diff options
| author | yshi18 <yang.a.shi@intel.com> | 2020-12-03 13:54:14 +0800 |
|---|---|---|
| committer | Dylan Baker <dylan.c.baker@intel.com> | 2020-12-08 09:46:41 -0800 |
| commit | fba1d74ed804b813964a88be7fe1e90aace79c41 (patch) | |
| tree | 582a32e6434fff5a97c0207b01ec7407227de43d | |
| parent | ce0804ccc248dbb218dc92432e2e6a593e590072 (diff) | |
iris: fix memleak for query_buffer_uploader
In the Chrome WebGL Aquarium stress test, 20 instances of Chrome will run
Aquarium simultaneously over 20+ hours. That causes Chrome crash.
During the stress, glBeginQueryIndexed is called frequently.
1.Each query will only use 32 bytes from query_buffer_uploader. After the offset
exceed 4096, it will alloc new buffer for query_buffer_uploader->buffer
and release the old buffer.
2.But iris_begin_query will call u_upload_alloc when the offset changed, and it
will increase the query_buffer_uploader->buffer->reference.count every time
when it called u_upload_alloc.
3.So when u_upload_release_buffer try to release the resource of
query_buffer_uploader->buffer, its reference.count is
already equal to 129. pipe_reference_described will only decrease its reference
count to 128.So it never called old_dst->screen->resource_destroy.
4.The old resouce bo will never be freeed. And chrome will called mmap every time
when it alloc new resource bo.
5. Chrome process map too many vmas in its process. Its map count exceed the
sysctl_max_map_count which is 65530 defined in kernel.
6. When iris_begin_query want to alloc new resource bo, it will meet NULL pointer
because mmap return failed. Finally chrome crashed when it access this NULL resource
bo.
The fix is decrease the reference count in iris_destroy_query.
Patch is verified by chrome webgl Aquarium test case for more than 72 hours.
Signed-off-by: Tapani Pälli <tapani.palli@intel.com>
Signed-off-by: Yang Shi <yang.a.shi@intel.com>
Reviewed-by: Alex Zuo <alex.zuo@intel.com>
Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Reviewed-by: Kenneth Graunke <kenneth@whitecape.org>
Cc: mesa-stable
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/7890>
(cherry picked from commit 3aaac40b12bf683cb30ea30e35af02d56de9df90)
| -rw-r--r-- | .pick_status.json | 2 | ||||
| -rw-r--r-- | src/gallium/drivers/iris/iris_query.c | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/.pick_status.json b/.pick_status.json index ebbee3299b7..d9bfc2fe5f8 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -58,7 +58,7 @@ "description": "iris: fix memleak for query_buffer_uploader", "nominated": true, "nomination_type": 0, - "resolution": 0, + "resolution": 1, "master_sha": null, "because_sha": null }, diff --git a/src/gallium/drivers/iris/iris_query.c b/src/gallium/drivers/iris/iris_query.c index ef46158e95d..548ce535a77 100644 --- a/src/gallium/drivers/iris/iris_query.c +++ b/src/gallium/drivers/iris/iris_query.c @@ -484,6 +484,7 @@ iris_destroy_query(struct pipe_context *ctx, struct pipe_query *p_query) iris_syncobj_reference(screen, &query->syncobj, NULL); screen->base.fence_reference(ctx->screen, &query->fence, NULL); } + pipe_resource_reference(&query->query_state_ref.res, NULL); free(query); } |