RDMA/qib: Fix MR reference count leak on write with immediate

Commit Message

Marciniszyn, Mike June 6, 2017, 3:02 p.m. UTC

commit 1feb40067cf04ae48d65f728d62ca255c9449178 upstream.

The handling of IB_RDMA_WRITE_ONLY_WITH_IMMEDIATE will leak a memory
reference when a buffer cannot be allocated for returning the immediate
data.

The issue is that the rkey validation has already occurred and the RNR
nak fails to release the reference that was fruitlessly gotten.  The
the peer will send the identical single packet request when its RNR
timer pops.

The fix is to release the held reference prior to the rnr nak exit.
This is the only sequence the requires both rkey validation and the
buffer allocation on the same packet.

[This backports the fix for pre-rdmavt based qib drivers]

Cc: <stable@vger.kernel.org> # 3.10.x,3.16.x,4.1.x,4.4.x
Tested-by: Tadeusz Struk <tadeusz.struk@intel.com>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
---
 drivers/infiniband/hw/qib/qib_rc.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)


--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

kernel test robot June 7, 2017, 7:47 a.m. UTC | #1

Hi Mike,

[auto build test ERROR on rdma/master]
[cannot apply to v4.12-rc4 next-20170607]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Mike-Marciniszyn/RDMA-qib-Fix-MR-reference-count-leak-on-write-with-immediate/20170607-150924
base:   https://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma.git master
config: x86_64-randconfig-x019-201723 (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

All errors (new ones prefixed by >>):

   drivers/infiniband/hw/qib/qib_rc.c: In function 'qib_rc_rcv':
>> drivers/infiniband/hw/qib/qib_rc.c:1960:4: error: implicit declaration of function 'qib_put_ss' [-Werror=implicit-function-declaration]
       qib_put_ss(&qp->r_sge);
       ^~~~~~~~~~
   cc1: some warnings being treated as errors

vim +/qib_put_ss +1960 drivers/infiniband/hw/qib/qib_rc.c

  1954			else if (opcode == OP(RDMA_WRITE_ONLY))
  1955				goto no_immediate_data;
  1956			ret = qib_get_rwqe(qp, 1);
  1957			if (ret < 0)
  1958				goto nack_op_err;
  1959			if (!ret) {
> 1960				qib_put_ss(&qp->r_sge);
  1961				goto rnr_nak;
  1962			}
  1963			wc.ex.imm_data = ohdr->u.rc.imm_data;

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Marciniszyn, Mike June 7, 2017, 2:38 p.m. UTC | #2

>    drivers/infiniband/hw/qib/qib_rc.c: In function 'qib_rc_rcv':
> >> drivers/infiniband/hw/qib/qib_rc.c:1960:4: error: implicit declaration of
> function 'qib_put_ss' [-Werror=implicit-function-declaration]
>        qib_put_ss(&qp->r_sge);
>        ^~~~~~~~~~

The patch is intended for stable kernels as noted in:

 Cc: <stable@vger.kernel.org> # 3.10.x,3.16.x,4.1.x,4.4.x

Mike
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/infiniband/hw/qib/qib_rc.c b/drivers/infiniband/hw/qib/qib_rc.c
index e6b7556..cbc4216 100644
--- a/drivers/infiniband/hw/qib/qib_rc.c
+++ b/drivers/infiniband/hw/qib/qib_rc.c
@@ -2088,8 +2088,10 @@  send_last:
 		ret = qib_get_rwqe(qp, 1);
 		if (ret < 0)
 			goto nack_op_err;
-		if (!ret)
+		if (!ret) {
+			qib_put_ss(&qp->r_sge);
 			goto rnr_nak;
+		}
 		wc.ex.imm_data = ohdr->u.rc.imm_data;
 		hdrsize += 4;
 		wc.wc_flags = IB_WC_WITH_IMM;