From: Maor Gottlieb <maorg@xxxxxxxxxx>
Add missing call to xa_erase when destroy connection request.
It fixes the below memory leak.
unreferenced object 0xffff88812a340490 (size 576):
comm “kworker/5:0”, pid 96291, jiffies 4296565270 (age 1835.596s)
hex dump (first 32 bytes):
00 20 03 00 00 00 00 00 00 00 00 00 00 00 00 00 . …………..
a0 d3 1a a0 ff ff ff ff a8 04 34 2a 81 88 ff ff ……….4*….
backtrace:
[<0000000059399d4c>] xas_alloc+0x94/0xb0
[<00000000d855673c>] xas_create+0x1f4/0×4c0
[<00000000336166d1>] xas_store+0x52/0×5e0
[<000000006b811da0>] __xa_alloc+0xab/0×140
[<00000000cf0e9936>] ucma_alloc_ctx+0x197/0×1f0 [rdma_ucm]
[<000000008f99b6bb>] ucma_event_handler+0x17b/0×2e0 [rdma_ucm]
[<000000000a07fc34>] cma_cm_event_handler+0x6f/0×390 [rdma_cm]
[<00000000fe05d574>] cma_ib_req_handler+0x1163/0×2370 [rdma_cm]
[<000000004516baf4>] cm_work_handler+0xeda/0×2340 [ib_cm]
[<000000008a83945b>] process_one_work+0x27c/0×610
[<00000000b71b71e2>] worker_thread+0x2d/0×3c0
[<00000000caab54ff>] kthread+0x125/0×140
[<000000004303d699>] ret_from_fork+0x1f/0×30
Fixes: a1d33b70dbbc ("RDMA/ucma: Rework how new connections are passed through event delivery")
Signed-off-by: Maor Gottlieb <maorg@xxxxxxxxxx>
Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx>
---
drivers/infiniband/core/ucma.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
index 7dab9a27a145..b0b9ea90a27d 100644
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -549,8 +549,10 @@ static int ucma_free_ctx(struct ucma_context *ctx)
list_for_each_entry_safe(uevent, tmp, &list, list) {
list_del(&uevent->list);
if (uevent->resp.event == RDMA_CM_EVENT_CONNECT_REQUEST &&
- uevent->conn_req_ctx != ctx)
+ uevent->conn_req_ctx != ctx) {
+ xa_erase(&ctx_table, uevent->conn_req_ctx->id);
__destroy_id(uevent->conn_req_ctx);
+ }
kfree(uevent);
}
--
2.29.2
