[PATCH 6/9] drm/i915/gvt: Fix a memory leak in cmd_parser.c

Wang, Zhi A zhi.a.wang at intel.com
Mon Sep 11 06:32:16 UTC 2017


The point is If the allocation is failed, a NULL is returned, then the old one is lost.

This problem hides because it passes va to krealloc(), but actually va == vgpu->reserve... stuff. If it passes directly vgpu->reserve stuff to krealloc(),

e.g. vgpu->reserve.. = krealloc(vgpu->reserve...), checkpatch.pl will directly throw an error.

-----Original Message-----
From: intel-gvt-dev [mailto:intel-gvt-dev-bounces at lists.freedesktop.org] On Behalf Of Zhenyu Wang
Sent: Monday, September 11, 2017 8:58 AM
To: Wang, Zhi A <zhi.a.wang at intel.com>
Cc: intel-gvt-dev at lists.freedesktop.org
Subject: Re: [PATCH 6/9] drm/i915/gvt: Fix a memory leak in cmd_parser.c

On 2017.09.11 12:44:10 +0800, Zhi Wang wrote:
> The pointer points to the original memory can never take the return 
> value of krealloc().
> 
> Signed-off-by: Zhi Wang <zhi.a.wang at intel.com>
> ---
>  drivers/gpu/drm/i915/gvt/cmd_parser.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c 
> b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> index 2c0ccbb..22d33be 100644
> --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> @@ -2620,14 +2620,16 @@ static int shadow_workload_ring_buffer(struct intel_vgpu_workload *workload)
>  	gma_top = workload->rb_start + guest_rb_size;
>  
>  	if (workload->rb_len > vgpu->reserve_ring_buffer_size[ring_id]) {
> -		void *va = vgpu->reserve_ring_buffer_va[ring_id];
> +		void *va, *p;
> +
>  		/* realloc the new ring buffer if needed */
> -		vgpu->reserve_ring_buffer_va[ring_id] =
> -			krealloc(va, workload->rb_len, GFP_KERNEL);
> -		if (!vgpu->reserve_ring_buffer_va[ring_id]) {
> +		va = vgpu->reserve_ring_buffer_va[ring_id];
> +		p = krealloc(va, workload->rb_len, GFP_KERNEL);
> +		if (!p) {
>  			gvt_vgpu_err("fail to alloc reserve ring buffer\n");
>  			return -ENOMEM;
>  		}
> +		vgpu->reserve_ring_buffer_va[ring_id] = p;
>  		vgpu->reserve_ring_buffer_size[ring_id] = workload->rb_len;
>  	}

It shouldn't be leaking as if new pointer is different than old, krealloc is supposed to free old ptr. So more clean to write might be

   void *va = krealloc(vgpu->reserve_ring_buffer_va[ring_id], ...);
   if (!va) {...}
   vgpu->reserve_ring_buffer_va[ring_id] = va;

but looks you're cleaning up this anyway.

--
Open Source Technology Center, Intel ltd.

$gpg --keyserver wwwkeys.pgp.net --recv-keys 4D781827


More information about the intel-gvt-dev mailing list