diff options
author | Jason Gunthorpe <jgg@nvidia.com> | 2021-01-05 13:13:27 +0200 |
---|---|---|
committer | Jason Gunthorpe <jgg@nvidia.com> | 2021-01-06 17:15:15 -0400 |
commit | 8ae291cc95e49011b736b641b0cfad502b7a1526 (patch) | |
tree | f0a8179466de081b98b28d0f8e6bd710ffe89497 /scripts/gdb/linux/tasks.py | |
parent | e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62 (diff) |
RDMA/ucma: Do not miss ctx destruction steps in some cases
The destruction flow is very complicated here because the cm_id can be
destroyed from the event handler at any time if the device is
hot-removed. This leaves behind a partial ctx with no cm_id in the
xarray, and will let user space leak memory.
Make everything consistent in this flow in all places:
- Return the xarray back to XA_ZERO_ENTRY before beginning any
destruction. The thread that reaches this first is responsible to
kfree, everyone else does nothing.
- Test the xarray during the special hot-removal case to block the
queue_work, this has much simpler locking and doesn't require a
'destroying'
- Fix the ref initialization so that it is only positive if cm_id !=
NULL, then rely on that to guide the destruction process in all cases.
Now the new ucma_destroy_private_ctx() can be called in all places that
want to free the ctx, including all the error unwinds, and none of the
details are missed.
Fixes: a1d33b70dbbc ("RDMA/ucma: Rework how new connections are passed through event delivery")
Link: https://lore.kernel.org/r/20210105111327.230270-1-leon@kernel.org
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Diffstat (limited to 'scripts/gdb/linux/tasks.py')
0 files changed, 0 insertions, 0 deletions