From: Leon Romanovsky <leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: Ram Amrani <Ram.Amrani-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org>
Cc: Wei Yongjun <weiyj.lk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Rajesh Borundia
<rajesh.borundia-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org>,
Wei Yongjun <weiyongjun1-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH] qedr: Fix possible memory leak in qedr_create_qp()
Date: Mon, 31 Oct 2016 07:33:18 +0200 [thread overview]
Message-ID: <20161031053318.GU3617@leon.nu> (raw)
In-Reply-To: <1477672427-31575-1-git-send-email-weiyj.lk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 2596 bytes --]
On Fri, Oct 28, 2016 at 04:33:47PM +0000, Wei Yongjun wrote:
> From: Wei Yongjun <weiyongjun1-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
>
> 'qp' is malloced in qedr_create_qp() and should be freed before leaving
> from the error handling cases, otherwise it will cause memory leak.
>
> Signed-off-by: Wei Yongjun <weiyongjun1-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Hi Ram,
While looking on this patch and associated code to it, I noticed the
following code stack:
qedr_create_qp
-->
dev->ops->rdma_destroy_qp(dev->rdma_ctx, qp->qed_qp);
-->
qed_rdma_destroy_qp
-->
qed_roce_destroy_qp
This function will check the QP state and return -INVAL and comment
that this QP needs to be prepared before destroying it.
However immediately after returning, you are calling to kfree(qp)
without any checks.
It looks like an error and it is worth to take a look on it.
And did I miss the fix to memory leak posted during code review?
Thanks
> ---
> drivers/infiniband/hw/qedr/verbs.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/infiniband/hw/qedr/verbs.c b/drivers/infiniband/hw/qedr/verbs.c
> index a615142..b60f145 100644
> --- a/drivers/infiniband/hw/qedr/verbs.c
> +++ b/drivers/infiniband/hw/qedr/verbs.c
> @@ -1477,6 +1477,7 @@ struct ib_qp *qedr_create_qp(struct ib_pd *ibpd,
> struct qedr_ucontext *ctx = NULL;
> struct qedr_create_qp_ureq ureq;
> struct qedr_qp *qp;
> + struct ib_qp *ibqp;
> int rc = 0;
>
> DP_DEBUG(dev, QEDR_MSG_QP, "create qp: called from %s, pd=%p\n",
> @@ -1486,13 +1487,13 @@ struct ib_qp *qedr_create_qp(struct ib_pd *ibpd,
> if (rc)
> return ERR_PTR(rc);
>
> + if (attrs->srq)
> + return ERR_PTR(-EINVAL);
> +
> qp = kzalloc(sizeof(*qp), GFP_KERNEL);
> if (!qp)
> return ERR_PTR(-ENOMEM);
>
> - if (attrs->srq)
> - return ERR_PTR(-EINVAL);
> -
> DP_DEBUG(dev, QEDR_MSG_QP,
> "create qp: sq_cq=%p, sq_icid=%d, rq_cq=%p, rq_icid=%d\n",
> get_qedr_cq(attrs->send_cq),
> @@ -1508,7 +1509,10 @@ struct ib_qp *qedr_create_qp(struct ib_pd *ibpd,
> "create qp: unexpected udata when creating GSI QP\n");
> goto err0;
> }
> - return qedr_create_gsi_qp(dev, attrs, qp);
> + ibqp = qedr_create_gsi_qp(dev, attrs, qp);
> + if (IS_ERR(ibqp))
> + kfree(qp);
> + return ibqp;
> }
>
> memset(&in_params, 0, sizeof(in_params));
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-10-31 5:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-28 16:33 [PATCH] qedr: Fix possible memory leak in qedr_create_qp() Wei Yongjun
[not found] ` <1477672427-31575-1-git-send-email-weiyj.lk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-10-31 5:33 ` Leon Romanovsky [this message]
[not found] ` <20161031053318.GU3617-2ukJVAZIZ/Y@public.gmane.org>
2016-11-01 14:42 ` Amrani, Ram
[not found] ` <SN1PR07MB2207A02F1883380BE4B1CB06F8A10-mikhvbZlbf8TSoR2DauN2+FPX92sqiQdvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-11-02 15:55 ` Leon Romanovsky
2016-11-01 10:38 ` Amrani, Ram
2016-12-14 16:29 ` Doug Ledford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161031053318.GU3617@leon.nu \
--to=leon-dgejt+ai2ygdnm+yrofe0a@public.gmane.org \
--cc=Ram.Amrani-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rajesh.borundia-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org \
--cc=weiyj.lk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=weiyongjun1-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.