Mesa (staging/20.3): iris: fix memleak for query_buffer_uploader

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Tue Dec 8 17:48:39 UTC 2020 

Module: Mesa
Branch: staging/20.3
Commit: a8d5e57590b6198dfebd2c6a20d288545718b22d
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=a8d5e57590b6198dfebd2c6a20d288545718b22d

Author: yshi18 <yang.a.shi at intel.com>
Date:   Thu Dec  3 13:54:14 2020 +0800

iris: fix memleak for query_buffer_uploader

In the Chrome WebGL Aquarium  stress test, 20 instances of Chrome will run
Aquarium  simultaneously over 20+ hours. That causes Chrome crash.
During the stress, glBeginQueryIndexed is called frequently.

1.Each query will only use 32 bytes from query_buffer_uploader. After the offset
exceed 4096, it will alloc new buffer for query_buffer_uploader->buffer
and release the old buffer.

2.But iris_begin_query will call u_upload_alloc when the offset changed, and it
will increase the query_buffer_uploader->buffer->reference.count every time
when it called u_upload_alloc.

3.So when u_upload_release_buffer try to release the resource of
query_buffer_uploader->buffer, its reference.count is
already equal to 129. pipe_reference_described will only decrease its reference
count to 128.So it never called old_dst->screen->resource_destroy.

4.The old resouce bo will never be freeed. And chrome will called mmap every time
when it alloc new resource bo.

5. Chrome process map too many vmas in its process. Its map count exceed the
sysctl_max_map_count which is 65530 defined in kernel.

6. When iris_begin_query want to alloc new resource bo, it will meet NULL pointer
because mmap return failed. Finally chrome crashed when it access this NULL resource
bo.

The fix is decrease the reference count in iris_destroy_query.

Patch is verified by chrome webgl Aquarium test case for more than 72 hours.

Signed-off-by: Tapani Pälli <tapani.palli at intel.com>
Signed-off-by: Yang Shi <yang.a.shi at intel.com>
Reviewed-by: Alex Zuo <alex.zuo at intel.com>
Reviewed-by: Marek Olšák <marek.olsak at amd.com>
Reviewed-by: Kenneth Graunke <kenneth at whitecape.org>
Cc: mesa-stable
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/7890>
(cherry picked from commit 3aaac40b12bf683cb30ea30e35af02d56de9df90)

---

 .pick_status.json                     | 2 +-
 src/gallium/drivers/iris/iris_query.c | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.pick_status.json b/.pick_status.json
index 361ce3267a8..1ed32f5c56d 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -58,7 +58,7 @@
         "description": "iris: fix memleak for query_buffer_uploader",
         "nominated": true,
         "nomination_type": 0,
-        "resolution": 0,
+        "resolution": 1,
         "master_sha": null,
         "because_sha": null
     },
diff --git a/src/gallium/drivers/iris/iris_query.c b/src/gallium/drivers/iris/iris_query.c
index ef46158e95d..548ce535a77 100644
--- a/src/gallium/drivers/iris/iris_query.c
+++ b/src/gallium/drivers/iris/iris_query.c
@@ -484,6 +484,7 @@ iris_destroy_query(struct pipe_context *ctx, struct pipe_query *p_query)
       iris_syncobj_reference(screen, &query->syncobj, NULL);
       screen->base.fence_reference(ctx->screen, &query->fence, NULL);
    }
+   pipe_resource_reference(&query->query_state_ref.res, NULL);
    free(query);
 }

More information about the mesa-commit mailing list