From: Jason Gunthorpe <jgg@nvidia.com>
To: Leon Romanovsky <leon@kernel.org>
Cc: Leon Romanovsky <leonro@nvidia.com>,
linux-rdma@vger.kernel.org,
syzbot+b8b7a6774bf40cf8296b@syzkaller.appspotmail.com
Subject: Re: [PATCH rdma-next] RDMA/core: Skip initialized but not leaked GID entries
Date: Wed, 4 Sep 2024 11:31:13 -0300 [thread overview]
Message-ID: <20240904143113.GG3915968@nvidia.com> (raw)
In-Reply-To: <7cce156160c4da8062e3cc8c5e9d5b7880feaafd.1725284500.git.leonro@nvidia.com>
On Mon, Sep 02, 2024 at 04:42:52PM +0300, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
>
> Failure in driver initialization can lead to a situation where the GID
> entries are set but not used yet. In this case, the kref will be equal to 1,
> which will trigger a false positive leak detection.
Why does that happen??
> For example, these messages are printed during the driver initialization
> and followed by release_gid_table() call:
>
> infiniband syz1: ib_query_port failed (-19)
> infiniband syz1: Couldn't set up InfiniBand P_Key/GID cache
Okay, but who set the ref=1?
> diff --git a/drivers/infiniband/core/cache.c b/drivers/infiniband/core/cache.c
> index b7c078b7f7cf..c6aec2e04d4c 100644
> --- a/drivers/infiniband/core/cache.c
> +++ b/drivers/infiniband/core/cache.c
> @@ -800,13 +800,15 @@ static void release_gid_table(struct ib_device *device,
> return;
>
> for (i = 0; i < table->sz; i++) {
> + int gid_kref;
> +
> if (is_gid_entry_free(table->data_vec[i]))
> continue;
>
> - WARN_ONCE(true,
> + gid_kref = kref_read(&table->data_vec[i]->kref);
> + WARN_ONCE(gid_kref > 1,
> "GID entry ref leak for dev %s index %d ref=%u\n",
> - dev_name(&device->dev), i,
> - kref_read(&table->data_vec[i]->kref));
> + dev_name(&device->dev), i, gid_kref);
> }
I'm not convinced, I think the bug here is something wrong on the
refcounting side not the freeing side. Ref should not be 1. Seems like
missing error unwinding in the init side.
Jason
next prev parent reply other threads:[~2024-09-04 14:31 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-02 13:42 [PATCH rdma-next] RDMA/core: Skip initialized but not leaked GID entries Leon Romanovsky
2024-09-02 22:46 ` Zhu Yanjun
2024-09-03 7:26 ` Leon Romanovsky
2024-09-04 8:33 ` Leon Romanovsky
2024-09-04 14:31 ` Jason Gunthorpe [this message]
2024-09-04 15:34 ` Leon Romanovsky
2024-09-05 6:54 ` Zhu Yanjun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240904143113.GG3915968@nvidia.com \
--to=jgg@nvidia.com \
--cc=leon@kernel.org \
--cc=leonro@nvidia.com \
--cc=linux-rdma@vger.kernel.org \
--cc=syzbot+b8b7a6774bf40cf8296b@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox