[Intel-gfx] [PATCH] drm: Release reference from blob lookup after replacing property
Chris Wilson
chris at chris-wilson.co.uk
Tue Oct 25 21:45:19 UTC 2016
On Tue, Oct 25, 2016 at 05:27:21PM -0400, Sean Paul wrote:
> On Tue, Oct 25, 2016 at 3:46 PM, Chris Wilson <chris at chris-wilson.co.uk> wrote:
> > drm_property_lookup_blob() returns a reference to the returned blob, and
> > drm_atomic_replace_property_blob() takes a references to the blob it
> > stores, so afterwards we are left owning a reference to the new_blob that
> > we never release, and thus leak memory every time we update a property
> > such as during drm_atomic_helper_legacy_gamma_set().
> >
> > Based on a patch by Felix Monninger <felix.monninger at gmail.com>
> >
> > Reported-by: Felix Monninger <felix.monninger at gmail.com>
> > References: https://bugs.freedesktop.org/show_bug.cgi?id=98420
> > Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
> > ---
> > drivers/gpu/drm/drm_atomic.c | 11 ++++++++---
> > 1 file changed, 8 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c
> > index 1b5a32df9a9a..3b35ab793100 100644
> > --- a/drivers/gpu/drm/drm_atomic.c
> > +++ b/drivers/gpu/drm/drm_atomic.c
> > @@ -416,19 +416,24 @@ drm_atomic_replace_property_blob_from_id(struct drm_crtc *crtc,
> > ssize_t expected_size,
> > bool *replaced)
> > {
> > - struct drm_device *dev = crtc->dev;
> > struct drm_property_blob *new_blob = NULL;
> >
> > if (blob_id != 0) {
> > - new_blob = drm_property_lookup_blob(dev, blob_id);
> > + new_blob = drm_property_lookup_blob(crtc->dev, blob_id);
>
> I think this could be further simplified by making use of
> drm_property_lookup_blob() returning NULL for blob_id == 0
>
> Then you could do something like:
>
> static int
> drm_atomic_replace_property_blob_from_id(struct drm_crtc *crtc,
> struct drm_property_blob **old_blob,
> uint64_t blob_id,
> ssize_t expected_size,
> bool *replaced)
> {
> struct drm_property_blob *blob = NULL;
> int ret = 0;
>
> blob = drm_property_lookup_blob(crtc->dev, blob_id);
Not sure. I think the orignal code would have been clearer as
blob = NULL;
if (id) {
blob = drm_property_lookup_blob(dev, id);
if (!blob)
return -ENOENT;
if (blob->length != expected_size)
return -EINVAL;
}
i.e. the code currently reports if the blob_id doesn't match an existing
blob, and only removes the current blob if passed in 0.
Otherwise it becomes like:
struct drm_property_blob *blob;
int ret = -EINVAL;
blob = drm_property_lookup_blob(crtc->dev, blob_id);
if (!blob_id ||
(blob && (expected_size == 0 || expected_size == blob->length))) {
drm_atomic_replace_property_blob(old_blob, blob, replaced);
ret = 0;
}
drm_property_unreference_blob(blob);
for which I'm actually favouring the existing code for the extra whitespace.
If we insisted on a single return path:
struct drm_property_blob *new_blob = NULL;
int ret = -EINVAL;
if (blob_id != 0) {
new_blob = drm_property_lookup_blob(crtc->dev, blob_id);
if (new_blob == NULL)
goto out;
if (expected_size > 0 && expected_size != new_blob->length)
goto out;
}
drm_atomic_replace_property_blob(blob, new_blob, replaced);
ret = 0;
out:
drm_property_unreference_blob(new_blob);
return ret;
-Chris
--
Chris Wilson, Intel Open Source Technology Centre
More information about the Intel-gfx
mailing list