From 37531fa0ce9eee2e1c78c64cbdcf0214543c1e13 Mon Sep 17 00:00:00 2001 From: Patrick Lerda Date: Mon, 29 May 2023 18:23:30 +0200 Subject: [PATCH] nouveau: fix nouveau_heap_destroy() memory leak Indeed, this function was not processing the linked allocated list. For instance, this issue is triggered with "piglit/bin/hiz-depth-read-fbo-d24-s0 -auto": Indirect leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f6795638987 in calloc (/usr/lib64/libasan.so.6+0xb1987) #1 0x7f678bac13b9 in nouveau_heap_alloc ../src/gallium/drivers/nouveau/nouveau_heap.c:64 #2 0x7f678bb6c7e4 in nv50_program_upload_code ../src/gallium/drivers/nouveau/nv50/nv50_program.c:490 #3 0x7f678bb83b92 in nv50_vertprog_validate ../src/gallium/drivers/nouveau/nv50/nv50_shader_state.c:161 #4 0x7f678bba3000 in nv50_state_validate ../src/gallium/drivers/nouveau/nv50/nv50_state_validate.c:552 #5 0x7f678bba3c4d in nv50_state_validate_3d ../src/gallium/drivers/nouveau/nv50/nv50_state_validate.c:575 #6 0x7f678b9e3e92 in nv50_blit_3d ../src/gallium/drivers/nouveau/nv50/nv50_surface.c:1444 #7 0x7f678b9e3e92 in nv50_blit ../src/gallium/drivers/nouveau/nv50/nv50_surface.c:1832 #8 0x7f678a0b378a in blit_to_staging ../src/mesa/state_tracker/st_cb_readpixels.c:337 #9 0x7f678a0b7358 in st_ReadPixels ../src/mesa/state_tracker/st_cb_readpixels.c:516 #10 0x7f6789f82005 in read_pixels ../src/mesa/main/readpix.c:1178 #11 0x7f6789f82005 in _mesa_ReadnPixelsARB ../src/mesa/main/readpix.c:1195 #12 0x7f6789f82ac0 in _mesa_ReadPixels ../src/mesa/main/readpix.c:1210 ... SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). Fixes: 67635a0a713e ("nouveau: get rid of tabs") Signed-off-by: Patrick Lerda Reviewed-by: Karol Herbst Part-of: (cherry picked from commit 1980934d0d1c9e4d9e6688493483cdfaae21d50a) --- .pick_status.json | 2 +- src/gallium/drivers/nouveau/nouveau_heap.c | 11 ++++++++--- src/gallium/drivers/nouveau/nvc0/nvc0_screen.c | 4 ++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.pick_status.json b/.pick_status.json index 409332455920..0fbdb619eeaa 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -2263,7 +2263,7 @@ "description": "nouveau: fix nouveau_heap_destroy() memory leak", "nominated": true, "nomination_type": 1, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": "67635a0a713e54939f1f72ba8db2b3099988a925" }, diff --git a/src/gallium/drivers/nouveau/nouveau_heap.c b/src/gallium/drivers/nouveau/nouveau_heap.c index 3d415a5f30e2..496c4ec7a311 100644 --- a/src/gallium/drivers/nouveau/nouveau_heap.c +++ b/src/gallium/drivers/nouveau/nouveau_heap.c @@ -44,9 +44,14 @@ nouveau_heap_init(struct nouveau_heap **heap, void nouveau_heap_destroy(struct nouveau_heap **heap) { - if (!*heap) - return; - free(*heap); + struct nouveau_heap *current = *heap; + + while (current) { + struct nouveau_heap *const next = current->next; + free(current); + current = next; + } + *heap = NULL; } diff --git a/src/gallium/drivers/nouveau/nvc0/nvc0_screen.c b/src/gallium/drivers/nouveau/nvc0/nvc0_screen.c index 4df20f094b7f..86a351c6cf9f 100644 --- a/src/gallium/drivers/nouveau/nvc0/nvc0_screen.c +++ b/src/gallium/drivers/nouveau/nvc0/nvc0_screen.c @@ -632,7 +632,7 @@ nvc0_screen_destroy(struct pipe_screen *pscreen) nouveau_bo_ref(NULL, &screen->fence.bo); nouveau_bo_ref(NULL, &screen->poly_cache); - nouveau_heap_destroy(&screen->lib_code); + nouveau_heap_free(&screen->lib_code); nouveau_heap_destroy(&screen->text_heap); FREE(screen->tic.entries); @@ -883,7 +883,7 @@ nvc0_screen_resize_text_area(struct nvc0_screen *screen, struct nouveau_pushbuf nouveau_bo_ref(NULL, &screen->text); screen->text = bo; - nouveau_heap_destroy(&screen->lib_code); + nouveau_heap_free(&screen->lib_code); nouveau_heap_destroy(&screen->text_heap); /* XXX: getting a page fault at the end of the code buffer every few