[PATCH v2 3/4] drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure

public inbox for intel-xe@lists.freedesktop.org
 help / color / mirror / Atom feed

From: Shuicheng Lin <shuicheng.lin@intel.com>
To: intel-xe@lists.freedesktop.org
Cc: Shuicheng Lin <shuicheng.lin@intel.com>,
	stable@vger.kernel.org, Matthew Brost <matthew.brost@intel.com>
Subject: [PATCH v2 3/4] drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure
Date: Wed,  8 Apr 2026 17:52:54 +0000	[thread overview]
Message-ID: <20260408175255.3402838-4-shuicheng.lin@intel.com> (raw)
In-Reply-To: <20260408175255.3402838-1-shuicheng.lin@intel.com>

When drm_gpuvm_resv_object_alloc() fails, the pre-allocated storage bo
is not freed. Add xe_bo_free(storage) before returning the error.

xe_dma_buf_init_obj() calls xe_bo_init_locked(), which frees the bo on
error. Therefore, xe_dma_buf_init_obj() must also free the bo on its own
error paths. Otherwise, since xe_gem_prime_import() cannot distinguish
whether the failure originated from xe_dma_buf_init_obj() or from
xe_bo_init_locked(), it cannot safely decide whether the bo should be
freed.

Add comments documenting the ownership semantics: on success, ownership
of storage is transferred to the returned drm_gem_object; on failure,
storage is freed before returning.

v2: Add comments to explain the free logic.

Fixes: eb289a5f6cc6 ("drm/xe: Convert xe_dma_buf.c for exhaustive eviction")
Cc: stable@vger.kernel.org
Assisted-by: Claude:claude-opus-4.6
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
---
 drivers/gpu/drm/xe/xe_dma_buf.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/xe/xe_dma_buf.c b/drivers/gpu/drm/xe/xe_dma_buf.c
index 7f9602b3363d..c0937c090d33 100644
--- a/drivers/gpu/drm/xe/xe_dma_buf.c
+++ b/drivers/gpu/drm/xe/xe_dma_buf.c
@@ -258,6 +258,13 @@ struct dma_buf *xe_gem_prime_export(struct drm_gem_object *obj, int flags)
 	return ERR_PTR(ret);
 }
 
+/*
+ * Takes ownership of @storage: on success it is transferred to the returned
+ * drm_gem_object; on failure it is freed before returning the error.
+ * This matches the contract of xe_bo_init_locked() which frees @storage on
+ * its error paths, so callers need not (and must not) free @storage after
+ * this call.
+ */
 static struct drm_gem_object *
 xe_dma_buf_init_obj(struct drm_device *dev, struct xe_bo *storage,
 		    struct dma_buf *dma_buf)
@@ -271,8 +278,10 @@ xe_dma_buf_init_obj(struct drm_device *dev, struct xe_bo *storage,
 	int ret = 0;
 
 	dummy_obj = drm_gpuvm_resv_object_alloc(&xe->drm);
-	if (!dummy_obj)
+	if (!dummy_obj) {
+		xe_bo_free(storage);
 		return ERR_PTR(-ENOMEM);
+	}
 
 	dummy_obj->resv = resv;
 	xe_validation_guard(&ctx, &xe->val, &exec, (struct xe_val_flags) {}, ret) {
@@ -281,6 +290,7 @@ xe_dma_buf_init_obj(struct drm_device *dev, struct xe_bo *storage,
 		if (ret)
 			break;
 
+		/* xe_bo_init_locked() frees storage on error */
 		bo = xe_bo_init_locked(xe, storage, NULL, resv, NULL, dma_buf->size,
 				       0, /* Will require 1way or 2way for vm_bind */
 				       ttm_bo_type_sg, XE_BO_FLAG_SYSTEM, &exec);
-- 
2.43.0

next prev parent reply	other threads:[~2026-04-08 17:57 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-08 17:52 [PATCH v2 0/4] drm/xe: Fix resource leaks in bo init and dma-buf paths Shuicheng Lin
2026-04-08 17:52 ` [PATCH v2 1/4] drm/xe/bo: Fix bo leak on unaligned size validation in xe_bo_init_locked() Shuicheng Lin
2026-04-08 17:52 ` [PATCH v2 2/4] drm/xe/bo: Fix bo leak on GGTT flag " Shuicheng Lin
2026-04-08 17:52 ` Shuicheng Lin [this message]
2026-04-08 17:52 ` [PATCH v2 4/4] drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() Shuicheng Lin
2026-04-08 18:03 ` ✗ CI.checkpatch: warning for drm/xe: Fix resource leaks in bo init and dma-buf paths (rev2) Patchwork
2026-04-08 18:04 ` ✗ CI.KUnit: failure " Patchwork
2026-04-10  2:29 ` ✗ CI.checkpatch: warning for drm/xe: Fix resource leaks in bo init and dma-buf paths (rev3) Patchwork
2026-04-10  2:30 ` ✓ CI.KUnit: success " Patchwork
2026-04-10  3:29 ` ✓ Xe.CI.BAT: " Patchwork
2026-04-10  7:58 ` ✓ Xe.CI.FULL: " Patchwork

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7f9602b3363 dfblob:c0937c090d3 )
 OR (
bs:"[PATCH v2 3/4] drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260408175255.3402838-4-shuicheng.lin@intel.com \
    --to=shuicheng.lin@intel.com \
    --cc=intel-xe@lists.freedesktop.org \
    --cc=matthew.brost@intel.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox