Re: [PATCH] RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
From: Jason Gunthorpe
Date: Tue Sep 14 2021 - 15:54:52 EST
On Mon, Sep 13, 2021 at 05:33:44PM +0800, Tao Liu wrote:
> rdma_cma_listen_on_all() just destroy listener which lead to an error,
> but not including those already added in listen_list. Then cm state
> fallbacks to RDMA_CM_ADDR_BOUND.
>
> When user destroys id, the listeners will not be destroyed, and
> process stucks.
>
> task:rping state:D stack: 0 pid:19605 ppid: 47036 flags:0x00000084
> Call Trace:
> __schedule+0x29a/0x780
> ? free_unref_page_commit+0x9b/0x110
> schedule+0x3c/0xa0
> schedule_timeout+0x215/0x2b0
> ? __flush_work+0x19e/0x1e0
> wait_for_completion+0x8d/0xf0
> _destroy_id+0x144/0x210 [rdma_cm]
> ucma_close_id+0x2b/0x40 [rdma_ucm]
> __destroy_id+0x93/0x2c0 [rdma_ucm]
> ? __xa_erase+0x4a/0xa0
> ucma_destroy_id+0x9a/0x120 [rdma_ucm]
> ucma_write+0xb8/0x130 [rdma_ucm]
> vfs_write+0xb4/0x250
> ksys_write+0xb5/0xd0
> ? syscall_trace_enter.isra.19+0x123/0x190
> do_syscall_64+0x33/0x40
> entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> Fixes: c80a0c52d85c ("RDMA/cma: Add missing error handling of listen_id")
> Signed-off-by: Tao Liu <thomas.liu@xxxxxxxxx>
> Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxx>
> drivers/infiniband/core/cma.c | 22 +++++++++++++++-------
> 1 file changed, 15 insertions(+), 7 deletions(-)
I'd like to see a bit more than this, I reworked the patch slightly
into this below. It is in for-rc so let me know if it busted up. Thanks