linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Yongxin Liu <yongxin.liu@windriver.com>,
	Ben Skeggs <bskeggs@redhat.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 32/53] drm/nouveau: fix memory leak in nouveau_conn_reset()
Date: Mon,  5 Aug 2019 15:02:57 +0200	[thread overview]
Message-ID: <20190805124931.699313190@linuxfoundation.org> (raw)
In-Reply-To: <20190805124927.973499541@linuxfoundation.org>

[ Upstream commit 09b90e2fe35faeace2488234e2a7728f2ea8ba26 ]

In nouveau_conn_reset(), if connector->state is true,
__drm_atomic_helper_connector_destroy_state() will be called,
but the memory pointed by asyc isn't freed. Memory leak happens
in the following function __drm_atomic_helper_connector_reset(),
where newly allocated asyc->state will be assigned to connector->state.

So using nouveau_conn_atomic_destroy_state() instead of
__drm_atomic_helper_connector_destroy_state to free the "old" asyc.

Here the is the log showing memory leak.

unreferenced object 0xffff8c5480483c80 (size 192):
  comm "kworker/0:2", pid 188, jiffies 4294695279 (age 53.179s)
  hex dump (first 32 bytes):
    00 f0 ba 7b 54 8c ff ff 00 00 00 00 00 00 00 00  ...{T...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000005005c0d0>] kmem_cache_alloc_trace+0x195/0x2c0
    [<00000000a122baed>] nouveau_conn_reset+0x25/0xc0 [nouveau]
    [<000000004fd189a2>] nouveau_connector_create+0x3a7/0x610 [nouveau]
    [<00000000c73343a8>] nv50_display_create+0x343/0x980 [nouveau]
    [<000000002e2b03c3>] nouveau_display_create+0x51f/0x660 [nouveau]
    [<00000000c924699b>] nouveau_drm_device_init+0x182/0x7f0 [nouveau]
    [<00000000cc029436>] nouveau_drm_probe+0x20c/0x2c0 [nouveau]
    [<000000007e961c3e>] local_pci_probe+0x47/0xa0
    [<00000000da14d569>] work_for_cpu_fn+0x1a/0x30
    [<0000000028da4805>] process_one_work+0x27c/0x660
    [<000000001d415b04>] worker_thread+0x22b/0x3f0
    [<0000000003b69f1f>] kthread+0x12f/0x150
    [<00000000c94c29b7>] ret_from_fork+0x3a/0x50

Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/nouveau/nouveau_connector.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
index 2c6d196836886..4a7d50a96d36f 100644
--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
+++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
@@ -251,7 +251,7 @@ nouveau_conn_reset(struct drm_connector *connector)
 		return;
 
 	if (connector->state)
-		__drm_atomic_helper_connector_destroy_state(connector->state);
+		nouveau_conn_atomic_destroy_state(connector, connector->state);
 	__drm_atomic_helper_connector_reset(connector, &asyc->state);
 	asyc->dither.mode = DITHERING_MODE_AUTO;
 	asyc->dither.depth = DITHERING_DEPTH_AUTO;
-- 
2.20.1




  parent reply	other threads:[~2019-08-05 13:14 UTC|newest]

Thread overview: 62+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-05 13:02 [PATCH 4.14 00/53] 4.14.137-stable review Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 01/53] ARM: riscpc: fix DMA Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 02/53] ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200 Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 03/53] ARM: dts: rockchip: Make rk3288-veyron-mickeys emmc work again Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 04/53] ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 05/53] ftrace: Enable trampoline when rec count returns back to one Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 06/53] kernel/module.c: Only return -EEXIST for modules that have finished loading Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 07/53] MIPS: lantiq: Fix bitfield masking Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 08/53] dmaengine: rcar-dmac: Reject zero-length slave DMA requests Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 09/53] clk: tegra210: fix PLLU and PLLU_OUT1 Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 10/53] fs/adfs: super: fix use-after-free bug Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 11/53] btrfs: fix minimum number of chunk errors for DUP Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 12/53] cifs: Fix a race condition with cifs_echo_request Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 13/53] ceph: fix improper use of smp_mb__before_atomic() Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 14/53] ceph: return -ERANGE if virtual xattr value didnt fit in buffer Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 15/53] ACPI: blacklist: fix clang warning for unused DMI table Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 16/53] scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 17/53] x86: kvm: avoid constant-conversion warning Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 18/53] ACPI: fix false-positive -Wuninitialized warning Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 19/53] be2net: Signal that the device cannot transmit during reconfiguration Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 20/53] x86/apic: Silence -Wtype-limits compiler warnings Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 21/53] x86: math-emu: Hide clang warnings for 16-bit overflow Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 22/53] mm/cma.c: fail if fixed declaration cant be honored Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 23/53] coda: add error handling for fget Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 24/53] coda: fix build using bare-metal toolchain Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 25/53] uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 26/53] drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 27/53] ipc/mqueue.c: only perform resource calculation if user valid Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 28/53] xen/pv: Fix a boot up hang revealed by int3 self test Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 29/53] x86/kvm: Dont call kvm_spurious_fault() from .fixup Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 30/53] x86/paravirt: Fix callee-saved function ELF sizes Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 31/53] x86, boot: Remove multiple copy of static function sanitize_boot_params() Greg Kroah-Hartman
2019-08-05 13:02 ` Greg Kroah-Hartman [this message]
2019-08-05 13:02 ` [PATCH 4.14 33/53] kbuild: initialize CLANG_FLAGS correctly in the top Makefile Greg Kroah-Hartman
2019-08-05 13:02 ` [PATCH 4.14 34/53] Btrfs: fix incremental send failure after deduplication Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 35/53] Btrfs: fix race leading to fs corruption after transaction abort Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 36/53] mmc: dw_mmc: Fix occasional hang after tuning on eMMC Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 37/53] gpiolib: fix incorrect IRQ requesting of an active-low lineevent Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 38/53] IB/hfi1: Fix Spectre v1 vulnerability Greg Kroah-Hartman
2019-08-05 14:16   ` Gustavo A. R. Silva
2019-08-26  9:06     ` Greg Kroah-Hartman
2019-08-26 21:23       ` Gustavo A. R. Silva
2019-08-05 13:03 ` [PATCH 4.14 39/53] selinux: fix memory leak in policydb_init() Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 40/53] s390/dasd: fix endless loop after read unit address configuration Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 41/53] parisc: Fix build of compressed kernel even with debug enabled Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 42/53] drivers/perf: arm_pmu: Fix failure path in PM notifier Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 43/53] nbd: replace kill_bdev() with __invalidate_device() again Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 44/53] xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 45/53] IB/mlx5: Fix unreg_umr to ignore the mkey state Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 46/53] IB/mlx5: Use direct mkey destroy command upon UMR unreg failure Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 47/53] IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 48/53] IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 49/53] IB/hfi1: Check for error on call to alloc_rsm_map_table Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 50/53] eeprom: at24: make spd world-readable again Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 51/53] objtool: Support GCC 9 cold subfunction naming scheme Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 52/53] gcc-9: properly declare the {pv,hv}clock_page storage Greg Kroah-Hartman
2019-08-05 13:03 ` [PATCH 4.14 53/53] x86/vdso: Prevent segfaults due to hoisted vclock reads Greg Kroah-Hartman
2019-08-06  1:06 ` [PATCH 4.14 00/53] 4.14.137-stable review shuah
2019-08-06  3:34 ` Naresh Kamboju
2019-08-06  7:16 ` Jack Wang
2019-08-06 15:49 ` Guenter Roeck
2019-08-06 18:29 ` Jon Hunter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190805124931.699313190@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=bskeggs@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=yongxin.liu@windriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).