Free memory allocated to nvbe when returning NULL.
Signed-off-by: Geyslan G. Bem <[email protected]>
---
drivers/gpu/drm/nouveau/nouveau_sgdma.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/nouveau/nouveau_sgdma.c b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
index 0843ebc..af8b66d 100644
--- a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
+++ b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
@@ -105,6 +105,9 @@ nouveau_sgdma_create_ttm(struct ttm_bo_device *bdev,
nvbe->ttm.ttm.func = &nv50_sgdma_backend;
if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags, dummy_read_page))
+ {
+ kfree(nvbe);
return NULL;
+ }
return &nvbe->ttm.ttm;
}
--
1.8.4
----- Original Message -----
> From: "Geyslan G. Bem" <[email protected]>
> To: [email protected], [email protected], [email protected]
> Cc: [email protected], [email protected], "Geyslan G. Bem" <[email protected]>
> Sent: Tuesday, 8 October, 2013 8:14:26 AM
> Subject: [PATCH] drm: nouveau: fix nvbe leakage
>
> Free memory allocated to nvbe when returning NULL.
>
> Signed-off-by: Geyslan G. Bem <[email protected]>
NACK. ttm_dma_tt_init() calls the destructor if it fails, which frees the memory.
Ben.
> ---
> drivers/gpu/drm/nouveau/nouveau_sgdma.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
> b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
> index 0843ebc..af8b66d 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
> @@ -105,6 +105,9 @@ nouveau_sgdma_create_ttm(struct ttm_bo_device *bdev,
> nvbe->ttm.ttm.func = &nv50_sgdma_backend;
>
> if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags, dummy_read_page))
> + {
> + kfree(nvbe);
> return NULL;
> + }
> return &nvbe->ttm.ttm;
> }
> --
> 1.8.4
>
>
Hi,
On Mon, Oct 7, 2013 at 7:35 PM, Ben Skeggs <[email protected]> wrote:
> ----- Original Message -----
>> From: "Geyslan G. Bem" <[email protected]>
>> To: [email protected], [email protected], [email protected]
>> Cc: [email protected], [email protected], "Geyslan G. Bem" <[email protected]>
>> Sent: Tuesday, 8 October, 2013 8:14:26 AM
>> Subject: [PATCH] drm: nouveau: fix nvbe leakage
>>
>> Free memory allocated to nvbe when returning NULL.
>>
>> Signed-off-by: Geyslan G. Bem <[email protected]>
> NACK. ttm_dma_tt_init() calls the destructor if it fails, which frees the memory.
>
> Ben.
>
But ttm_tt_destroy() just handles the ttm_tt part from nvbe, the nvbe
pointer itself is not being free'd.
>> ---
>> drivers/gpu/drm/nouveau/nouveau_sgdma.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>> b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>> index 0843ebc..af8b66d 100644
>> --- a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>> +++ b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>> @@ -105,6 +105,9 @@ nouveau_sgdma_create_ttm(struct ttm_bo_device *bdev,
>> nvbe->ttm.ttm.func = &nv50_sgdma_backend;
>>
>> if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags, dummy_read_page))
>> + {
>> + kfree(nvbe);
>> return NULL;
>> + }
>> return &nvbe->ttm.ttm;
>> }
>> --
>> 1.8.4
>>
>>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Regards,
Felipe Pena
Felipe, thank you too.
I realized this after a code review.
Ben, what do you think?
Geyslan Gregório Bem
hackingbits.com
2013/10/7 Felipe Pena <[email protected]>:
> Hi,
>
> On Mon, Oct 7, 2013 at 7:35 PM, Ben Skeggs <[email protected]> wrote:
>> ----- Original Message -----
>>> From: "Geyslan G. Bem" <[email protected]>
>>> To: [email protected], [email protected], [email protected]
>>> Cc: [email protected], [email protected], "Geyslan G. Bem" <[email protected]>
>>> Sent: Tuesday, 8 October, 2013 8:14:26 AM
>>> Subject: [PATCH] drm: nouveau: fix nvbe leakage
>>>
>>> Free memory allocated to nvbe when returning NULL.
>>>
>>> Signed-off-by: Geyslan G. Bem <[email protected]>
>> NACK. ttm_dma_tt_init() calls the destructor if it fails, which frees the memory.
>>
>> Ben.
>>
>
> But ttm_tt_destroy() just handles the ttm_tt part from nvbe, the nvbe
> pointer itself is not being free'd.
>
>>> ---
>>> drivers/gpu/drm/nouveau/nouveau_sgdma.c | 3 +++
>>> 1 file changed, 3 insertions(+)
>>>
>>> diff --git a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>>> b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>>> index 0843ebc..af8b66d 100644
>>> --- a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>>> +++ b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>>> @@ -105,6 +105,9 @@ nouveau_sgdma_create_ttm(struct ttm_bo_device *bdev,
>>> nvbe->ttm.ttm.func = &nv50_sgdma_backend;
>>>
>>> if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags, dummy_read_page))
>>> + {
>>> + kfree(nvbe);
>>> return NULL;
>>> + }
>>> return &nvbe->ttm.ttm;
>>> }
>>> --
>>> 1.8.4
>>>
>>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at http://www.tux.org/lkml/
>
>
>
> --
> Regards,
> Felipe Pena
----- Original Message -----
> From: "Geyslan Gregório Bem" <[email protected]>
> To: "Felipe Pena" <[email protected]>
> Cc: "Ben Skeggs" <[email protected]>, [email protected], [email protected],
> [email protected], "kernel-br" <[email protected]>
> Sent: Tuesday, 8 October, 2013 9:39:02 AM
> Subject: Re: [PATCH] drm: nouveau: fix nvbe leakage
>
> Felipe, thank you too.
