On Thu, Mar 26, 2020 at 07:09:57PM +0000, Wan, Kaike wrote:
>
>
> > From: Jason Gunthorpe <jgg@xxxxxxxx>
> > Sent: Thursday, March 26, 2020 1:26 PM
> > To: Dalessandro, Dennis <dennis.dalessandro@xxxxxxxxx>
> > Cc: dledford@xxxxxxxxxx; linux-rdma@xxxxxxxxxxxxxxx; Marciniszyn, Mike
> > <mike.marciniszyn@xxxxxxxxx>; stable@xxxxxxxxxxxxxxx; Wan, Kaike
> > <kaike.wan@xxxxxxxxx>
> > Subject: Re: [PATCH for-rc 1/2] IB/hfi1: Fix memory leaks in sysfs registration
> > and unregistration
> >
> > On Thu, Mar 26, 2020 at 12:38:07PM -0400, Dennis Dalessandro wrote:
> > > From: Kaike Wan <kaike.wan@xxxxxxxxx>
> > >
> > > When the hfi1 driver is unloaded, kmemleak will report the following
> > > issue:
> > >
> > > unreferenced object 0xffff8888461a4c08 (size 8):
> > > comm "kworker/0:0", pid 5, jiffies 4298601264 (age 2047.134s) hex dump
> > > (first 8 bytes):
> > > 73 64 6d 61 30 00 ff ff sdma0...
> > > backtrace:
> > > [<00000000311a6ef5>] kvasprintf+0x62/0xd0 [<00000000ade94d9f>]
> > > kobject_set_name_vargs+0x1c/0x90 [<0000000060657dbb>]
> > > kobject_init_and_add+0x5d/0xb0 [<00000000346fe72b>] 0xffffffffa0c5ecba
> > > [<000000006cfc5819>] 0xffffffffa0c866b9 [<0000000031c65580>]
> > > 0xffffffffa0c38e87 [<00000000e9739b3f>] local_pci_probe+0x41/0x80
> > > [<000000006c69911d>] work_for_cpu_fn+0x16/0x20
> > [<00000000601267b5>]
> > > process_one_work+0x171/0x380 [<0000000049a0eefa>]
> > > worker_thread+0x1d1/0x3f0 [<00000000909cf2b9>] kthread+0xf8/0x130
> > > [<0000000058f5f874>] ret_from_fork+0x35/0x40
> > >
> > > This patch fixes the issue by:
> > > - Releasing dd->per_sdma[i].kobject in hfi1_unregister_sysfs().
> > > - This will fix the memory leak.
> > > - Calling kobject_put() to unwind operations only for those entries in
> > > dd->per_sdma[] whose operations have succeeded (including the current
> > > one that has just failed) in hfi1_verbs_register_sysfs().
> > >
> > > Fixes: 0cb2aa690c7e ("IB/hfi1: Add sysfs interface for affinity
> > > setup")
> > > Cc: <stable@xxxxxxxxxxxxxxx>
> > > Reviewed-by: Mike Marciniszyn <mike.marciniszyn@xxxxxxxxx>
> > > Signed-off-by: Kaike Wan <kaike.wan@xxxxxxxxx>
> > > Signed-off-by: Dennis Dalessandro <dennis.dalessandro@xxxxxxxxx>
> > > drivers/infiniband/hw/hfi1/sysfs.c | 13 +++++++++++--
> > > 1 file changed, 11 insertions(+), 2 deletions(-)
> >
> > I'm not certain, but this seems unwise.
> >
> > After hfi1_verbs_unregiser_sysfs() returns there should be no sysfs left
> > under the ibdev as we are going to delete the ibdev sysfs next.
> >
> > kobject_del() triggers synchronous delete of the sysfs, while
> > kobject_put() potentially defers it to the future.
> True. However, kobject_del() will only delete the sysfs for the
> object, ie, unwrap what has been done in object_add, but it will not
> decrement the refcount for the kobject. To unwap
> kobject_init_and_add(), one can call
> (1) kobject_del() (optional)
> (2) object_put()
Yes, you must call both, but kobject_put is not a replacement for
kobject_del.
> The kobject cleanup function (kobject_cleanup()) will call
> kobject_del if kobj->state_in_sys is set. Therefore, one can call
> object_put() alone to get the job done.
No, as I already explained, the moment that kobject_del happens is no
longer reliable with kobject_put.
> > Will ib unregister fail if the kobject_del() has not happened yet? I am unsure.
>
> I don't think so. We only observed the kmemleak complaints after
> unloading the driver, nothing else.
Of course, hfi1 is missing the required kobject_put, so it was only a
leak.
To see if there is an issue here delete the kobject_del and
kobject_put entirely to leave a dangling sysfs during registration and
see if ib device unregistration explodes.
Jason
