[PATCH] drm/nouveau/gsp: fix mismatched alloc/free for kvmalloc()
Timur Tabi
ttabi at nvidia.com
Tue Aug 12 22:52:07 UTC 2025
On Mon, 2025-08-11 at 17:19 +0800, Qianfeng Rong wrote:
> Replace kfree() with kvfree() for memory allocated by kvmalloc().
>
> Compile-tested only.
>
> Signed-off-by: Qianfeng Rong <rongqianfeng at vivo.com>
Reviewed-by: Timur Tabi <ttabi at nvidia.com>
This does fix a real bug.
However, I think the real problem is that it's really confusing that
r535_gsp_msgq_recv_one_elem(gsp, &info) returns info.gsp_rpc_buf instead of just success/failure.
r535_gsp_msgq_recv() does this:
buf = kvmalloc(max_t(u32, rpc->length, expected), GFP_KERNEL);
...
info.gsp_rpc_buf = buf;
...
buf = r535_gsp_msgq_recv_one_elem(gsp, &info);
You wouldn't know it, but this does not change the value of 'buf' unless
r535_gsp_msgq_recv_one_elem() fails. If it does fail, the code does this:
if (IS_ERR(buf)) {
kvfree(info.gsp_rpc_buf);
It would be a lot clearer if we could kvfree(buf) here, but we can't because 'buf' no longer points
to the buffer, even though the buffer still exists.
More information about the Nouveau
mailing list