[PATCH] drm/gem-shmem: When drm_gem_object_init failed, should release object

Thomas Zimmermann tzimmermann at suse.de
Thu Nov 10 09:09:56 UTC 2022 

Hi

Am 09.11.22 um 10:07 schrieb Chunyou Tang:
> Hi,
> 
> drm_gem_object_init() will do these before failed:
> 
> void drm_gem_private_object_init(struct drm_device *dev,
>                                   struct drm_gem_object *obj, size_t
> size) {
>          BUG_ON((size & (PAGE_SIZE - 1)) != 0);
> 
>          obj->dev = dev;
>          obj->filp = NULL;
> 
>          kref_init(&obj->refcount);
>          obj->handle_count = 0;
>          obj->size = size;
>          dma_resv_init(&obj->_resv);
>          if (!obj->resv)
>                  obj->resv = &obj->_resv;
> 
>          drm_vma_node_reset(&obj->vma_node);
>          INIT_LIST_HEAD(&obj->lru_node);
> }
> 
> so I think when it failed, should use drm_gem_object_release()
> to do dma_resv_fini() and others.

Thanks for bringing this up. We should indeed call dma_resv_fini(), but 
not via drm_gem_object_relaese().  If the branch at [1] has an error, it 
should call dma_resv_fini() so that the GEM object is still 
uninitialized and can be freed.

IMHO it would make sense to introduce drm_gem_private_object_fini() to 
revert the effects of drm_gem_private_object_init().

Best regards
Thomas

[1] 
https://elixir.bootlin.com/linux/latest/source/drivers/gpu/drm/drm_gem.c#L133

> 
> another, if drm_gem_object_init() fails, the drm_gem_handle_create()
> can not be called.
> 
> 于 Tue, 8 Nov 2022 09:28:34 +0100
> Thomas Zimmermann <tzimmermann at suse.de> 写道:
> 
>> Hi
>>
>> Am 08.11.22 um 03:03 schrieb ChunyouTang:
>>> when goto err_free, the object had init, so it should be release
>>> when fail.
>>
>> If the call to drm_gem_object_init() fails, the object is still
>> uninitialized. Admittedly, the call to gem_create_object could need
>> additional cleanup, but it appears as if no one has had a need for
>> this so far.
>>
>> Is there anything that might leak?
>>
>>>
>>> Signed-off-by: ChunyouTang <tangchunyou at 163.com>
>>> ---
>>>    drivers/gpu/drm/drm_gem_shmem_helper.c | 4 ++--
>>>    1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c
>>> b/drivers/gpu/drm/drm_gem_shmem_helper.c index
>>> 35138f8a375c..2e5e3207355f 100644 ---
>>> a/drivers/gpu/drm/drm_gem_shmem_helper.c +++
>>> b/drivers/gpu/drm/drm_gem_shmem_helper.c @@ -104,10 +104,10 @@
>>> __drm_gem_shmem_create(struct drm_device *dev, size_t size, bool
>>> private) return shmem;
>>>    
>>> -err_release:
>>> -	drm_gem_object_release(obj);
>>>    err_free:
>>>    	kfree(obj);
>>> +err_release:
>>> +	drm_gem_object_release(obj);
>>
>> You have now freed the object's memory before releasing it. Not going
>> to work.
>>
>> Best regards
>> Thomas
>>
>>>    
>>>    	return ERR_PTR(ret);
>>>    }
>>
> 

-- 
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20221110/43655a22/attachment-0001.sig>

More information about the dri-devel mailing list