Re: [PATCH] drm/exynos: Fix memory leak and release IOMMU mapping structures
Hi Inki, On 3/9/20 12:45 AM, Inki Dae wrote: Hi Lukasz, 20. 3. 5. 오전 7:00에 Lukasz Luba 이(가) 쓴 글: There is a memory leak which left some objects not freed. The reference counter of mapping: 'mapping->kref' was 2 when calling arm_iommu_detach_device(), so the release_iommu_mapping() won't be called. Since the old mapping structure is not going to be used any more (because it is detached and new one attached), call arm_iommu_release_mapping() to trigger cleanup. Found using kmemleak detector, the output: [snip] Signed-off-by: Lukasz Luba --- Hi all, I have discovered this issue on OdroidXU4 while running some stress tests for upcoming Energy Model. To reproduce it, kernel must be compiled with DEBUG_KMEMLEAK. When the boot has finished, type: # echo scan > /sys/kernel/debug/kmemleak # cat /sys/kernel/debug/kmemleak You should expect similar output to the one from the commit message. I don't know if it should go via stable tree as well. I can resend with CC stable, if there is a need. Thanks for fixup. BTW, as you commented on Marek's patch thread, with Marek's patch the memory leak will be solved. Do you want Marek to rework his patch on top of your patch or are you ok me to pick up only Marek's one? Please drop this one and apply only Marek's patch, it fixes the issue. I didn't know that he was working on similar stuff. Marek's patch is conflicted with your one. Thanks, Inki Dae Regards, Lukasz ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [PATCH] drm/exynos: Fix memory leak and release IOMMU mapping structures
Hi Lukasz, 20. 3. 5. 오전 7:00에 Lukasz Luba 이(가) 쓴 글: > There is a memory leak which left some objects not freed. The reference > counter of mapping: 'mapping->kref' was 2 when calling > arm_iommu_detach_device(), so the release_iommu_mapping() won't be called. > Since the old mapping structure is not going to be used any more (because > it is detached and new one attached), call arm_iommu_release_mapping() > to trigger cleanup. > > Found using kmemleak detector, the output: > > unreferenced object 0xc2137640 (size 64): > comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) > hex dump (first 32 bytes): > 50 a3 14 c2 80 a2 14 c2 01 00 00 00 20 00 00 00 P... ... > 00 10 00 00 00 80 00 00 00 00 00 00 00 00 00 00 > backtrace: > [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 > [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 > [] really_probe+0xb0/0x47c > [<4f510e4f>] driver_probe_device+0x78/0x1c4 > [<7481a0cf>] device_driver_attach+0x58/0x60 > [<0ff8f5c1>] __driver_attach+0xb8/0x158 > [<86006144>] bus_for_each_dev+0x74/0xb4 > [<10159dca>] bus_add_driver+0x1c0/0x200 > [<8a265265>] driver_register+0x74/0x108 > [] exynos_drm_init+0xb0/0x134 > [] do_one_initcall+0x90/0x458 > [<6da35917>] kernel_init_freeable+0x188/0x200 > [] kernel_init+0x8/0x110 > [<1f3cddf9>] ret_from_fork+0x14/0x20 > [<8cd12507>] 0x0 > unreferenced object 0xc214a280 (size 128): > comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) > hex dump (first 32 bytes): > 00 a0 ec ed 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > backtrace: > [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 > [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 > [] really_probe+0xb0/0x47c > [<4f510e4f>] driver_probe_device+0x78/0x1c4 > [<7481a0cf>] device_driver_attach+0x58/0x60 > [<0ff8f5c1>] __driver_attach+0xb8/0x158 > [<86006144>] bus_for_each_dev+0x74/0xb4 > [<10159dca>] bus_add_driver+0x1c0/0x200 > [<8a265265>] driver_register+0x74/0x108 > [] exynos_drm_init+0xb0/0x134 > [] do_one_initcall+0x90/0x458 > [<6da35917>] kernel_init_freeable+0x188/0x200 > [] kernel_init+0x8/0x110 > [<1f3cddf9>] ret_from_fork+0x14/0x20 > [<8cd12507>] 0x0 > unreferenced object 0xedeca000 (size 4096): > comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) > hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > backtrace: > [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 > [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 > [] really_probe+0xb0/0x47c > [<4f510e4f>] driver_probe_device+0x78/0x1c4 > [<7481a0cf>] device_driver_attach+0x58/0x60 > [<0ff8f5c1>] __driver_attach+0xb8/0x158 > [<86006144>] bus_for_each_dev+0x74/0xb4 > [<10159dca>] bus_add_driver+0x1c0/0x200 > [<8a265265>] driver_register+0x74/0x108 > [] exynos_drm_init+0xb0/0x134 > [] do_one_initcall+0x90/0x458 > [<6da35917>] kernel_init_freeable+0x188/0x200 > [] kernel_init+0x8/0x110 > [<1f3cddf9>] ret_from_fork+0x14/0x20 > [<8cd12507>] 0x0 > unreferenced object 0xc214a300 (size 128): > comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) > hex dump (first 32 bytes): > 00 a3 14 c2 00 a3 14 c2 00 40 18 c2 00 80 18 c2 .@.. > 02 00 02 00 ad 4e ad de ff ff ff ff ff ff ff ff .N.. > backtrace: > [<08cbd8bc>] iommu_domain_alloc+0x24/0x50 > [] arm_iommu_create_mapping+0xe4/0x134 > [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 > [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 > [] really_probe+0xb0/0x47c > [<4f510e4f>] driver_probe_device+0x78/0x1c4 > [<7481a0cf>] device_driver_attach+0x58/0x60 > [<0ff8f5c1>] __driver_attach+0xb8/0x158 > [<86006144>] bus_for_each_dev+0x74/0xb4 > [<10159dca>] bus_add_driver+0x1c0/0x200 > [<8a265265>] driver_register+0x74/0x108 > [] exynos_drm_init+0xb0/0x134 > [] do_one_initcall+0x90/0x458 > [<6da35917>] kernel_init_freeable+0x188/0x200 > [] kernel_init+0x8/0x110 > [<1f3cddf9>] ret_from_fork+0x14/0x20 > > Signed-off-by: Lukasz Luba > --- > > Hi all, > > I have discovered this issue on OdroidXU4 while running some stress tests > for upcoming Energy Model. To reproduce it, kernel must be compiled with > DEBUG_KMEMLEAK. When the boot has finished, type: > # echo scan > /sys/kernel/debug/kmemleak > # cat /sys/kernel/debug/kmemleak > You should expect similar output to the one from the commit message. > > I don't know if it should go via stable tree as well. I can resend with CC > stable, if there is a need. Thanks for fixup. BTW, as you commented on Marek's patch thread, with Marek's patch the memory leak will be solved. Do you want Marek to rework his patch on top of your patch or are you ok me
Re: [PATCH] drm/exynos: Fix memory leak and release IOMMU mapping structures
Hi Marek, On 3/5/20 7:07 AM, Marek Szyprowski wrote: Hi Lukasz, On 04.03.2020 23:00, Lukasz Luba wrote: There is a memory leak which left some objects not freed. The reference counter of mapping: 'mapping->kref' was 2 when calling arm_iommu_detach_device(), so the release_iommu_mapping() won't be called. Since the old mapping structure is not going to be used any more (because it is detached and new one attached), call arm_iommu_release_mapping() to trigger cleanup. This will break IOMMU support in Exynos DRM if deferred probe happens. Here is a proper fix: I forgot about the deferred probe. https://patchwork.kernel.org/patch/11415715/ The mapping initially created by DMA-mapping framework should be attached back when Exynos DRM releases the subdev device. Indeed, as you responded in that thread with the example, there is more dependencies and attaching back the old mapping will work. I am going add my reviewed-by to your patch. Regards, Lukasz ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
[PATCH] drm/exynos: Fix memory leak and release IOMMU mapping structures
There is a memory leak which left some objects not freed. The reference counter of mapping: 'mapping->kref' was 2 when calling arm_iommu_detach_device(), so the release_iommu_mapping() won't be called. Since the old mapping structure is not going to be used any more (because it is detached and new one attached), call arm_iommu_release_mapping() to trigger cleanup. Found using kmemleak detector, the output: unreferenced object 0xc2137640 (size 64): comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) hex dump (first 32 bytes): 50 a3 14 c2 80 a2 14 c2 01 00 00 00 20 00 00 00 P... ... 