On Fri, Dec 19, 2025 11:33 AM Michał Grzelak wrote:
> During initialization of DRM buddy memory manager at drm_buddy_init,
> mm->free_trees array is allocated for both clear and dirty RB trees.
> During cleanup happening at drm_buddy_fini it is never freed, leading to
> following memory leaks observed on xe module load & unload cycles:
>
> kmemleak_alloc+0x4a/0x90
> __kmalloc_cache_noprof+0x488/0x800
> drm_buddy_init+0xc2/0x330 [drm_buddy]
> __xe_ttm_vram_mgr_init+0xc3/0x190 [xe]
> xe_ttm_stolen_mgr_init+0xf5/0x9d0 [xe]
> xe_device_probe+0x326/0x9e0 [xe]
> xe_pci_probe+0x39a/0x610 [xe]
> local_pci_probe+0x47/0xb0
> pci_device_probe+0xf3/0x260
> really_probe+0xf1/0x3c0
> __driver_probe_device+0x8c/0x180
> driver_probe_device+0x24/0xd0
> __driver_attach+0x10f/0x220
> bus_for_each_dev+0x7f/0xe0
> driver_attach+0x1e/0x30
> bus_add_driver+0x151/0x290
>
> Deallocate array for free trees when cleaning up buddy memory manager in
> the same way as if going through out_free_tree label.
>
> Fixes: d4cd665c98c1 ("drm/buddy: Separate clear and dirty free block trees")
> Signed-off-by: Michał Grzelak <[email protected]>
> Reviewed-by: Lucas De Marchi <[email protected]>
> Reviewed-by: Matthew Auld <[email protected]>
I also meet this issue. And the fix LGTM. It has the same logic as the failure
path of drm_buddy_init().
Reviewed-by: Shuicheng Lin <[email protected]>
> ---
> drivers/gpu/drm/drm_buddy.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c
> index 2f279b46bd2c..8308116058cc 100644
> --- a/drivers/gpu/drm/drm_buddy.c
> +++ b/drivers/gpu/drm/drm_buddy.c
> @@ -420,6 +420,7 @@ void drm_buddy_fini(struct drm_buddy *mm)
>
> for_each_free_tree(i)
> kfree(mm->free_trees[i]);
> + kfree(mm->free_trees);
> kfree(mm->roots);
> }
> EXPORT_SYMBOL(drm_buddy_fini);
> --
> 2.45.2
