drm/nouveau: fix memory leak in nouveau_conn_reset()

Submitted by Liu, Yongxin on July 1, 2019, 1:46 a.m.

Details

Message ID 20190701014622.13199-1-yongxin.liu@windriver.com
State New
Headers show
Series "drm/nouveau: fix memory leak in nouveau_conn_reset()" ( rev: 1 ) in Nouveau

Not browsing as part of any series.

Commit Message

Liu, Yongxin July 1, 2019, 1:46 a.m.
In nouveau_conn_reset(), if connector->state is true,
__drm_atomic_helper_connector_destroy_state() will be called,
but the memory pointed by asyc isn't freed. Memory leak happens
in the following function __drm_atomic_helper_connector_reset(),
where newly allocated asyc->state will be assigned to connector->state.

So using nouveau_conn_atomic_destroy_state() instead of
__drm_atomic_helper_connector_destroy_state to free the "old" asyc.

Here the is the log showing memory leak.

unreferenced object 0xffff8c5480483c80 (size 192):
  comm "kworker/0:2", pid 188, jiffies 4294695279 (age 53.179s)
  hex dump (first 32 bytes):
    00 f0 ba 7b 54 8c ff ff 00 00 00 00 00 00 00 00  ...{T...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000005005c0d0>] kmem_cache_alloc_trace+0x195/0x2c0
    [<00000000a122baed>] nouveau_conn_reset+0x25/0xc0 [nouveau]
    [<000000004fd189a2>] nouveau_connector_create+0x3a7/0x610 [nouveau]
    [<00000000c73343a8>] nv50_display_create+0x343/0x980 [nouveau]
    [<000000002e2b03c3>] nouveau_display_create+0x51f/0x660 [nouveau]
    [<00000000c924699b>] nouveau_drm_device_init+0x182/0x7f0 [nouveau]
    [<00000000cc029436>] nouveau_drm_probe+0x20c/0x2c0 [nouveau]
    [<000000007e961c3e>] local_pci_probe+0x47/0xa0
    [<00000000da14d569>] work_for_cpu_fn+0x1a/0x30
    [<0000000028da4805>] process_one_work+0x27c/0x660
    [<000000001d415b04>] worker_thread+0x22b/0x3f0
    [<0000000003b69f1f>] kthread+0x12f/0x150
    [<00000000c94c29b7>] ret_from_fork+0x3a/0x50

Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
 drivers/gpu/drm/nouveau/nouveau_connector.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
index 4116ee62adaf..f69ff22beee0 100644
--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
+++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
@@ -252,7 +252,7 @@  nouveau_conn_reset(struct drm_connector *connector)
 		return;
 
 	if (connector->state)
-		__drm_atomic_helper_connector_destroy_state(connector->state);
+		nouveau_conn_atomic_destroy_state(connector, connector->state);
 	__drm_atomic_helper_connector_reset(connector, &asyc->state);
 	asyc->dither.mode = DITHERING_MODE_AUTO;
 	asyc->dither.depth = DITHERING_DEPTH_AUTO;

Comments

On Mon, 1 Jul 2019 at 12:37, Yongxin Liu <yongxin.liu@windriver.com> wrote:
>
> In nouveau_conn_reset(), if connector->state is true,
> __drm_atomic_helper_connector_destroy_state() will be called,
> but the memory pointed by asyc isn't freed. Memory leak happens
> in the following function __drm_atomic_helper_connector_reset(),
> where newly allocated asyc->state will be assigned to connector->state.
>
> So using nouveau_conn_atomic_destroy_state() instead of
> __drm_atomic_helper_connector_destroy_state to free the "old" asyc.
>
> Here the is the log showing memory leak.
>
> unreferenced object 0xffff8c5480483c80 (size 192):
>   comm "kworker/0:2", pid 188, jiffies 4294695279 (age 53.179s)
>   hex dump (first 32 bytes):
>     00 f0 ba 7b 54 8c ff ff 00 00 00 00 00 00 00 00  ...{T...........
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>   backtrace:
>     [<000000005005c0d0>] kmem_cache_alloc_trace+0x195/0x2c0
>     [<00000000a122baed>] nouveau_conn_reset+0x25/0xc0 [nouveau]
>     [<000000004fd189a2>] nouveau_connector_create+0x3a7/0x610 [nouveau]
>     [<00000000c73343a8>] nv50_display_create+0x343/0x980 [nouveau]
>     [<000000002e2b03c3>] nouveau_display_create+0x51f/0x660 [nouveau]
>     [<00000000c924699b>] nouveau_drm_device_init+0x182/0x7f0 [nouveau]
>     [<00000000cc029436>] nouveau_drm_probe+0x20c/0x2c0 [nouveau]
>     [<000000007e961c3e>] local_pci_probe+0x47/0xa0
>     [<00000000da14d569>] work_for_cpu_fn+0x1a/0x30
>     [<0000000028da4805>] process_one_work+0x27c/0x660
>     [<000000001d415b04>] worker_thread+0x22b/0x3f0
>     [<0000000003b69f1f>] kthread+0x12f/0x150
>     [<00000000c94c29b7>] ret_from_fork+0x3a/0x50
>
> Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Thanks!  Got it.

> ---
>  drivers/gpu/drm/nouveau/nouveau_connector.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
> index 4116ee62adaf..f69ff22beee0 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_connector.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
> @@ -252,7 +252,7 @@ nouveau_conn_reset(struct drm_connector *connector)
>                 return;
>
>         if (connector->state)
> -               __drm_atomic_helper_connector_destroy_state(connector->state);
> +               nouveau_conn_atomic_destroy_state(connector, connector->state);
>         __drm_atomic_helper_connector_reset(connector, &asyc->state);
>         asyc->dither.mode = DITHERING_MODE_AUTO;
>         asyc->dither.depth = DITHERING_DEPTH_AUTO;
> --
> 2.14.4
>
> _______________________________________________
> Nouveau mailing list
> Nouveau@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/nouveau