Unverified Commit 9525d169 authored by Maíra Canal's avatar Maíra Canal
Browse files

drm/vc4: Fix a memory leak in hang state error path 



When vc4_save_hang_state() encounters an early return condition, it
returns without freeing the previously allocated `kernel_state`,
leaking memory.

Add the missing kfree() calls by consolidating the early return paths
into a single place.

Fixes: 21461365 ("drm/vc4: Add an interface for capturing the GPU state after a hang.")
Reviewed-by: default avatarMelissa Wen <mwen@igalia.com>
Link: https://patch.msgid.link/20260330-vc4-misc-fixes-v1-3-92defc940a29@igalia.com


Signed-off-by: default avatarMaíra Canal <mcanal@igalia.com>
parent f4dfd684

drivers/gpu/drm/vc4/vc4_gem.c

+10 −8
Original line number Diff line number Diff line
@@ -171,10 +171,8 @@ vc4_save_hang_state(struct drm_device *dev) 
	spin_lock_irqsave(&vc4->job_lock, irqflags);

	exec[0] = vc4_first_bin_job(vc4);

	exec[1] = vc4_first_render_job(vc4);

	if (!exec[0] && !exec[1]) {

		spin_unlock_irqrestore(&vc4->job_lock, irqflags);

		return;

	}

	if (!exec[0] && !exec[1])

		goto err_free_state;



	/* Get the bos from both binner and renderer into hang state. */

	state->bo_count = 0;
@@ -191,10 +189,8 @@ vc4_save_hang_state(struct drm_device *dev) 
	kernel_state->bo = kzalloc_objs(*kernel_state->bo, state->bo_count,

					GFP_ATOMIC);



	if (!kernel_state->bo) {

		spin_unlock_irqrestore(&vc4->job_lock, irqflags);

		return;

	}

	if (!kernel_state->bo)

		goto err_free_state;



	k = 0;

	for (i = 0; i < 2; i++) {
@@ -286,6 +282,12 @@ vc4_save_hang_state(struct drm_device *dev) 
		vc4->hang_state = kernel_state;

		spin_unlock_irqrestore(&vc4->job_lock, irqflags);

	}



	return;



err_free_state:

	spin_unlock_irqrestore(&vc4->job_lock, irqflags);

	kfree(kernel_state);

}



static void