From: Leon Romanovsky <leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: "Amrani, Ram" <Ram.Amrani-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org>
Cc: Wei Yongjun <weiyj.lk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Borundia,
Rajesh" <Rajesh.Borundia-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org>,
Wei Yongjun <weiyongjun1-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>,
"linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH] qedr: Fix possible memory leak in qedr_create_qp()
Date: Wed, 2 Nov 2016 17:55:32 +0200 [thread overview]
Message-ID: <20161102155532.GI3617@leon.nu> (raw)
In-Reply-To: <SN1PR07MB2207A02F1883380BE4B1CB06F8A10-mikhvbZlbf8TSoR2DauN2+FPX92sqiQdvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 2436 bytes --]
On Tue, Nov 01, 2016 at 02:42:27PM +0000, Amrani, Ram wrote:
> > While looking on this patch and associated code to it, I noticed the
> > following code stack:
> >
> > qedr_create_qp
> > -->
> > dev->ops->rdma_destroy_qp(dev->rdma_ctx, qp->qed_qp);
> > -->
> > qed_rdma_destroy_qp
> > -->
> > qed_roce_destroy_qp
> > This function will check the QP state and return -EINVAL and comment
> > that this QP needs to be prepared before destroying it.
> >
> > However immediately after returning, you are calling to kfree(qp)
> > without any checks.
> >
> > It looks like an error and it is worth to take a look on it.
> >
>
> That's a deep level of reading... thanks.
You are welcome.
>
> When the QP is created its state is set in ecore_rdma_create_qp():
> qp->cur_state = ECORE_ROCE_QP_STATE_RESET;
>
> When it is ecore_roce_destroy_qp() is invoked, the function *must* be in either RESET or two other states:
> if ((qp->cur_state != QED_ROCE_QP_STATE_RESET) &&
> (qp->cur_state != QED_ROCE_QP_STATE_ERR) &&
> (qp->cur_state != QED_ROCE_QP_STATE_INIT)) {
> DP_NOTICE(p_hwfn,
> "QP must be in error, reset or init state before destroying it\n");
> return -EINVAL;
> }
> So actually, we won't return -EINVAL here.
>
> The bug I see is that I see in our upstream code is that for RESET the normal "destroy" operations continue. But they shouldn't.
> We need here something like this:
> if (qp->cur_state == ECORE_ROCE_QP_STATE_RESET)
> return 0;
>
> Flow will return to qed_rdma_destroy_qp() that will release the qp resource in the qed_roce scope (our real purpose).
> And then return to qedr_create_qp() where the qp resource will be released in the qedr scope.
>
> And as a side issue - an improvement that can be added is to return the error code of the QP create and not of the QP destroy.
I'm happy to hear that it helped.
>
> I'll the first later on and probably the second too.
>
>
>
> > And did I miss the fix to memory leak posted during code review?
> >
> As far as I know, I have supplied patches for all memory leaks. Can you direct me to a specific e-mail?
I failed to find the relevant thread now, so forget it, probably it is
my fault.
>
> Thanks,
> Ram
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-11-02 15:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-28 16:33 [PATCH] qedr: Fix possible memory leak in qedr_create_qp() Wei Yongjun
[not found] ` <1477672427-31575-1-git-send-email-weiyj.lk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-10-31 5:33 ` Leon Romanovsky
[not found] ` <20161031053318.GU3617-2ukJVAZIZ/Y@public.gmane.org>
2016-11-01 14:42 ` Amrani, Ram
[not found] ` <SN1PR07MB2207A02F1883380BE4B1CB06F8A10-mikhvbZlbf8TSoR2DauN2+FPX92sqiQdvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-11-02 15:55 ` Leon Romanovsky [this message]
2016-11-01 10:38 ` Amrani, Ram
2016-12-14 16:29 ` Doug Ledford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161102155532.GI3617@leon.nu \
--to=leon-dgejt+ai2ygdnm+yrofe0a@public.gmane.org \
--cc=Rajesh.Borundia-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org \
--cc=Ram.Amrani-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=weiyj.lk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=weiyongjun1-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.