Hi, You have two bugs here: 1) When using ODP, ib_umem_release() checks for umem->odp_data != NULL calls ib_umem_odp_release() and returns immediately without calling put_pid(). This one isn't in the error path so the title doesn't fit.
2) In case the allocation failed, we return in -ENOMEM without calling put_pid(). Can you please resend this with proper fixes line and a better description of what is going on. On 22/12/2016 09:11, Kenneth Lee wrote: > I catched this bug when reading the code. I'm sorry I have no hardware to test > it. But it is abviously a bug. > > Signed-off-by: Kenneth Lee <liguo...@hisilicon.com> > --- > drivers/infiniband/core/umem.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c > index 1e62a5f..4609b92 100644 > --- a/drivers/infiniband/core/umem.c > +++ b/drivers/infiniband/core/umem.c > @@ -134,6 +134,7 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, > unsigned long addr, > IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND)); > > if (access & IB_ACCESS_ON_DEMAND) { > + put_pid(umem->pid); > ret = ib_umem_odp_get(context, umem); > if (ret) { > kfree(umem); > @@ -149,6 +150,7 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, > unsigned long addr, > > page_list = (struct page **) __get_free_page(GFP_KERNEL); > if (!page_list) { > + put_pid(umem->pid); > kfree(umem); > return ERR_PTR(-ENOMEM); > } > Mark.