[PATCH] drm/nouveau/gsp: fix potential leak of memory used during acpi init

[Danilo Krummrich]

On 7/7/25 10:27 AM, Philipp Stanner wrote:
> On Tue, 2025-06-17 at 14:00 +1000, Ben Skeggs wrote:
>> If any of the ACPI calls fail, memory allocated for the input buffer
>> would be leaked.  Fix failure paths to free allocated memory.
>>
>> Also add checks to ensure the allocations succeeded in the first
>> place.
> 
> If you've got a kmemleak trace, it would also be good to put it here in
> the commit message so that we can distinguish this bug from potential
> other leaks.

unreferenced object 0xffff8ed5029bfb28 (size 8):
   comm "(udev-worker)", pid 464, jiffies 4294672444
   hex dump (first 8 bytes):
     7c b4 d4 79 01 59 36 6c                          |..y.Y6l
   backtrace (crc 4461fdb7):
     __kmalloc_cache_noprof+0x31b/0x410
     r535_gsp_acpi_jt+0x7c/0x110 [nouveau]
     r535_gsp_set_system_info+0x153/0x390 [nouveau]
     r535_gsp_oneinit+0xa4d/0xf50 [nouveau]
     tu102_gsp_oneinit+0x124/0x440 [nouveau]
     nvkm_subdev_oneinit_+0x3f/0x90 [nouveau]
     nvkm_subdev_init_+0x33/0xa0 [nouveau]
     nvkm_subdev_init+0x46/0x60 [nouveau]
     nvkm_device_init+0x167/0x1f0 [nouveau]
     nvkm_udevice_init+0x4b/0x70 [nouveau]
     nvkm_object_init+0x3a/0x110 [nouveau]
     nvkm_ioctl_new+0x13a/0x200 [nouveau]
     nvkm_ioctl+0x9f/0x140 [nouveau]
     nvif_object_ctor+0x11a/0x1a0 [nouveau]
     nvif_device_ctor+0x2a/0x80 [nouveau]
     nouveau_drm_device_new+0x157/0x2e0 [nouveau]
unreferenced object 0xffff8ed502a37580 (size 32):
   comm "(udev-worker)", pid 464, jiffies 4294672444
   hex dump (first 32 bytes):
     01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
   backtrace (crc f1da05aa):
     __kmalloc_noprof+0x3ac/0x500
     acpi_ut_initialize_buffer+0x67/0xc0
     acpi_evaluate_object+0x272/0x2c0
     acpi_evaluate_dsm+0xb4/0x120
     r535_gsp_acpi_jt+0xa3/0x110 [nouveau]
     r535_gsp_set_system_info+0x153/0x390 [nouveau]
     r535_gsp_oneinit+0xa4d/0xf50 [nouveau]
     tu102_gsp_oneinit+0x124/0x440 [nouveau]
     nvkm_subdev_oneinit_+0x3f/0x90 [nouveau]
     nvkm_subdev_init_+0x33/0xa0 [nouveau]
     nvkm_subdev_init+0x46/0x60 [nouveau]
     nvkm_device_init+0x167/0x1f0 [nouveau]
     nvkm_udevice_init+0x4b/0x70 [nouveau]
     nvkm_object_init+0x3a/0x110 [nouveau]
     nvkm_ioctl_new+0x13a/0x200 [nouveau]
     nvkm_ioctl+0x9f/0x140 [nouveau]
unreferenced object 0xffff8ed5029bf1c0 (size 8):
   comm "(udev-worker)", pid 464, jiffies 4294672446
   hex dump (first 8 bytes):
     cc bb d4 79 01 59 3c 84                          ...y.Y<.
   backtrace (crc 30e1d939):
     __kmalloc_cache_noprof+0x31b/0x410
     r535_gsp_acpi_caps+0x7e/0x120 [nouveau]
     r535_gsp_set_system_info+0x162/0x390 [nouveau]
     r535_gsp_oneinit+0xa4d/0xf50 [nouveau]
     tu102_gsp_oneinit+0x124/0x440 [nouveau]
     nvkm_subdev_oneinit_+0x3f/0x90 [nouveau]
     nvkm_subdev_init_+0x33/0xa0 [nouveau]
     nvkm_subdev_init+0x46/0x60 [nouveau]
     nvkm_device_init+0x167/0x1f0 [nouveau]
     nvkm_udevice_init+0x4b/0x70 [nouveau]
     nvkm_object_init+0x3a/0x110 [nouveau]
     nvkm_ioctl_new+0x13a/0x200 [nouveau]
     nvkm_ioctl+0x9f/0x140 [nouveau]
     nvif_object_ctor+0x11a/0x1a0 [nouveau]
     nvif_device_ctor+0x2a/0x80 [nouveau]
     nouveau_drm_device_new+0x157/0x2e0 [nouveau]