[openib-general] [PATCH] rdma_bind_addr() leaks a cma_dev reference count
Krishna Kumar2
krkumar2 at in.ibm.com
Wed Oct 18 21:59:28 PDT 2006
Hi Sean,
> Let's try something like this then (untested):
>
> diff --git a/drivers/infiniband/core/cma.c
b/drivers/infiniband/core/cma.c
> index 18a4366..0d06431 100755
> --- a/drivers/infiniband/core/cma.c
> +++ b/drivers/infiniband/core/cma.c
> @@ -1859,16 +1859,20 @@ int rdma_bind_addr(struct rdma_cm_id *id
> mutex_unlock(&lock);
> }
> if (ret)
> - goto err;
> + goto err1;
> }
>
> memcpy(&id->route.addr.src_addr, addr, ip_addr_size(addr));
> ret = cma_get_port(id_priv);
> if (ret)
> - goto err;
> + goto err2;
>
> return 0;
> -err:
> +err2:
> + mutex_lock(&lock);
> + cma_detach_from_dev(id_priv);
> + mutex_unlock(&lock);
> +err1:
> cma_comp_exch(id_priv, CMA_ADDR_BOUND, CMA_IDLE);
> return ret;
> }
This will mean that a deref is wrongly done if a loopback or zero address
is
passed to this function, without it having done a ref inc. I do think this
case
requires a variable to indicate whether a ref was got or not. Assuming
that is
true, I will submit a patch with your comment about holding the lock.
thanks,
- KK
More information about the general
mailing list