From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Eric Dumazet <edumazet@google.com>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
netdev@vger.kernel.org, Tariq Toukan <tariqt@nvidia.com>,
Raed Salem <raeds@nvidia.com>, Emeel Hakim <ehakim@nvidia.com>
Subject: [net 09/15] net/mlx5e: MACsec, fix memory leak when MACsec device is deleted
Date: Thu, 24 Nov 2022 00:10:34 -0800 [thread overview]
Message-ID: <20221124081040.171790-10-saeed@kernel.org> (raw)
In-Reply-To: <20221124081040.171790-1-saeed@kernel.org>
From: Raed Salem <raeds@nvidia.com>
When the MACsec netdevice is deleted, all related Rx/Tx HW/SW
states should be released/deallocated, however currently part
of the Rx security channel association data is not cleaned
properly, hence the memory leaks.
Fix by make sure all related Rx Sc resources are cleaned/freed,
while at it improve code by grouping release SC context in a
function so it can be used in both delete MACsec device and
delete Rx SC operations.
Fixes: 5a39816a75e5 ("net/mlx5e: Add MACsec offload SecY support")
Signed-off-by: Raed Salem <raeds@nvidia.com>
Reviewed-by: Emeel Hakim <ehakim@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
.../mellanox/mlx5/core/en_accel/macsec.c | 77 ++++++++-----------
1 file changed, 33 insertions(+), 44 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
index 96fa553ef93a..b51de07d5bad 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
@@ -823,16 +823,43 @@ static int mlx5e_macsec_upd_rxsc(struct macsec_context *ctx)
return err;
}
+static void macsec_del_rxsc_ctx(struct mlx5e_macsec *macsec, struct mlx5e_macsec_rx_sc *rx_sc)
+{
+ struct mlx5e_macsec_sa *rx_sa;
+ int i;
+
+ for (i = 0; i < MACSEC_NUM_AN; ++i) {
+ rx_sa = rx_sc->rx_sa[i];
+ if (!rx_sa)
+ continue;
+
+ mlx5e_macsec_cleanup_sa(macsec, rx_sa, false);
+ mlx5_destroy_encryption_key(macsec->mdev, rx_sa->enc_key_id);
+
+ kfree(rx_sa);
+ rx_sc->rx_sa[i] = NULL;
+ }
+
+ /* At this point the relevant MACsec offload Rx rule already removed at
+ * mlx5e_macsec_cleanup_sa need to wait for datapath to finish current
+ * Rx related data propagating using xa_erase which uses rcu to sync,
+ * once fs_id is erased then this rx_sc is hidden from datapath.
+ */
+ list_del_rcu(&rx_sc->rx_sc_list_element);
+ xa_erase(&macsec->sc_xarray, rx_sc->sc_xarray_element->fs_id);
+ metadata_dst_free(rx_sc->md_dst);
+ kfree(rx_sc->sc_xarray_element);
+ kfree_rcu(rx_sc);
+}
+
static int mlx5e_macsec_del_rxsc(struct macsec_context *ctx)
{
struct mlx5e_priv *priv = netdev_priv(ctx->netdev);
struct mlx5e_macsec_device *macsec_device;
struct mlx5e_macsec_rx_sc *rx_sc;
- struct mlx5e_macsec_sa *rx_sa;
struct mlx5e_macsec *macsec;
struct list_head *list;
int err = 0;
- int i;
mutex_lock(&priv->macsec->lock);
@@ -854,31 +881,7 @@ static int mlx5e_macsec_del_rxsc(struct macsec_context *ctx)
goto out;
}
- for (i = 0; i < MACSEC_NUM_AN; ++i) {
- rx_sa = rx_sc->rx_sa[i];
- if (!rx_sa)
- continue;
-
- mlx5e_macsec_cleanup_sa(macsec, rx_sa, false);
- mlx5_destroy_encryption_key(macsec->mdev, rx_sa->enc_key_id);
-
- kfree(rx_sa);
- rx_sc->rx_sa[i] = NULL;
- }
-
-/*
- * At this point the relevant MACsec offload Rx rule already removed at
- * mlx5e_macsec_cleanup_sa need to wait for datapath to finish current
- * Rx related data propagating using xa_erase which uses rcu to sync,
- * once fs_id is erased then this rx_sc is hidden from datapath.
