Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp2030104rdb; Tue, 3 Oct 2023 08:15:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFFAPQrRDDKmGo3XXjyCedRI1VqtdE/i4AAyKbdmp8gTJ4WT/g7sE/1In0IwcsRQDOnEVrY X-Received: by 2002:a17:90a:8548:b0:274:b4ce:7049 with SMTP id a8-20020a17090a854800b00274b4ce7049mr12408024pjw.34.1696346143558; Tue, 03 Oct 2023 08:15:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696346143; cv=none; d=google.com; s=arc-20160816; b=oVgjAGmmZ9LCZCuAta2j8ng3rjZmHvxEMOhbvhimhDfQSMLZ87JRP5+RQcvNHTz/9m xa+wvdIvfl0dEAXRtlSMw656f0RIaluhOJ+TOqq1DUGUEd8kefn+to9Vy+w9E6uL8mM2 ngW9512SpkdH9ELhXuP/Bi5TWGcC5dM5icMDx/Nq5Pg1wYsIc+9e110DQ+bQbuljn6pP Iun9kisK6rMvNjxi7tNsx4BGDotm5nvoVO2T9lrpnNQ7UuzuP5tYscA5I1HWXwd1xKt2 mM0Om46v3PX8EJ0AcMiYvQO0rtiuvs1hPYtspb/b89J0auSOJids71q1yPEBqmeBYsaH 8sEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=G502n/pwsi2xTvXRats/u+gp/KdtO1vpg74dn53OTQA=; fh=Sga1tq0mOVsXGbv5Od3ufSqs9Ze6WM4LTxi2kEGzohw=; b=al1SdIv69n4dnJUKq09v7sszDkD+S28diBC6hkWM8tc+gxldqi0KogOvj/Kax9kRQC jU7JQeEVvxdcJXlUsUFcI2CyOhqVe3/Uk7DwCYmSIANIdaoPcShY/Ra3iC+Olk45TkDs RbXTXKysPCCs46OtCJy1SctbzMTgekrrRKJHSlW3+iZSrWJPTM4tEiys+PR++5vyHUXu jaqJWKrnqcpp+PgS8ItdwoAVegma9ybYhp4uQ6Nsi2msjihkpgK9c3y5cczwB3X9Fz95 duywowce5SiWm6cYUf5GFe7vN1r4UbegKqut8HZZnHPTlci7DJZHBDRZLVqio41pUIvu lkXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=KfmNOFLq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id cp12-20020a170902e78c00b001c3fab52a94si1510627plb.212.2023.10.03.08.15.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Oct 2023 08:15:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=KfmNOFLq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 40CF8807D9A7; Tue, 3 Oct 2023 08:14:58 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230372AbjJCPOt (ORCPT + 99 others); Tue, 3 Oct 2023 11:14:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40726 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230269AbjJCPOs (ORCPT ); Tue, 3 Oct 2023 11:14:48 -0400 Received: from mail-vk1-xa30.google.com (mail-vk1-xa30.google.com [IPv6:2607:f8b0:4864:20::a30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D42CB0 for ; Tue, 3 Oct 2023 08:14:45 -0700 (PDT) Received: by mail-vk1-xa30.google.com with SMTP id 71dfb90a1353d-495c10cec8aso470343e0c.1 for ; Tue, 03 Oct 2023 08:14:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1696346084; x=1696950884; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=G502n/pwsi2xTvXRats/u+gp/KdtO1vpg74dn53OTQA=; b=KfmNOFLqCS+lSSOgcbphofXlnxSqCS+9qJZ4baHQnOOMsa5qaZhbtZ5VvQ/5FEUE58 tBDiXS3+dnR2aETNg4Ovm2t9NQ63VigILPawUn4BvQro5Of0g60Ta2xXrAie87EBmAHb nrSb1UPrNB6AuvVA+QL1gCbfYFR0bAb4d0AMM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696346084; x=1696950884; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=G502n/pwsi2xTvXRats/u+gp/KdtO1vpg74dn53OTQA=; b=u0TLTnSqZLAUJMgtB77EvTIAzVDliDmLPJj2o5oKRMlS+sgjnjcY2oJUxPqZjCk/eT tQDWT6inguCDZvD41qf5fqCUoQ2Vi9ZsViUdrQyQjEjFUJcyt8EkZSV0rxjTbYjIHQ7d MdDw4ryDlUuepKUPTjsqJwh5KZw+BmvK0YuE+G70/grBvZbpG7J66PbTOds8xxa6JPLS bi62hNloLU+kOtg2dgR5tQcMBltrgjmojGrdckpbhkT56HXb2DTlNMxKoVVPbsaB0ldL 6BVYdj1lKbqByI5IZUSuDeQGAKmS5z8B2XSvaTJvcnztlUmoB8G73lnr+rBv3B2HRlg1 cqqg== X-Gm-Message-State: AOJu0YyizybTVg5gcNvkbJ+97JbDuBqrRGcUhhwggANYDHD4c8ihrmCS kAPmAj9QMaCWyQdnAhFnmekippz21HluutOjmT3hvQ== X-Received: by 2002:a1f:e043:0:b0:495:bf04:89f8 with SMTP id x64-20020a1fe043000000b00495bf0489f8mr11819878vkg.6.1696346084033; Tue, 03 Oct 2023 08:14:44 -0700 (PDT) Received: from mail-vs1-f51.google.com (mail-vs1-f51.google.com. [209.85.217.51]) by smtp.gmail.com with ESMTPSA id l23-20020a05612210d700b0048f9f9200c7sm187515vko.45.2023.10.03.08.14.42 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 03 Oct 2023 08:14:43 -0700 (PDT) Received: by mail-vs1-f51.google.com with SMTP id ada2fe7eead31-45274236ef6so570784137.3 for ; Tue, 03 Oct 2023 08:14:42 -0700 (PDT) X-Received: by 2002:a05:6102:274c:b0:452:9384:139a with SMTP id p12-20020a056102274c00b004529384139amr13589952vsu.22.1696346082550; Tue, 03 Oct 2023 08:14:42 -0700 (PDT) MIME-Version: 1.0 References: <20231002092051.555479-1-wenst@chromium.org> In-Reply-To: <20231002092051.555479-1-wenst@chromium.org> From: Fei Shao Date: Tue, 3 Oct 2023 23:14:06 +0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] drm/mediatek: Correctly free sg_table in gem prime vmap To: Chen-Yu Tsai Cc: Chun-Kuang Hu , Philipp Zabel , David Airlie , Daniel Vetter , Matthias Brugger , AngeloGioacchino Del Regno , dri-devel@lists.freedesktop.org, linux-mediatek@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 03 Oct 2023 08:14:58 -0700 (PDT) Hi, On Mon, Oct 2, 2023 at 5:21=E2=80=AFPM Chen-Yu Tsai wr= ote: > > The MediaTek DRM driver implements GEM PRIME vmap by fetching the > sg_table for the object, iterating through the pages, and then > vmapping them. In essence, unlike the GEM DMA helpers which vmap > when the object is first created or imported, the MediaTek version > does it on request. > > Unfortunately, the code never correctly frees the sg_table contents. > This results in a kernel memory leak. On a Hayato device with a text > console on the internal display, this results in the system running > out of memory in a few days from all the console screen cursor updates. > > Add sg_free_table() to correctly free the contents of the sg_table. This > was missing despite explicitly required by mtk_gem_prime_get_sg_table(). > > Fixes: 3df64d7b0a4f ("drm/mediatek: Implement gem prime vmap/vunmap funct= ion") > Cc: > Signed-off-by: Chen-Yu Tsai > --- > Please merge for v6.6 fixes. > > Also, I was wondering why the MediaTek DRM driver implements a lot of > the GEM functionality itself, instead of using the GEM DMA helpers. > From what I could tell, the code closely follows the DMA helpers, except > that it vmaps the buffers only upon request. > > > drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/med= iatek/mtk_drm_gem.c > index 9f364df52478..297ee090e02e 100644 > --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c > +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c > @@ -239,6 +239,7 @@ int mtk_drm_gem_prime_vmap(struct drm_gem_object *obj= , struct iosys_map *map) > npages =3D obj->size >> PAGE_SHIFT; > mtk_gem->pages =3D kcalloc(npages, sizeof(*mtk_gem->pages), GFP_K= ERNEL); > if (!mtk_gem->pages) { > + sg_free_table(sgt); > kfree(sgt); > return -ENOMEM; > } > @@ -248,11 +249,13 @@ int mtk_drm_gem_prime_vmap(struct drm_gem_object *o= bj, struct iosys_map *map) > mtk_gem->kvaddr =3D vmap(mtk_gem->pages, npages, VM_MAP, > pgprot_writecombine(PAGE_KERNEL)); > if (!mtk_gem->kvaddr) { > + sg_free_table(sgt); > kfree(sgt); > kfree(mtk_gem->pages); > return -ENOMEM; > } > out: > + sg_free_table(sgt); I think this will cause invalid access from the "goto out" path - sg_free_table() accesses the provided sg table pointer, but it doesn't handle NULL pointers like kfree() does. Regards, Fei > kfree(sgt); > iosys_map_set_vaddr(map, mtk_gem->kvaddr); > > -- > 2.42.0.582.g8ccd20d70d-goog > >