From: Jason Gunthorpe <jgg@ziepe.ca>
To: Michal Kalderon <michal.kalderon@marvell.com>
Cc: aelior@marvell.com, dledford@redhat.com,
linux-rdma@vger.kernel.org, Ariel Elior <ariel.elior@marvell.com>
Subject: Re: [PATCH rdma-next 1/2] RDMA/qedr: Fix synchronization methods and memory leaks in qedr
Date: Thu, 3 Oct 2019 13:16:33 -0300 [thread overview]
Message-ID: <20191003161633.GA15026@ziepe.ca> (raw)
In-Reply-To: <20191003120342.16926-2-michal.kalderon@marvell.com>
On Thu, Oct 03, 2019 at 03:03:41PM +0300, Michal Kalderon wrote:
> diff --git a/drivers/infiniband/hw/qedr/qedr_iw_cm.c b/drivers/infiniband/hw/qedr/qedr_iw_cm.c
> index 22881d4442b9..ebc6bc25a0e2 100644
> +++ b/drivers/infiniband/hw/qedr/qedr_iw_cm.c
> @@ -79,6 +79,28 @@ qedr_fill_sockaddr6(const struct qed_iwarp_cm_info *cm_info,
> }
> }
>
> +static void qedr_iw_free_qp(struct kref *ref)
> +{
> + struct qedr_qp *qp = container_of(ref, struct qedr_qp, refcnt);
> +
> + xa_erase_irq(&qp->dev->qps, qp->qp_id);
why is it _irq? Where are we in an irq when using the xa_lock on this xarray?
> + kfree(qp);
[..]
> @@ -516,8 +548,10 @@ int qedr_iw_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
> return -ENOMEM;
>
> ep->dev = dev;
> + kref_init(&ep->refcnt);
> +
> + kref_get(&qp->refcnt);
Here 'qp' comes out of an xa_load, but the QP is still visible in the
xarray with a 0 refcount, so this is invalid.
Also, the xa_load doesn't have any locking around it, so the entire
thing looks wrong to me.
Most probably you want to hold the xa_lock during xa_load and then use
a kref_get_not_zero - failure of the get also means the qp is not in
the xarray
Or rework things so the qp is removed from the xarray earlier, I'm not
sure.
Jason
next prev parent reply other threads:[~2019-10-03 17:25 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-03 12:03 [PATCH rdma-next 0/2] RDMA/qedr: Fix memory leaks and synchronization Michal Kalderon
2019-10-03 12:03 ` [PATCH rdma-next 1/2] RDMA/qedr: Fix synchronization methods and memory leaks in qedr Michal Kalderon
2019-10-03 16:16 ` Jason Gunthorpe [this message]
2019-10-03 19:33 ` [EXT] " Michal Kalderon
2019-10-04 0:36 ` Jason Gunthorpe
2019-10-04 17:10 ` Michal Kalderon
2019-10-04 17:28 ` Jason Gunthorpe
2019-10-06 19:49 ` Michal Kalderon
2019-10-03 12:03 ` [PATCH rdma-next 2/2] RDMA/qedr: Fix memory leak in user qp and mr Michal Kalderon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191003161633.GA15026@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=aelior@marvell.com \
--cc=ariel.elior@marvell.com \
--cc=dledford@redhat.com \
--cc=linux-rdma@vger.kernel.org \
--cc=michal.kalderon@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).