[Bug 261033] Memory leaks in mlx5_ib_gsi.c

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 261033] Memory leaks in mlx5_ib_gsi.c"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 12 Jan 2022 20:42:55 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261033

--- Comment #3 from Hans Petter Selasky <hselasky@FreeBSD.org> ---
From Linus Torvalds, drivers/infiniband/hw/mlx5/gsi.c, the code is similar, so
then there is a bug in Linux too!

To summarize:

If "ib_destroy_qp(gsi->rx_qp)" fails, there will be a memory leak!

I think that "ib_destroy_qp()" cannot fail in this case, but then the error
check should be asserted and removed!

--HPS

int mlx5_ib_gsi_destroy_qp(struct ib_qp *qp)
{
        struct mlx5_ib_dev *dev = to_mdev(qp->device);
        struct mlx5_ib_gsi_qp *gsi = gsi_qp(qp);
        const int port_num = gsi->port_num;
        int qp_index;
        int ret;

        mlx5_ib_dbg(dev, "destroying GSI QP\n");

        mutex_lock(&dev->devr.mutex);
        ret = ib_destroy_qp(gsi->rx_qp);
        if (ret) {
                mlx5_ib_warn(dev, "unable to destroy hardware GSI QP. error
%d\n",
                             ret);
                mutex_unlock(&dev->devr.mutex);
                return ret;
        }
        dev->devr.ports[port_num - 1].gsi = NULL;
        mutex_unlock(&dev->devr.mutex);
        gsi->rx_qp = NULL;

        for (qp_index = 0; qp_index < gsi->num_qps; ++qp_index) {
                if (!gsi->tx_qps[qp_index])
                        continue;
                WARN_ON_ONCE(ib_destroy_qp(gsi->tx_qps[qp_index]));
                gsi->tx_qps[qp_index] = NULL;
        }

        ib_free_cq(gsi->cq);

        kfree(gsi->outstanding_wrs);
        kfree(gsi->tx_qps);
        kfree(gsi);

        return 0;
}

-- 
You are receiving this mail because:
You are the assignee for the bug.