IB/hfi1: Fix memory leak in user ExpRcv and SDMA
authorMitko Haralanov <mitko.haralanov@intel.com>
Tue, 12 Apr 2016 17:46:29 +0000 (10:46 -0700)
committerDoug Ledford <dledford@redhat.com>
Thu, 28 Apr 2016 20:32:26 +0000 (16:32 -0400)
The driver had two memory leaks - one in the user
expected receive code and one in SDMA buffer cache.

The leak in the expected receive code only showed up
when the user/admin had set ulimit sufficiently low
and the driver did not have enough room in the cache
before hitting the limit of allowed cachable memory.

When this condition occurred, the driver returned
early signaling userland that it needed to free some
buffers to free up room in the cache.

The bug was that the driver was not cleaning up
allocated memory prior to returning early.

The leak in the SDMA buffer cache could occur (even
though it never did), when the insertion of a buffer
node in the interval RB tree failed. In this case, the
driver failed to unpin the pages of the node instead
erroneously returning success.

Reviewed-by: Dean Luick <dean.luick@intel.com>
Signed-off-by: Mitko Haralanov <mitko.haralanov@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/staging/rdma/hfi1/user_exp_rcv.c
drivers/staging/rdma/hfi1/user_sdma.c

index 8bd56d5c783dede5e59772eb88daf192e0dbb457..1b640a35b3fe82f6f85022599477f6760744f034 100644 (file)
@@ -399,8 +399,11 @@ int hfi1_user_exp_rcv_setup(struct file *fp, struct hfi1_tid_info *tinfo)
         * pages, accept the amount pinned so far and program only that.
         * User space knows how to deal with partially programmed buffers.
         */
-       if (!hfi1_can_pin_pages(dd, fd->tid_n_pinned, npages))
-               return -ENOMEM;
+       if (!hfi1_can_pin_pages(dd, fd->tid_n_pinned, npages)) {
+               ret = -ENOMEM;
+               goto bail;
+       }
+
        pinned = hfi1_acquire_user_pages(vaddr, npages, true, pages);
        if (pinned <= 0) {
                ret = pinned;
index 032949bac801f4bdd36eb6f76f27883083ef32fe..044d33777fba0ebe1567a80856007be8d8251a93 100644 (file)
@@ -1139,7 +1139,8 @@ retry:
                                list_del(&node->list);
                        pq->n_locked -= node->npages;
                        spin_unlock(&pq->evict_lock);
-                       ret = 0;
+                       unpin_vector_pages(current->mm, node->pages, 0,
+                                          node->npages);
                        goto bail;
                }
        } else {