Skip to content

Commit d871315

Browse files
sfu2rleon
sfu2
authored and
rleon
committed
RDMA/uverbs: Fix umem release in UVERBS_METHOD_CQ_CREATE
In `UVERBS_METHOD_CQ_CREATE`, umem should be released if anything goes wrong. Currently, if `create_cq_umem` fails, umem would not be released or referenced, causing a possible leak. In this patch, we release umem at `UVERBS_METHOD_CQ_CREATE`, the driver should not release umem if it returns an error code. Fixes: 1a40c36 ("RDMA/uverbs: Add a common way to create CQ with umem") Signed-off-by: Shuhao Fu <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Leon Romanovsky <[email protected]>
1 parent 5575b76 commit d871315

File tree

2 files changed

+8
-9
lines changed

2 files changed

+8
-9
lines changed

drivers/infiniband/core/uverbs_std_types_cq.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,7 @@ static int UVERBS_HANDLER(UVERBS_METHOD_CQ_CREATE)(
206206
return ret;
207207

208208
err_free:
209+
ib_umem_release(umem);
209210
rdma_restrack_put(&cq->res);
210211
kfree(cq);
211212
err_event_file:

drivers/infiniband/hw/efa/efa_verbs.c

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1216,13 +1216,13 @@ int efa_create_cq_umem(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
12161216
if (umem->length < cq->size) {
12171217
ibdev_dbg(&dev->ibdev, "External memory too small\n");
12181218
err = -EINVAL;
1219-
goto err_free_mem;
1219+
goto err_out;
12201220
}
12211221

12221222
if (!ib_umem_is_contiguous(umem)) {
12231223
ibdev_dbg(&dev->ibdev, "Non contiguous CQ unsupported\n");
12241224
err = -EINVAL;
1225-
goto err_free_mem;
1225+
goto err_out;
12261226
}
12271227

12281228
cq->cpu_addr = NULL;
@@ -1251,7 +1251,7 @@ int efa_create_cq_umem(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
12511251

12521252
err = efa_com_create_cq(&dev->edev, &params, &result);
12531253
if (err)
1254-
goto err_free_mem;
1254+
goto err_free_mapped;
12551255

12561256
resp.db_off = result.db_off;
12571257
resp.cq_idx = result.cq_idx;
@@ -1299,12 +1299,10 @@ int efa_create_cq_umem(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
12991299
efa_cq_user_mmap_entries_remove(cq);
13001300
err_destroy_cq:
13011301
efa_destroy_cq_idx(dev, cq->cq_idx);
1302-
err_free_mem:
1303-
if (umem)
1304-
ib_umem_release(umem);
1305-
else
1306-
efa_free_mapped(dev, cq->cpu_addr, cq->dma_addr, cq->size, DMA_FROM_DEVICE);
1307-
1302+
err_free_mapped:
1303+
if (!umem)
1304+
efa_free_mapped(dev, cq->cpu_addr, cq->dma_addr, cq->size,
1305+
DMA_FROM_DEVICE);
13081306
err_out:
13091307
atomic64_inc(&dev->stats.create_cq_err);
13101308
return err;

0 commit comments

Comments
 (0)