| Message ID | 20181212114726.24060-5-ppandit@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | rdma: various issues in rdma/pvrdma backend | expand |
On Wed, Dec 12, 2018 at 05:17:24PM +0530, P J P wrote: > From: Prasad J Pandit <pjp@fedoraproject.org> > > create_cq and create_qp routines allocate ring object, but it's > not released in case of an error, leading to memory leakage. > > Reported-by: Li Qiang <liq3ea@163.com> > Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> > --- > hw/rdma/vmw/pvrdma_cmd.c | 36 +++++++++++++++++++++++++----------- > 1 file changed, 25 insertions(+), 11 deletions(-) > > Update v1: define new function to free PvrdmaRing object > -> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02328.html > > diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c > index e37fb18280..7e29607d2f 100644 > --- a/hw/rdma/vmw/pvrdma_cmd.c > +++ b/hw/rdma/vmw/pvrdma_cmd.c > @@ -313,6 +313,14 @@ out: > return rc; > } > > +static void destroy_cq_ring(PvrdmaRing *ring) > +{ > + pvrdma_ring_free(ring); > + /* ring_state was in slot 1, not 0 so need to jump back */ > + rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE); > + g_free(ring); > +} > + > static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, > union pvrdma_cmd_resp *rsp) > { > @@ -335,6 +343,9 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, > > rc = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev, cmd->cqe, > &resp->cq_handle, ring); > + if (rc) { > + destroy_cq_ring(ring); > + } > > return rc; > } > @@ -355,10 +366,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, > } > > ring = (PvrdmaRing *)cq->opaque; > - pvrdma_ring_free(ring); > - /* ring_state was in slot 1, not 0 so need to jump back */ > - rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE); > - g_free(ring); > + destroy_cq_ring(ring); > > rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle); > > @@ -456,6 +464,17 @@ out: > return rc; > } > > +static void destroy_qp_rings(PvrdmaRing *ring) > +{ > + pr_dbg("sring=%p\n", &ring[0]); > + pvrdma_ring_free(&ring[0]); > + pr_dbg("rring=%p\n", &ring[1]); > + pvrdma_ring_free(&ring[1]); > + > + rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE); > + g_free(ring); > +} > + > static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, > union pvrdma_cmd_resp *rsp) > { > @@ -485,6 +504,7 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, > cmd->max_recv_sge, cmd->recv_cq_handle, rings, > &resp->qpn); > if (rc) { > + destroy_qp_rings(rings); > return rc; > } > > @@ -557,13 +577,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, > rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle); > > ring = (PvrdmaRing *)qp->opaque; > - pr_dbg("sring=%p\n", &ring[0]); > - pvrdma_ring_free(&ring[0]); > - pr_dbg("rring=%p\n", &ring[1]); > - pvrdma_ring_free(&ring[1]); > - > - rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE); > - g_free(ring); > + destroy_qp_rings(ring); > Thanks. Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com> > return 0; > } > -- > 2.19.2 >
diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c index e37fb18280..7e29607d2f 100644 --- a/hw/rdma/vmw/pvrdma_cmd.c +++ b/hw/rdma/vmw/pvrdma_cmd.c @@ -313,6 +313,14 @@ out: return rc; } +static void destroy_cq_ring(PvrdmaRing *ring) +{ + pvrdma_ring_free(ring); + /* ring_state was in slot 1, not 0 so need to jump back */ + rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE); + g_free(ring); +} + static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, union pvrdma_cmd_resp *rsp) { @@ -335,6 +343,9 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, rc = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev, cmd->cqe, &resp->cq_handle, ring); + if (rc) { + destroy_cq_ring(ring); + } return rc; } @@ -355,10 +366,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, } ring = (PvrdmaRing *)cq->opaque; - pvrdma_ring_free(ring); - /* ring_state was in slot 1, not 0 so need to jump back */ - rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE); - g_free(ring); + destroy_cq_ring(ring); rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle); @@ -456,6 +464,17 @@ out: return rc; } +static void destroy_qp_rings(PvrdmaRing *ring) +{ + pr_dbg("sring=%p\n", &ring[0]); + pvrdma_ring_free(&ring[0]); + pr_dbg("rring=%p\n", &ring[1]); + pvrdma_ring_free(&ring[1]); + + rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE); + g_free(ring); +} + static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, union pvrdma_cmd_resp *rsp) { @@ -485,6 +504,7 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, cmd->max_recv_sge, cmd->recv_cq_handle, rings, &resp->qpn); if (rc) { + destroy_qp_rings(rings); return rc; } @@ -557,13 +577,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle); ring = (PvrdmaRing *)qp->opaque; - pr_dbg("sring=%p\n", &ring[0]); - pvrdma_ring_free(&ring[0]); - pr_dbg("rring=%p\n", &ring[1]); - pvrdma_ring_free(&ring[1]); - - rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE); - g_free(ring); + destroy_qp_rings(ring); return 0; }