Hi,
You have two bugs here:
1) When using ODP, ib_umem_release() checks for umem->odp_data != NULL
calls ib_umem_odp_release() and returns immediately without calling
put_pid().
This one isn't in the error path so the title doesn't fit.
2) In case the allocation failed, we return in -ENOMEM without calling
put_pid().
Can you please resend this with proper fixes line and a better description of
what is going on.
On 22/12/2016 09:11, Kenneth Lee wrote:
> I catched this bug when reading the code. I'm sorry I have no hardware to test
> it. But it is abviously a bug.
>
> Signed-off-by: Kenneth Lee <liguo...@hisilicon.com>
> ---
> drivers/infiniband/core/umem.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
> index 1e62a5f..4609b92 100644
> --- a/drivers/infiniband/core/umem.c
> +++ b/drivers/infiniband/core/umem.c
> @@ -134,6 +134,7 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context,
> unsigned long addr,
> IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND));
>
> if (access & IB_ACCESS_ON_DEMAND) {
> + put_pid(umem->pid);
> ret = ib_umem_odp_get(context, umem);
> if (ret) {
> kfree(umem);
> @@ -149,6 +150,7 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context,
> unsigned long addr,
>
> page_list = (struct page **) __get_free_page(GFP_KERNEL);
> if (!page_list) {
> + put_pid(umem->pid);
> kfree(umem);
> return ERR_PTR(-ENOMEM);
> }
>
Mark.