00 10 00 00 00 80 00 00 00 00 00 00 00 00 00 00 backtrace: [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 [] really_probe+0xb0/0x47c [<4f510e4f>] driver_probe_device+0x78/0x1c4 [<7481a0cf>] device_driver_attach+0x58/0x60 [<0ff8f5c1>] __driver_attach+0xb8/0x158 [<86006144>] bus_for_each_dev+0x74/0xb4 [<10159dca>] bus_add_driver+0x1c0/0x200 [<8a265265>] driver_register+0x74/0x108 [] exynos_drm_init+0xb0/0x134 [] do_one_initcall+0x90/0x458 [<6da35917>] kernel_init_freeable+0x188/0x200 [] kernel_init+0x8/0x110 [<1f3cddf9>] ret_from_fork+0x14/0x20 [<8cd12507>] 0x0 unreferenced object 0xc214a280 (size 128): comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) hex dump (first 32 bytes): 00 a0 ec ed 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace: [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 [] really_probe+0xb0/0x47c [<4f510e4f>] driver_probe_device+0x78/0x1c4 [<7481a0cf>] device_driver_attach+0x58/0x60 [<0ff8f5c1>] __driver_attach+0xb8/0x158 [<86006144>] bus_for_each_dev+0x74/0xb4 [<10159dca>] bus_add_driver+0x1c0/0x200 [<8a265265>] driver_register+0x74/0x108 [] exynos_drm_init+0xb0/0x134 [] do_one_initcall+0x90/0x458 [<6da35917>] kernel_init_freeable+0x188/0x200 [] kernel_init+0x8/0x110 [<1f3cddf9>] ret_from_fork+0x14/0x20 [<8cd12507>] 0x0 unreferenced object 0xedeca000 (size 4096): comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace: [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 [] really_probe+0xb0/0x47c [<4f510e4f>] driver_probe_device+0x78/0x1c4 [<7481a0cf>] device_driver_attach+0x58/0x60 [<0ff8f5c1>] __driver_attach+0xb8/0x158 [<86006144>] bus_for_each_dev+0x74/0xb4 [<10159dca>] bus_add_driver+0x1c0/0x200 [<8a265265>] driver_register+0x74/0x108 [] exynos_drm_init+0xb0/0x134 [] do_one_initcall+0x90/0x458 [<6da35917>] kernel_init_freeable+0x188/0x200 [] kernel_init+0x8/0x110 [<1f3cddf9>] ret_from_fork+0x14/0x20 [<8cd12507>] 0x0 unreferenced object 0xc214a300 (size 128): comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) hex dump (first 32 bytes): 00 a3 14 c2 00 a3 14 c2 00 40 18 c2 00 80 18 c2 .@.. 02 00 02 00 ad 4e ad de ff ff ff ff ff ff ff ff .N.. backtrace: [<08cbd8bc>] iommu_domain_alloc+0x24/0x50 [] arm_iommu_create_mapping+0xe4/0x134 [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 [] really_probe+0xb0/0x47c [<4f510e4f>] driver_probe_device+0x78/0x1c4 [<7481a0cf>] device_driver_attach+0x58/0x60 [<0ff8f5c1>] __driver_attach+0xb8/0x158 [<86006144>] bus_for_each_dev+0x74/0xb4 [<10159dca>] bus_add_driver+0x1c0/0x200 [<8a265265>] driver_register+0x74/0x108 [] exynos_drm_init+0xb0/0x134 [] do_one_initcall+0x90/0x458 [<6da35917>] kernel_init_freeable+0x188/0x200 [] kernel_init+0x8/0x110 [<1f3cddf9>] ret_from_fork+0x14/0x20 Signed-off-by: Lukasz Luba --- Hi all, I have discovered this issue on OdroidXU4 while running some stress tests for upcoming Energy Model. To reproduce it, kernel must be compiled with DEBUG_KMEMLEAK. When the boot has finished, type: # echo scan > /sys/kernel/debug/kmemleak # cat /sys/kernel/debug/kmemleak You should expect similar output to the one from the commit message. I don't know if it should go via stable tree as well. I can resend with CC stable, if there is a need. Regards, Lukasz Luba drivers/gpu/drm/exynos/exynos_drm_dma.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/exynos/exynos_drm_dma.c b/drivers/gpu/drm/exynos/exynos_drm_dma.c index 9ebc02768847..45f209ec107f 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_dma.c +++ b/drivers/gpu/drm/exynos/exynos_drm_dma.c @@ -74,8 +74,13 @@ static int drm_iommu_attach_device(struct drm_device *drm_dev, return ret;
Re: [PATCH] drm/exynos: Fix memory leak and release IOMMU mapping structures
