Re: [PATCH] drm/i915: Fix memory leaks in function live_nop_switch

[Rodrigo Vivi]

On Mon, May 08, 2023 at 04:50:15PM +0800, Cong Liu wrote:
> Be sure to properly free the allocated memory before exiting
> the live_nop_switch function.
> 
> Signed-off-by: Cong Liu <liucong2@xxxxxxxxxx>
> ---
>  drivers/gpu/drm/i915/gem/selftests/i915_gem_context.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/i915/gem/selftests/i915_gem_context.c b/drivers/gpu/drm/i915/gem/selftests/i915_gem_context.c
> index a81fa6a20f5a..54eddbe7f510 100644
> --- a/drivers/gpu/drm/i915/gem/selftests/i915_gem_context.c
> +++ b/drivers/gpu/drm/i915/gem/selftests/i915_gem_context.c
> @@ -59,7 +59,8 @@ static int live_nop_switch(void *arg)
>  	ctx = kcalloc(nctx, sizeof(*ctx), GFP_KERNEL);
>  	if (!ctx) {
>  		err = -ENOMEM;
> -		goto out_file;
> +		fput(file);

This looks strange...

> +		return err;
>  	}
>  
>  	for (n = 0; n < nctx; n++) {
> @@ -175,6 +176,7 @@ static int live_nop_switch(void *arg)
>  
>  out_file:
>  	fput(file);
> +	kfree(ctx);

You are right... we have a leak in this function...
but the way to solve it is by adding a new goto point
above kfree(ctx) ('free_ctx:' ... our 'out_ctx:') and
calling it from any place below the succeeded allocation
instead of the 'out_file:'

Something like:

--- a/drivers/gpu/drm/i915/gem/selftests/i915_gem_context.c
+++ b/drivers/gpu/drm/i915/gem/selftests/i915_gem_context.c
@@ -66,7 +66,7 @@ static int live_nop_switch(void *arg)
                ctx[n] = live_context(i915, file);
                if (IS_ERR(ctx[n])) {
                        err = PTR_ERR(ctx[n]);
-                       goto out_file;
+                       goto out_ctx;
                }
        }
 
@@ -82,7 +82,7 @@ static int live_nop_switch(void *arg)
                        this = igt_request_alloc(ctx[n], engine);
                        if (IS_ERR(this)) {
                                err = PTR_ERR(this);
-                               goto out_file;
+                               goto out_ctx;
                        }
                        if (rq) {
                                i915_request_await_dma_fence(this, &rq->fence);
@@ -96,7 +96,7 @@ static int live_nop_switch(void *arg)
                        intel_gt_set_wedged(engine->gt);
                        i915_request_put(rq);
                        err = -EIO;
-                       goto out_file;
+                       goto out_ctx;
                }
                i915_request_put(rq);
 
@@ -107,7 +107,7 @@ static int live_nop_switch(void *arg)
 
                err = igt_live_test_begin(&t, i915, __func__, engine->name);
                if (err)
-                       goto out_file;
+                       goto out_ctx;
 
                end_time = jiffies + i915_selftest.timeout_jiffies;
                for_each_prime_number_from(prime, 2, 8192) {
@@ -120,7 +120,7 @@ static int live_nop_switch(void *arg)
                                this = igt_request_alloc(ctx[n % nctx], engine);
                                if (IS_ERR(this)) {
                                        err = PTR_ERR(this);
-                                       goto out_file;
+                                       goto out_ctx;
                                }
 
                                if (rq) { /* Force submission order */
@@ -165,7 +165,7 @@ static int live_nop_switch(void *arg)
 
                err = igt_live_test_end(&t);
                if (err)
-                       goto out_file;
+                       goto out_ctx;
 
                pr_info("Switch latencies on %s: 1 = %lluns, %lu = %lluns\n",
                        engine->name,
@@ -173,6 +173,8 @@ static int live_nop_switch(void *arg)
                        prime - 1, div64_u64(ktime_to_ns(times[1]), prime - 1));
        }
 
+out_ctx:
+       kfree(ctx);
 out_file:
        fput(file);
        return err;



>  	return err;
>  }
>  
> -- 
> 2.34.1
> 
> 
> No virus found
> 		Checked by Hillstone Network AntiVirus