linux/drivers
Håkon Bugge ea660ad7c1 IB/mlx4: Fix leak in id_map_find_del
Using CX-3 virtual functions, either from a bare-metal machine or
pass-through from a VM, MAD packets are proxied through the PF driver.

Since the VF drivers have separate name spaces for MAD Transaction Ids
(TIDs), the PF driver has to re-map the TIDs and keep the book keeping in
a cache.

Following the RDMA Connection Manager (CM) protocol, it is clear when an
entry has to evicted from the cache. When a DREP is sent from
mlx4_ib_multiplex_cm_handler(), id_map_find_del() is called. Similar when
a REJ is received by the mlx4_ib_demux_cm_handler(), id_map_find_del() is
called.

This function wipes out the TID in use from the IDR or XArray and removes
the id_map_entry from the table.

In short, it does everything except the topping of the cake, which is to
remove the entry from the list and free it. In other words, for the REJ
case enumerated above, one id_map_entry will be leaked.

For the other case above, a DREQ has been received first. The reception of
the DREQ will trigger queuing of a delayed work to delete the
id_map_entry, for the case where the VM doesn't send back a DREP.

In the normal case, the VM _will_ send back a DREP, and id_map_find_del()
will be called.

But this scenario introduces a secondary leak. First, when the DREQ is
received, a delayed work is queued. The VM will then return a DREP, which
will call id_map_find_del(). As stated above, this will free the TID used
from the XArray or IDR. Now, there is window where that particular TID can
be re-allocated, lets say by an outgoing REQ. This TID will later be wiped
out by the delayed work, when the function id_map_ent_timeout() is
called. But the id_map_entry allocated by the outgoing REQ will not be
de-allocated, and we have a leak.

Both leaks are fixed by removing the id_map_find_del() function and only
using schedule_delayed(). Of course, a check in schedule_delayed() to see
if the work already has been queued, has been added.

Another benefit of always using the delayed version for deleting entries,
is that we do get a TimeWait effect; a TID no longer in use, will occupy
the XArray or IDR for CM_CLEANUP_CACHE_TIMEOUT time, without any ability
of being re-used for that time period.