>
> I realized this after a code review.
>
> Ben, what do you think?
>
> Geyslan Gregório Bem
> hackingbits.com
>
>
> 2013/10/7 Felipe Pena <[email protected]>:
> > Hi,
> >
> > On Mon, Oct 7, 2013 at 7:35 PM, Ben Skeggs <[email protected]> wrote:
> >> ----- Original Message -----
> >>> From: "Geyslan G. Bem" <[email protected]>
> >>> To: [email protected], [email protected], [email protected]
> >>> Cc: [email protected], [email protected], "Geyslan G.
> >>> Bem" <[email protected]>
> >>> Sent: Tuesday, 8 October, 2013 8:14:26 AM
> >>> Subject: [PATCH] drm: nouveau: fix nvbe leakage
> >>>
> >>> Free memory allocated to nvbe when returning NULL.
> >>>
> >>> Signed-off-by: Geyslan G. Bem <[email protected]>
> >> NACK. ttm_dma_tt_init() calls the destructor if it fails, which frees the
> >> memory.
> >>
> >> Ben.
> >>
> >
> > But ttm_tt_destroy() just handles the ttm_tt part from nvbe, the nvbe
> > pointer itself is not being free'd.
Actually look at ttm_tt_destroy() and you'll see that right at the end it goes ttm->func->destroy(ttm), which is nouveau_sgdma_destroy().
Ben.
> >
> >>> ---
> >>> drivers/gpu/drm/nouveau/nouveau_sgdma.c | 3 +++
> >>> 1 file changed, 3 insertions(+)
> >>>
> >>> diff --git a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
> >>> b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
> >>> index 0843ebc..af8b66d 100644
> >>> --- a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
> >>> +++ b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
> >>> @@ -105,6 +105,9 @@ nouveau_sgdma_create_ttm(struct ttm_bo_device *bdev,
> >>> nvbe->ttm.ttm.func = &nv50_sgdma_backend;
> >>>
> >>> if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags,
> >>> dummy_read_page))
> >>> + {
> >>> + kfree(nvbe);
> >>> return NULL;
> >>> + }
> >>> return &nvbe->ttm.ttm;
> >>> }
> >>> --
> >>> 1.8.4
> >>>
> >>>
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> >> the body of a message to [email protected]
> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >> Please read the FAQ at http://www.tux.org/lkml/
> >
> >
> >
> > --
> > Regards,
> > Felipe Pena
>
Rather, the first member of nvbe is ttm (same address). Got it.
Please, disregard this patch. Thank you.
Geyslan Gregório Bem
hackingbits.com
2013/10/7 Ben Skeggs <[email protected]>:
> ----- Original Message -----
>> From: "Geyslan Gregório Bem" <[email protected]>
>> To: "Felipe Pena" <[email protected]>
>> Cc: "Ben Skeggs" <[email protected]>, [email protected], [email protected],
>> [email protected], "kernel-br" <[email protected]>
>> Sent: Tuesday, 8 October, 2013 9:39:02 AM
>> Subject: Re: [PATCH] drm: nouveau: fix nvbe leakage
>>
>> Felipe, thank you too.
>>
>> I realized this after a code review.
>>
>> Ben, what do you think?
>>
>> Geyslan Gregório Bem
>> hackingbits.com
>>
>>
>> 2013/10/7 Felipe Pena <[email protected]>:
>> > Hi,
>> >
>> > On Mon, Oct 7, 2013 at 7:35 PM, Ben Skeggs <[email protected]> wrote:
>> >> ----- Original Message -----
>> >>> From: "Geyslan G. Bem" <[email protected]>
>> >>> To: [email protected], [email protected], [email protected]
>> >>> Cc: [email protected], [email protected], "Geyslan G.
>> >>> Bem" <[email protected]>
>> >>> Sent: Tuesday, 8 October, 2013 8:14:26 AM
>> >>> Subject: [PATCH] drm: nouveau: fix nvbe leakage
>> >>>
>> >>> Free memory allocated to nvbe when returning NULL.
>> >>>
>> >>> Signed-off-by: Geyslan G. Bem <[email protected]>
>> >> NACK. ttm_dma_tt_init() calls the destructor if it fails, which frees the
>> >> memory.
>> >>
>> >> Ben.
>> >>
>> >
>> > But ttm_tt_destroy() just handles the ttm_tt part from nvbe, the nvbe
>> > pointer itself is not being free'd.
> Actually look at ttm_tt_destroy() and you'll see that right at the end it goes ttm->func->destroy(ttm), which is nouveau_sgdma_destroy().
>
> Ben.
>> >
>> >>> ---
>> >>> drivers/gpu/drm/nouveau/nouveau_sgdma.c | 3 +++
>> >>> 1 file changed, 3 insertions(+)
>> >>>
>> >>> diff --git a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>> >>> b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>> >>> index 0843ebc..af8b66d 100644
>> >>> --- a/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>> >>> +++ b/drivers/gpu/drm/nouveau/nouveau_sgdma.c
>> >>> @@ -105,6 +105,9 @@ nouveau_sgdma_create_ttm(struct ttm_bo_device *bdev,
>> >>> nvbe->ttm.ttm.func = &nv50_sgdma_backend;
>> >>>
>> >>> if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags,
>> >>> dummy_read_page))
>> >>> + {
>> >>> + kfree(nvbe);
>> >>> return NULL;
>> >>> + }
>> >>> return &nvbe->ttm.ttm;
>> >>> }
>> >>> --
>> >>> 1.8.4
>> >>>
>> >>>
>> >> --
>> >> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> >> the body of a message to [email protected]
>> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> >> Please read the FAQ at http://www.tux.org/lkml/
>> >
>> >
>> >
>> > --
>> > Regards,
>> > Felipe Pena
>>