Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Jul 2021 13:09:25 GMT
From:      Hans Petter Selasky <hselasky@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 8d04583de542 - main - ibcore: Fix memory leak in cm_add/remove_one.
Message-ID:  <202107121309.16CD9PFV094770@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by hselasky:

URL: https://cgit.FreeBSD.org/src/commit/?id=8d04583de542dcd087b401f6b830b8e6ab43d696

commit 8d04583de542dcd087b401f6b830b8e6ab43d696
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2021-06-16 13:01:36 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2021-07-12 12:22:30 +0000

    ibcore: Fix memory leak in cm_add/remove_one.
    
    In the process of moving the debug counters sysfs entries, the commit
    mentioned below eliminated the cm_infiniband sysfs directory.
    
    This sysfs directory was tied to the cm_port object allocated in procedure
    cm_add_one().
    
    Before the commit below, this cm_port object was freed via a call to
    kobject_put(port->kobj) in procedure cm_remove_port_fs().
    
    Since port no longer uses its kobj, kobject_put(port->kobj) was eliminated.
    This, however, meant that kfree was never called for the cm_port buffers.
    
    Fix this by adding explicit kfree(port) calls to functions cm_add_one()
    and cm_remove_one().
    
    Note that the kfree call in the first chunk below, in the cm_add_one error
    flow, fixes an old, undetected memory leak.
    
    Linux commit:
    94635c36f3854934a46d9e812e028d4721bbb0e6
    
    MFC after:      1 week
    Reviewed by:    kib
    Sponsored by:   Mellanox Technologies // NVIDIA Networking
---
 sys/ofed/drivers/infiniband/core/ib_cm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/ofed/drivers/infiniband/core/ib_cm.c b/sys/ofed/drivers/infiniband/core/ib_cm.c
index 6a809b18d301..5fb37e3245e8 100644
--- a/sys/ofed/drivers/infiniband/core/ib_cm.c
+++ b/sys/ofed/drivers/infiniband/core/ib_cm.c
@@ -4132,6 +4132,7 @@ error2:
 error1:
 	port_modify.set_port_cap_mask = 0;
 	port_modify.clr_port_cap_mask = IB_PORT_CM_SUP;
+	kfree(port);
 	while (--i) {
 		if (!rdma_cap_ib_cm(ib_device, i))
 			continue;
@@ -4140,6 +4141,7 @@ error1:
 		ib_modify_port(ib_device, port->port_num, 0, &port_modify);
 		ib_unregister_mad_agent(port->mad_agent);
 		cm_remove_port_fs(port);
+		kfree(port);
 	}
 free:
 	device_unregister(cm_dev->device);
@@ -4194,6 +4196,7 @@ static void cm_remove_one(struct ib_device *ib_device, void *client_data)
 		spin_unlock_irq(&cm.state_lock);
 		ib_unregister_mad_agent(cur_mad_agent);
 		cm_remove_port_fs(port);
+		kfree(port);
 	}
 
 	device_unregister(cm_dev->device);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107121309.16CD9PFV094770>