The first patch just prevents to iterate on a NULL job->bo array during
job cleanup. This situation can happen when v3d_lookup_bos() fails to
allocate memory for the job->bo array and job->bo_count was already set.
The second replace BOs lookup steps in v3d_lookup_bos() with the
common code of drm_gem_objects_lookup().
v2:
- rebase to drm-misc-next
Melissa Wen (2):
drm/v3d: cleanup BOs properly when lookup_bos fails
drm/v3d: replace obj lookup steps with drm_gem_objects_lookup
drivers/gpu/drm/v3d/v3d_gem.c | 55 ++++-------------------------------
1 file changed, 6 insertions(+), 49 deletions(-)
--
2.35.1
When v3d_lookup_bos fails to `allocate validated BO pointers`,
job->bo_count was already set to args->bo_count, but job->bo points to
NULL. In this scenario, we must verify that job->bo is not NULL before
iterating on it to proper clean up a job. Also, drm_gem_object_put
already checks that the object passed is not NULL, doing the job->bo[i]
checker redundant.
Signed-off-by: Melissa Wen <[email protected]>
---
drivers/gpu/drm/v3d/v3d_gem.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c
index 96af1cb5202a..31a37572c11d 100644
--- a/drivers/gpu/drm/v3d/v3d_gem.c
+++ b/drivers/gpu/drm/v3d/v3d_gem.c
@@ -363,11 +363,11 @@ v3d_job_free(struct kref *ref)
struct v3d_job *job = container_of(ref, struct v3d_job, refcount);
int i;
- for (i = 0; i < job->bo_count; i++) {
- if (job->bo[i])
+ if (job->bo) {
+ for (i = 0; i < job->bo_count; i++)
drm_gem_object_put(job->bo[i]);
+ kvfree(job->bo);
}
- kvfree(job->bo);
dma_fence_put(job->irq_fence);
dma_fence_put(job->done_fence);
--
2.35.1
On 12/5/22 10:55, Melissa Wen wrote:
> When v3d_lookup_bos fails to `allocate validated BO pointers`,
> job->bo_count was already set to args->bo_count, but job->bo points to
> NULL. In this scenario, we must verify that job->bo is not NULL before
> iterating on it to proper clean up a job. Also, drm_gem_object_put
> already checks that the object passed is not NULL, doing the job->bo[i]
> checker redundant.
>
> Signed-off-by: Melissa Wen <[email protected]>
Reviewed-by: Maíra Canal <[email protected]>
Best Regards,
- Maíra Canal
> ---
> drivers/gpu/drm/v3d/v3d_gem.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c
> index 96af1cb5202a..31a37572c11d 100644
> --- a/drivers/gpu/drm/v3d/v3d_gem.c
> +++ b/drivers/gpu/drm/v3d/v3d_gem.c
> @@ -363,11 +363,11 @@ v3d_job_free(struct kref *ref)
> struct v3d_job *job = container_of(ref, struct v3d_job, refcount);
> int i;
>
> - for (i = 0; i < job->bo_count; i++) {
> - if (job->bo[i])
> + if (job->bo) {
> + for (i = 0; i < job->bo_count; i++)
> drm_gem_object_put(job->bo[i]);
> + kvfree(job->bo);
> }
> - kvfree(job->bo);
>
> dma_fence_put(job->irq_fence);
> dma_fence_put(job->done_fence);