
+out:
}
EXPORT_SYMBOL(drm_dp_mst_topology_mgr_init);
--
Jani Nikula, Intel Open Source Graphics Center