Fixes: 3cf69cc8db ("IB/mlx4: Add CM paravirtualization")
Link: https://lore.kernel.org/r/20200123155521.1212288-1-haakon.bugge@oracle.com
Signed-off-by: Håkon Bugge <haakon.bugge@oracle.com>
Signed-off-by: Manjunath Patil <manjunath.b.patil@oracle.com>
Reviewed-by: Rama Nichanamatlu <rama.nichanamatlu@oracle.com>
Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2020-01-27 16:46:53 -04:00
..
accessibility
acpi ACPI: PM: Avoid attaching ACPI PM domain to certain devices 2019-12-10 00:22:18 +01:00
amba
android binder: fix incorrect calculation for num_valid 2019-12-14 09:10:47 +01:00
ata ata: ahci_brcm: Add missing clock management during recovery 2019-12-25 20:47:24 -07:00
atm atm: eni: fix uninitialized variable warning 2020-01-08 13:11:00 -08:00
auxdisplay auxdisplay: charlcd: deduplicate simple_strtoul() 2019-12-04 19:44:12 -08:00
base Merge branch 'remove-ksys-mount-dup' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux 2019-12-15 11:36:12 -08:00
bcma
block block-5.5-20200103 2020-01-03 12:11:30 -08:00
bluetooth Bluetooth: btbcm: Use the BDADDR_PROPERTY quirk 2019-11-22 13:35:20 +01:00
bus bus: ti-sysc: Fix missing reset delay handling 2019-12-12 08:20:10 -08:00
cdrom cdrom: respect device capabilities during opening action 2019-11-26 13:02:24 -07:00
char tpm: Handle negative priv->response_len in tpm_common_read() 2020-01-08 18:11:09 +02:00
clk clk: qcom: Avoid SMMU/cx gdsc corner cases 2019-12-18 22:02:27 -08:00
clocksource clocksource: riscv: add notrace to riscv_sched_clock 2020-01-04 21:48:48 -08:00
connector
counter
cpufreq Merge branch 'cpufreq/arm/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm 2020-01-07 10:41:35 +01:00
cpuidle cpuidle: Drop unnecessary type cast in cpuidle_poll_time() 2019-12-12 17:56:08 +01:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-12-02 17:23:21 -08:00
dax libnvdimm for 5.5 2019-12-01 18:43:25 -08:00
dca
devfreq PM / devfreq: tegra: Add COMMON_CLK dependency 2019-12-23 10:42:58 +09:00
dio
dma ioat: ioat_alloc_ring() failure handling. 2019-12-27 12:06:06 +05:30
dma-buf - A fix for a memory leak in the dma-buf support 2019-12-09 17:13:19 +10:00
edac riscv: move sifive_l2_cache.h to include/soc 2020-01-12 10:12:44 -08:00
eisa
extcon Char/Misc driver patches for 5.5-rc1 2019-11-27 10:53:50 -08:00
firewire FireWire (IEEE 1394) subsystem updates: 2019-12-02 14:13:00 -08:00
firmware firmware: tee_bnxt: Fix multiple call to tee_client_close_context 2020-01-06 13:51:37 -08:00
fpga
fsi fsi: aspeed: Fix OPB0 byte order register values 2019-11-08 11:28:21 +01:00
gnss
gpio gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism 2020-01-07 12:58:15 +01:00
gpu Merge tag 'drm-intel-fixes-2020-01-09-1' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes 2020-01-10 11:43:02 +10:00
greybus
hid HID: hidraw, uhid: Always report EPOLLOUT 2020-01-10 15:34:28 +01:00
hsi
hv Merge branch 'akpm' (patches from Andrew) 2019-12-01 20:36:41 -08:00
hwmon compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
hwspinlock hwspinlock: u8500_hsem: Remove redundant PM runtime implementation 2019-11-08 16:42:26 -08:00
hwtracing intel_th: msu: Fix window switching without windows 2019-12-17 15:45:59 +01:00
i2c i2c: fix bus recovery stop mode timing 2020-01-09 22:21:08 +01:00
i3c
ide compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
idle cpuidle: Drop disabled field from struct cpuidle_state 2019-11-29 11:48:39 +01:00
iio First set of fixes for IIO in the 5.5 cycle. 2019-12-09 09:27:52 +01:00
infiniband IB/mlx4: Fix leak in id_map_find_del 2020-01-27 16:46:53 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-01-09 15:37:40 -08:00
interconnect interconnect: qcom: msm8974: Walk the list safely on node removal 2019-12-12 10:28:54 +01:00
iommu iommu/dma: fix variable 'cookie' set but not used 2020-01-07 17:08:58 +01:00
ipack
irqchip riscv: prefix IRQ_ macro names with an RV_ namespace 2020-01-04 21:48:59 -08:00
isdn compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
leds Merge tag 'leds-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/pavel/linux-leds 2019-12-01 16:09:28 -08:00
lightnvm
macintosh powerpc updates for 5.5 2019-11-30 14:35:43 -08:00
mailbox mailbox changes for v5.5 2019-12-01 18:42:02 -08:00
