From: Bryan Tan <bryantan@xxxxxxxxxx>
[ Upstream commit 17748056ce123ee37fb7382bc698fc721e3c4a09 ]
The QP cleanup did not previously call ib_umem_release,
resulting in a user-triggerable kernel resource leak.
Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")
Reviewed-by: Adit Ranadive <aditr@xxxxxxxxxx>
Reviewed-by: Aditya Sarwade <asarwade@xxxxxxxxxx>
Reviewed-by: Jorgen Hansen <jhansen@xxxxxxxxxx>
Signed-off-by: Bryan Tan <bryantan@xxxxxxxxxx>
Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
---
drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c
index ed34d5a581fa..d7162f2b7979 100644
--- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c
+++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c
@@ -406,6 +406,13 @@ static void pvrdma_free_qp(struct pvrdma_qp *qp)
atomic_dec(&qp->refcnt);
wait_event(qp->wait, !atomic_read(&qp->refcnt));
+ if (!qp->is_kernel) {
+ if (qp->rumem)
+ ib_umem_release(qp->rumem);
+ if (qp->sumem)
+ ib_umem_release(qp->sumem);
+ }
+
pvrdma_page_dir_cleanup(dev, &qp->pdir);
kfree(qp);
--
2.11.0