On Fri, Mar 13, 2020 at 08:39:57AM -0400, Mike Marciniszyn wrote: > From: Kaike Wan <kaike.wan@xxxxxxxxx> > > When a kernel ULP requests the rdmavt to create a completion queue, it > allocated the queue and set cq->kqueue to point to it. However, when > the completion queue is destroyed, cq->queue is freed instead, leading > to memory leak: > > https://marc.info/?l=linux-rdma&m=158344182614924&w=2 Please always use lore.kernel.org for links to emails, I fixed it. > unreferenced object 0xffffc90006639000 (size 12288): > comm "kworker/u128:0", pid 8, jiffies 4295777598 (age 589.085s) > hex dump (first 32 bytes): > 4d 00 00 00 4d 00 00 00 00 c0 08 ac 8b 88 ff ff M...M........... > 00 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 ................ > backtrace: > [<0000000035a3d625>] __vmalloc_node_range+0x361/0x720 > [<000000002942ce4f>] __vmalloc_node.constprop.30+0x63/0xb0 > [<00000000f228f784>] rvt_create_cq+0x98a/0xd80 [rdmavt] > [<00000000b84aec66>] __ib_alloc_cq_user+0x281/0x1260 [ib_core] > [<00000000ef3764be>] nvme_rdma_cm_handler+0xdb7/0x1b80 [nvme_rdma] > [<00000000936b401c>] cma_cm_event_handler+0xb7/0x550 [rdma_cm] > [<00000000d9c40b7b>] addr_handler+0x195/0x310 [rdma_cm] > [<00000000c7398a03>] process_one_req+0xdd/0x600 [ib_core] > [<000000004d29675b>] process_one_work+0x920/0x1740 > [<00000000efedcdb5>] worker_thread+0x87/0xb40 > [<000000005688b340>] kthread+0x327/0x3f0 > [<0000000043a168d6>] ret_from_fork+0x3a/0x50 > > This patch fixes the issue by freeing cq->kqueue instead. > > Fixes: 239b0e52d8aa ("IB/hfi1: Move rvt_cq_wc struct into uapi directory") > Cc: <stable@xxxxxxxxxxxxxxx> # 5.4.x > Reported-by: Yi Zhang <yi.zhang@xxxxxxxxxx> > Reviewed-by: Mike Marciniszyn <mike.marciniszyn@xxxxxxxxx> > Reviewed-by: Dennis Dalessandro <dennis.dalessandro@xxxxxxxxx> > Signed-off-by: Kaike Wan <kaike.wan@xxxxxxxxx> > Signed-off-by: Dennis Dalessandro <dennis.dalessandro@xxxxxxxxx> > -- > drivers/infiniband/sw/rdmavt/cq.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Applied to for-rc Thanks, Jason
