[Nouveau] [PATCH] drm/nouveau: Fix memory leak in nvkm_ram_get()

Fri Aug 23 08:50:42 UTC 2019

When resuming from ACPI S3, memory leak happens in nvkm_ram_get().
This is because *pmemory points to newly allocated memory without
checking and freeing the old memory.

Here is the log showing this issue.

unreferenced object 0xffffa3b608c6d5c0 (size 64):
  comm "kworker/u32:30", pid 934, jiffies 4294823520 (age 5000.217s)
  hex dump (first 32 bytes):
    00 fc 4a c0 ff ff ff ff 00 00 00 00 00 00 00 00  ..J.............
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000e923bf81>] kmem_cache_alloc_trace+0x181/0x250
    [<00000000edb7beaa>] nvkm_ram_get+0xb0/0x1d0 [nouveau]
    [<000000004ecaa918>] gt215_ram_init+0xc5/0x2f0 [nouveau]
    [<00000000007ba1a0>] nvkm_ram_init+0x1a/0x20 [nouveau]
    [<0000000050abf84b>] nvkm_fb_init+0x27/0xe0 [nouveau]
    [<00000000fae7fedc>] nvkm_subdev_init+0xbc/0x210 [nouveau]
    [<00000000a67b86e4>] nvkm_device_init+0x12a/0x280 [nouveau]
    [<00000000c02ac03e>] nvkm_udevice_init+0x48/0x60 [nouveau]
    [<0000000048f35641>] nvkm_object_init+0x43/0x110 [nouveau]
    [<00000000c6f92dc0>] nvkm_object_init+0x74/0x110 [nouveau]
    [<00000000c6f92dc0>] nvkm_object_init+0x74/0x110 [nouveau]
    [<000000007416951c>] nvkm_client_resume+0xe/0x10 [nouveau]
    [<00000000c5d31dfd>] nvif_client_resume+0x1d/0x20 [nouveau]
    [<000000008f3a638f>] nouveau_do_resume+0x2d/0x150 [nouveau]
    [<00000000df2c2b85>] nouveau_pmops_resume+0x6b/0xa0 [nouveau]
    [<00000000f44c649d>] pci_pm_resume+0x71/0xb0

Signed-off-by: Yongxin Liu <yongxin.liu at windriver.com>
---
 drivers/gpu/drm/nouveau/nvkm/subdev/fb/ram.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/fb/ram.c b/drivers/gpu/drm/nouveau/nvkm/subdev/fb/ram.c
index b11867f682cb..60be4d811187 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/fb/ram.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/fb/ram.c
@@ -124,6 +124,9 @@ nvkm_ram_get(struct nvkm_device *device, u8 heap, u8 type, u8 rpage, u64 size,
 	nvkm_memory_ctor(&nvkm_vram, &vram->memory);
 	vram->ram = ram;
 	vram->page = page;
+
+	if (*pmemory)
+		nvkm_memory_unref(pmemory);
 	*pmemory = &vram->memory;
 
 	mutex_lock(&ram->fb->subdev.mutex);
-- 
2.14.4