mcb
md for-linus-20191212 2019-12-13 14:27:19 -08:00
media media updates for v5.5-rc5 2020-01-04 10:41:08 -08:00
memory memory: tegra: Fixes for v5.5-rc1 2019-12-06 08:28:51 -08:00
memstick pci-v5.5-changes 2019-12-03 13:58:22 -08:00
message
mfd chrome platform changes for v5.5 2019-12-03 14:37:12 -08:00
misc powerpc fixes for 5.5 #4 2019-12-21 06:17:05 -08:00
mmc mmc: sdhci-of-esdhc: re-implement erratum A-009204 workaround 2019-12-19 08:13:43 +01:00
mtd mtd: spi-nor: Fix the writing of the Status Register on micron flashes 2020-01-09 20:11:34 +01:00
mux
net Use ODP MRs for kernel ULPs 2020-01-21 09:55:04 -04:00
nfc nfc: s3fwrn5: replace the assertion with a WARN_ON 2019-12-19 17:33:23 -08:00
ntb Add Hygon Device ID to the AMD NTB device driver 2019-12-07 18:38:17 -08:00
nubus
nvdimm libnvdimm for 5.5 2019-12-01 18:43:25 -08:00
nvme nvmet: fix per feat data len for get_feature 2020-01-10 08:55:50 -07:00
nvmem ARM: SoC-related driver updates 2019-12-05 11:43:31 -08:00
of Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-12-22 09:54:33 -08:00
opp PM / OPP: Support adjusting OPP voltages at runtime 2019-11-11 10:27:15 +05:30
oprofile Printk changes for 5.5 2019-11-25 19:40:40 -08:00
parisc
parport parport: daisy: use new parport device model 2019-11-13 19:09:49 +08:00
pci PCI: rockchip: Fix IO outbound ATU register number 2019-12-12 15:25:37 -06:00
pcmcia pcmcia: remove unused dprintk definition 2019-11-22 07:03:45 +01:00
perf perf/smmuv3: Remove the leftover put_cpu() in error path 2019-12-18 16:15:36 +00:00
phy phy/rockchip: inno-hdmi: round clock rate down to closest 1000 Hz 2019-12-31 15:46:08 +05:30
pinctrl pinctrl: meson: Fix wrong shift value when get drive-strength 2020-01-07 11:21:07 +01:00
platform A collection of MIPS fixes: 2020-01-04 14:16:57 -08:00
pnp
power Additional power management updates for 5.5-rc1 2019-12-04 10:48:09 -08:00
powercap powercap: intel_rapl: add NULL pointer check to rapl_mmio_cpu_online() 2020-01-07 12:24:34 +01:00
pps
ps3
ptp ptp: fix the race between the release of ptp_clock and cdev 2019-12-30 20:19:27 -08:00
pwm pwm: Changes for v5.5-rc1 2019-12-05 11:28:14 -08:00
rapidio drivers/rapidio/rio-access.c: fix missing include of <linux/rio_drv.h> 2019-12-04 19:44:13 -08:00
ras
regulator regulator: Fixes for v5.5 2020-01-06 12:04:31 -08:00
remoteproc remoteproc: stm32: fix probe error case 2019-11-18 20:35:16 -08:00
reset reset: Do not register resource data for missing resets 2019-12-10 11:43:37 +01:00
rpmsg rpmsg updates for v5.5 2019-12-01 18:39:24 -08:00
rtc rtc: cmos: Revert "rtc: Fix the AltCentury value on AMD/Hygon platform" 2020-01-04 05:31:50 +01:00
s390 s390/qeth: fix initialization on old HW 2019-12-24 22:41:06 -08:00
sbus
scsi SCSI fixes on 20191227 2019-12-27 17:28:41 -08:00
sfi
sh
siox
slimbus
soc riscv: move sifive_l2_cache.h to include/soc 2020-01-12 10:12:44 -08:00
soundwire Merge 5.4-rc7 into char-misc-next 2019-11-11 06:24:30 +01:00
spi spi: Fixes for v5.5 2020-01-06 12:34:44 -08:00
spmi
ssb
staging Staging fixes for 5.5-rc6 2020-01-10 13:22:11 -08:00
target SCSI fixes on 20191227 2019-12-27 17:28:41 -08:00
tc
tee Merge mainline/master into arm/fixes 2019-12-05 13:18:54 -08:00
thermal drivers: thermal: tsens: Work with old DTBs 2020-01-07 08:22:35 +01:00
thunderbolt thunderbolt: Power cycle the router if NVM authentication fails 2019-11-19 17:35:57 +01:00
tty serdev: Don't claim unsupported ACPI serial devices 2020-01-06 20:00:44 +01:00
uio uio: fix irq init with dt support & irq not defined 2019-11-14 11:49:48 +08:00
usb usb: missing parentheses in USE_NEW_SCHEME 2020-01-08 17:44:11 +01:00
vfio VFIO updates for v5.5-rc1 2019-12-07 14:51:04 -08:00
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-12-08 13:28:11 -08:00
video pci-v5.5-changes 2019-12-03 13:58:22 -08:00
virt compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
virtio virtio_balloon: divide/multiply instead of shifts 2019-12-11 08:14:07 -05:00
visorbus
vlynq
vme
w1 w1: new driver. DS2430 chip 2019-11-14 13:06:33 +08:00
watchdog watchdog: orion: fix platform_get_irq() complaints 2019-12-30 15:58:29 +01:00
xen xen: branch for v5.5-rc3 2019-12-21 06:24:56 -08:00
zorro
Kconfig
Makefile