Hi Lukasz, On 04.03.2020 23:00, Lukasz Luba wrote: > There is a memory leak which left some objects not freed. The reference > counter of mapping: 'mapping->kref' was 2 when calling > arm_iommu_detach_device(), so the release_iommu_mapping() won't be called. > Since the old mapping structure is not going to be used any more (because > it is detached and new one attached), call arm_iommu_release_mapping() > to trigger cleanup. This will break IOMMU support in Exynos DRM if deferred probe happens. Here is a proper fix: https://patchwork.kernel.org/patch/11415715/ The mapping initially created by DMA-mapping framework should be attached back when Exynos DRM releases the subdev device. > Found using kmemleak detector, the output: > > unreferenced object 0xc2137640 (size 64): >comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) >hex dump (first 32 bytes): > 50 a3 14 c2 80 a2 14 c2 01 00 00 00 20 00 00 00 P... ... > 00 10 00 00 00 80 00 00 00 00 00 00 00 00 00 00 >backtrace: > [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 > [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 > [] really_probe+0xb0/0x47c > [<4f510e4f>] driver_probe_device+0x78/0x1c4 > [<7481a0cf>] device_driver_attach+0x58/0x60 > [<0ff8f5c1>] __driver_attach+0xb8/0x158 > [<86006144>] bus_for_each_dev+0x74/0xb4 > [<10159dca>] bus_add_driver+0x1c0/0x200 > [<8a265265>] driver_register+0x74/0x108 > [] exynos_drm_init+0xb0/0x134 > [] do_one_initcall+0x90/0x458 > [<6da35917>] kernel_init_freeable+0x188/0x200 > [] kernel_init+0x8/0x110 > [<1f3cddf9>] ret_from_fork+0x14/0x20 > [<8cd12507>] 0x0 > unreferenced object 0xc214a280 (size 128): >comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) >hex dump (first 32 bytes): > 00 a0 ec ed 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >backtrace: > [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 > [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 > [] really_probe+0xb0/0x47c > [<4f510e4f>] driver_probe_device+0x78/0x1c4 > [<7481a0cf>] device_driver_attach+0x58/0x60 > [<0ff8f5c1>] __driver_attach+0xb8/0x158 > [<86006144>] bus_for_each_dev+0x74/0xb4 > [<10159dca>] bus_add_driver+0x1c0/0x200 > [<8a265265>] driver_register+0x74/0x108 > [] exynos_drm_init+0xb0/0x134 > [] do_one_initcall+0x90/0x458 > [<6da35917>] kernel_init_freeable+0x188/0x200 > [] kernel_init+0x8/0x110 > [<1f3cddf9>] ret_from_fork+0x14/0x20 > [<8cd12507>] 0x0 > unreferenced object 0xedeca000 (size 4096): >comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) >hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >backtrace: > [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 > [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 > [] really_probe+0xb0/0x47c > [<4f510e4f>] driver_probe_device+0x78/0x1c4 > [<7481a0cf>] device_driver_attach+0x58/0x60 > [<0ff8f5c1>] __driver_attach+0xb8/0x158 > [<86006144>] bus_for_each_dev+0x74/0xb4 > [<10159dca>] bus_add_driver+0x1c0/0x200 > [<8a265265>] driver_register+0x74/0x108 > [] exynos_drm_init+0xb0/0x134 > [] do_one_initcall+0x90/0x458 > [<6da35917>] kernel_init_freeable+0x188/0x200 > [] kernel_init+0x8/0x110 > [<1f3cddf9>] ret_from_fork+0x14/0x20 > [<8cd12507>] 0x0 > unreferenced object 0xc214a300 (size 128): >comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s) >hex dump (first 32 bytes): > 00 a3 14 c2 00 a3 14 c2 00 40 18 c2 00 80 18 c2 .@.. > 02 00 02 00 ad 4e ad de ff ff ff ff ff ff ff ff .N.. >backtrace: > [<08cbd8bc>] iommu_domain_alloc+0x24/0x50 > [] arm_iommu_create_mapping+0xe4/0x134 > [<3acd268d>] arch_setup_dma_ops+0x4c/0x104 > [<9f7d2cce>] of_dma_configure+0x19c/0x3a4 > [] really_probe+0xb0/0x47c > [<4f510e4f>] driver_probe_device+0x78/0x1c4 > [<7481a0cf>] device_driver_attach+0x58/0x60 > [<0ff8f5c1>] __driver_attach+0xb8/0x158 > [<86006144>] bus_for_each_dev+0x74/0xb4 > [<10159dca>] bus_add_driver+0x1c0/0x200 > [<8a265265>] driver_register+0x74/0x108 > [] exynos_drm_init+0xb0/0x134 > [] do_one_initcall+0x90/0x458 > [<6da35917>] kernel_init_freeable+0x188/0x200 > [] kernel_init+0x8/0x110 > [<1f3cddf9>] ret_from_fork+0x14/0x20 > > Signed-off-by: Lukasz Luba > --- > > Hi all, > > I have discovered this issue on OdroidXU4 while running some stress tests > for upcoming Energy Model. To reproduce it, kernel must be compiled with > DEBUG_KMEMLEAK. When the boot has finished, type: > # echo scan > /sys/kernel/debug/kmemleak > # cat /sys/kernel/debug/kmemleak > You should expect similar output
