[PATCH] drm/v3d: fix sched job resources cleanup when a job is aborted

[Melissa Wen]

In a cl submission, when bin job initialization fails, sched job resources
were already allocated for the render job. At this point,
drm_sched_job_init(render) was done in v3d_job_init but the render job is
aborted before drm_sched_job_arm (in v3d_job_push) happens; therefore, not
only v3d_job_put but also drm_sched_job_cleanup should be called (by
v3d_job_cleanup). A similar issue is addressed for csd and tfu submissions.

The issue was noticed from a review by Iago Toral in a patch that touches
the same part of the code.

Fixes: 916044fac8623 ("drm/v3d: Move drm_sched_job_init to v3d_job_init")
Signed-off-by: Melissa Wen <m...@igalia.com>
---
 drivers/gpu/drm/v3d/v3d_gem.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c
index 1953706bdaeb..ead0be8d48a7 100644
--- a/drivers/gpu/drm/v3d/v3d_gem.c
+++ b/drivers/gpu/drm/v3d/v3d_gem.c
@@ -567,14 +567,14 @@ v3d_submit_cl_ioctl(struct drm_device *dev, void *data,
        if (args->bcl_start != args->bcl_end) {
                bin = kcalloc(1, sizeof(*bin), GFP_KERNEL);
                if (!bin) {
-                       v3d_job_put(&render->base);
+                       v3d_job_cleanup(&render->base);
                        return -ENOMEM;
                }
 
                ret = v3d_job_init(v3d, file_priv, &bin->base,
                                   v3d_job_free, args->in_sync_bcl, V3D_BIN);
                if (ret) {
-                       v3d_job_put(&render->base);
+                       v3d_job_cleanup(&render->base);
                        kfree(bin);
                        return ret;
                }
@@ -716,7 +716,7 @@ v3d_submit_tfu_ioctl(struct drm_device *dev, void *data,
        job->base.bo = kcalloc(ARRAY_SIZE(args->bo_handles),
                               sizeof(*job->base.bo), GFP_KERNEL);
        if (!job->base.bo) {
-               v3d_job_put(&job->base);
+               v3d_job_cleanup(&job->base);
                return -ENOMEM;
        }
 
@@ -810,14 +810,13 @@ v3d_submit_csd_ioctl(struct drm_device *dev, void *data,
 
        clean_job = kcalloc(1, sizeof(*clean_job), GFP_KERNEL);
        if (!clean_job) {
-               v3d_job_put(&job->base);
-               kfree(job);
+               v3d_job_cleanup(&job->base);
                return -ENOMEM;
        }
 
        ret = v3d_job_init(v3d, file_priv, clean_job, v3d_job_free, 0, 
V3D_CACHE_CLEAN);
        if (ret) {
-               v3d_job_put(&job->base);
+               v3d_job_cleanup(&job->base);
                kfree(clean_job);
                return ret;
        }
-- 
2.30.2

signature.asc
Description: PGP signature