- */
- list_del_rcu(&rx_sc->rx_sc_list_element);
- xa_erase(&macsec->sc_xarray, rx_sc->sc_xarray_element->fs_id);
- metadata_dst_free(rx_sc->md_dst);
- kfree(rx_sc->sc_xarray_element);
-
- kfree_rcu(rx_sc);
-
+ macsec_del_rxsc_ctx(macsec, rx_sc);
out:
mutex_unlock(&macsec->lock);
@@ -1239,7 +1242,6 @@ static int mlx5e_macsec_del_secy(struct macsec_context *ctx)
struct mlx5e_priv *priv = netdev_priv(ctx->netdev);
struct mlx5e_macsec_device *macsec_device;
struct mlx5e_macsec_rx_sc *rx_sc, *tmp;
- struct mlx5e_macsec_sa *rx_sa;
struct mlx5e_macsec_sa *tx_sa;
struct mlx5e_macsec *macsec;
struct list_head *list;
@@ -1268,28 +1270,15 @@ static int mlx5e_macsec_del_secy(struct macsec_context *ctx)
}
list = &macsec_device->macsec_rx_sc_list_head;
- list_for_each_entry_safe(rx_sc, tmp, list, rx_sc_list_element) {
- for (i = 0; i < MACSEC_NUM_AN; ++i) {
- rx_sa = rx_sc->rx_sa[i];
- if (!rx_sa)
- continue;
-
- mlx5e_macsec_cleanup_sa(macsec, rx_sa, false);
- mlx5_destroy_encryption_key(macsec->mdev, rx_sa->enc_key_id);
- kfree(rx_sa);
- rx_sc->rx_sa[i] = NULL;
- }
-
- list_del_rcu(&rx_sc->rx_sc_list_element);
-
- kfree_rcu(rx_sc);
- }
+ list_for_each_entry_safe(rx_sc, tmp, list, rx_sc_list_element)
+ macsec_del_rxsc_ctx(macsec, rx_sc);
kfree(macsec_device->dev_addr);
macsec_device->dev_addr = NULL;
list_del_rcu(&macsec_device->macsec_device_list_element);
--macsec->num_of_devices;
+ kfree(macsec_device);
out:
mutex_unlock(&macsec->lock);
--
2.38.1
next prev parent reply other threads:[~2022-11-24 8:11 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-24 8:10 [pull request][net 00/15] mlx5 fixes 2022-11-24 Saeed Mahameed
2022-11-24 8:10 ` [net 01/15] net/mlx5: DR, Fix uninitialized var warning Saeed Mahameed
2022-11-24 8:10 ` [net 02/15] net/mlx5: E-switch, Destroy legacy fdb table when needed Saeed Mahameed
2022-11-24 8:10 ` [net 03/15] net/mlx5: E-switch, Fix duplicate lag creation Saeed Mahameed
2022-11-28 23:23 ` Jacob Keller
2022-11-29 5:51 ` Saeed Mahameed
2022-11-24 8:10 ` [net 04/15] net/mlx5: Fix uninitialized variable bug in outlen_write() Saeed Mahameed
2022-11-24 8:10 ` [net 05/15] net/mlx5e: Fix use-after-free when reverting termination table Saeed Mahameed
2022-11-28 23:26 ` Jacob Keller
2022-11-24 8:10 ` [net 06/15] net/mlx5e: Fix a couple error codes Saeed Mahameed
2022-11-28 23:26 ` Jacob Keller
2022-11-24 8:10 ` [net 07/15] net/mlx5e: Use kvfree() in mlx5e_accel_fs_tcp_create() Saeed Mahameed
2022-11-24 8:32 ` Tariq Toukan
2022-11-28 19:55 ` Saeed Mahameed
2022-11-28 23:34 ` Jacob Keller
2022-11-24 8:10 ` [net 08/15] net/mlx5e: MACsec, fix RX data path 16 RX security channel limit Saeed Mahameed
2022-11-24 8:10 ` Saeed Mahameed [this message]
2022-11-28 23:36 ` [net 09/15] net/mlx5e: MACsec, fix memory leak when MACsec device is deleted Jacob Keller
2022-11-24 8:10 ` [net 10/15] net/mlx5e: MACsec, fix update Rx secure channel active field Saeed Mahameed
2022-11-28 23:37 ` Jacob Keller
2022-11-24 8:10 ` [net 11/15] net/mlx5e: MACsec, fix mlx5e_macsec_update_rxsa bail condition and functionality Saeed Mahameed
2022-11-24 8:10 ` [net 12/15] net/mlx5e: MACsec, fix add Rx security association (SA) rule memory leak Saeed Mahameed
2022-11-28 23:37 ` Jacob Keller
2022-11-24 8:10 ` [net 13/15] net/mlx5e: MACsec, remove replay window size limitation in offload path Saeed Mahameed
2022-11-28 23:42 ` Jacob Keller
2022-11-29 3:35 ` Jakub Kicinski
2022-11-29 5:44 ` Saeed Mahameed
2022-11-29 8:12 ` Saeed Mahameed
2022-11-29 18:29 ` Jacob Keller
2022-11-24 8:10 ` [net 14/15] net/mlx5e: MACsec, fix Tx SA active field update Saeed Mahameed
2022-11-28 23:43 ` Jacob Keller
2022-11-24 8:10 ` [net 15/15] net/mlx5e: MACsec, block offload requests with encrypt off Saeed Mahameed
2022-11-28 23:43 ` Jacob Keller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221124081040.171790-10-saeed@kernel.org \
--to=saeed@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=ehakim@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=raeds@nvidia.com \
--cc=saeedm@nvidia.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).