[PATCH] drm/rocket: Add scheds pointer to file_priv and fix memory leaks

Thu, 06 Nov 2025 18:46:41 -0800 

The rocket driver allocates an array of struct drm_gpu_scheduler pointers
for each file via kmalloc_array() in rocket_job_open(). However, the
allocated memory was not stored in rocket_file_priv and therefore never
freed on file close, leading to a memory leak.

This patch introduces a new `scheds` field in struct rocket_file_priv to
store the allocated pointer array, and frees it properly in
rocket_job_close() after the scheduler entity is destroyed.

This ensures correct lifetime tracking of scheduler arrays and resolves
the leak detected by code review and potential KASAN reports.

Signed-off-by: Li Qiang <[email protected]>
---
 drivers/accel/rocket/rocket_drv.h |  1 +
 drivers/accel/rocket/rocket_job.c | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/drivers/accel/rocket/rocket_drv.h 
b/drivers/accel/rocket/rocket_drv.h
index 2c673bb99ccc..759a08596dad 100644
--- a/drivers/accel/rocket/rocket_drv.h
+++ b/drivers/accel/rocket/rocket_drv.h
@@ -24,6 +24,7 @@ struct rocket_file_priv {
        struct mutex mm_lock;
 
        struct drm_sched_entity sched_entity;
+       struct drm_gpu_scheduler **scheds;
 };
 
 struct rocket_iommu_domain *rocket_iommu_domain_get(struct rocket_file_priv 
*rocket_priv);
diff --git a/drivers/accel/rocket/rocket_job.c 
b/drivers/accel/rocket/rocket_job.c
index acd606160dc9..820d96f010f2 100644
--- a/drivers/accel/rocket/rocket_job.c
+++ b/drivers/accel/rocket/rocket_job.c
@@ -502,6 +502,9 @@ int rocket_job_open(struct rocket_file_priv *rocket_priv)
        unsigned int core;
        int ret;
 
+       if (unlikely(!scheds))
+               return -ENOMEM;
+
        for (core = 0; core < rdev->num_cores; core++)
                scheds[core] = &rdev->cores[core].sched;
 
@@ -509,8 +512,12 @@ int rocket_job_open(struct rocket_file_priv *rocket_priv)
                                    DRM_SCHED_PRIORITY_NORMAL,
                                    scheds,
                                    rdev->num_cores, NULL);
-       if (WARN_ON(ret))
+       if (WARN_ON(ret)) {
+               kfree(scheds);
                return ret;
+       }
+
+       rocket_priv->scheds = scheds;
 
        return 0;
 }
@@ -520,6 +527,7 @@ void rocket_job_close(struct rocket_file_priv *rocket_priv)
        struct drm_sched_entity *entity = &rocket_priv->sched_entity;
 
        kfree(entity->sched_list);
+       kfree(rocket_priv->scheds);
        drm_sched_entity_destroy(entity);
 }
 
-- 
2.25.1

Reply via email to