Re: [PATCH] drm/v3d: remove duplicated kfree in v3d_submit_cl_ioctl

From: yukuai (C)
Date: Sat Dec 28 2019 - 20:20:31 EST



On 2019/12/29 4:45, Markus Elfring wrote:
v3d_submit_cl_ioctl call kfree() with variable 'bin' twice.

I would prefer a wording like âkfree() was called for the same variable twice
within an if branch.â.


Fix it by removing the latter one.

I find the wording âDelete a duplicate function call.â more appropriate.

Thank you for your advise, I'll make changes in V2 patch.

Please add the tag âFixesâ to your change description.

I got the results from "git blame":
git blame -L 570,575 drivers/gpu/drm/v3d/v3d_gem.c
a783a09ee76d6 (Eric Anholt 2019-04-16 15:58:53 -0700 570) if (ret) {
0d352a3a8a1f2 (Iago Toral Quiroga 2019-09-16 09:11:25 +0200 571) kfree(bin);
a783a09ee76d6 (Eric Anholt 2019-04-16 15:58:53 -0700 572) v3d_job_put(&render->base);
29cd13cfd7624 (Navid Emamdoost 2019-10-21 13:52:49 -0500 573) kfree(bin);
a783a09ee76d6 (Eric Anholt 2019-04-16 15:58:53 -0700 574) return ret;
a783a09ee76d6 (Eric Anholt 2019-04-16 15:58:53 -0700 575) }

The first kfree belong to the patch 0d352a3a8a1f2 :
commit 0d352a3a8a1f26168d09f7073e61bb4b328e3bb9
Author: Iago Toral Quiroga <itoral@xxxxxxxxxx>
Date: Mon Sep 16 09:11:25 2019 +0200

drm/v3d: don't leak bin job if v3d_job_init fails.

If the initialization of the job fails we need to kfree() it
before returning.

Signed-off-by: Iago Toral Quiroga <itoral@xxxxxxxxxx>
Signed-off-by: Eric Anholt <eric@xxxxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20190916071125.5255-1-itoral@xxxxxxxxxx
Fixes: a783a09ee76d ("drm/v3d: Refactor job management.")
Reviewed-by: Eric Anholt <eric@xxxxxxxxxx>

diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c
index 5d80507b539b..fb32cda18ffe 100644
--- a/drivers/gpu/drm/v3d/v3d_gem.c
+++ b/drivers/gpu/drm/v3d/v3d_gem.c
@@ -563,6 +563,7 @@ v3d_submit_cl_ioctl(struct drm_device *dev, void *data,
ret = v3d_job_init(v3d, file_priv, &bin->base,
v3d_job_free, args->in_sync_bcl);
if (ret) {
+ kfree(bin);
v3d_job_put(&render->base);
return ret;
}

And the second belong to 29cd13cfd7624:
commit 29cd13cfd7624726d9e6becbae9aa419ef35af7f
Author: Navid Emamdoost <navid.emamdoost@xxxxxxxxx>
Date: Mon Oct 21 13:52:49 2019 -0500

drm/v3d: Fix memory leak in v3d_submit_cl_ioctl

In the impelementation of v3d_submit_cl_ioctl() there are two memory
leaks. One is when allocation for bin fails, and the other is when bin
initialization fails. If kcalloc fails to allocate memory for bin then
render->base should be put. Also, if v3d_job_init() fails to initialize
bin->base then allocated memory for bin should be released.

Fixes: a783a09ee76d ("drm/v3d: Refactor job management.")
Signed-off-by: Navid Emamdoost <navid.emamdoost@xxxxxxxxx>
Reviewed-by: Eric Anholt <eric@xxxxxxxxxx>
Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20191021185250.26130-1-navid.emamdoost@xxxxxxxxx

diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c
index 5d80507b539b..19c092d75266 100644
--- a/drivers/gpu/drm/v3d/v3d_gem.c
+++ b/drivers/gpu/drm/v3d/v3d_gem.c
@@ -557,13 +557,16 @@ v3d_submit_cl_ioctl(struct drm_device *dev, void *data,

if (args->bcl_start != args->bcl_end) {
bin = kcalloc(1, sizeof(*bin), GFP_KERNEL);
- if (!bin)
+ if (!bin) {
+ v3d_job_put(&render->base);
return -ENOMEM;
+ }

ret = v3d_job_init(v3d, file_priv, &bin->base,
v3d_job_free, args->in_sync_bcl);
if (ret) {
v3d_job_put(&render->base);
+ kfree(bin);
return ret;
}

It seems the two patches fix the same memory leak, but I have no idea how thet get together without conflict.

Thanks
Yu Kuai