Created attachment 234011 [details] a possible patch If ib_dma_mapping_error, it will jump out of the loop, leaving mad_priv allocated by alloc_mad_private not freed. It will cause a memory leak. Fix it with kfree.
Hi, Have you checked if a similar fix is available in Linux? --HPS
(In reply to Hans Petter Selasky from comment #1) Hi, the similar bug has been fixed in linux.
Thank you!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=ad7741ff693a39bab59b75e432bd922a62f3ef0a commit ad7741ff693a39bab59b75e432bd922a62f3ef0a Author: Hans Petter Selasky <hselasky@FreeBSD.org> AuthorDate: 2022-05-19 08:06:42 +0000 Commit: Hans Petter Selasky <hselasky@FreeBSD.org> CommitDate: 2022-05-19 08:13:06 +0000 ibcore: Fix possible memory leak in ib_mad_post_receive_mads() If ib_dma_mapping_error() returns non-zero value, ib_mad_post_receive_mads() will jump out of loops and return -ENOMEM without freeing mad_priv. Fix this memory-leak problem by freeing mad_priv in this case. Linux commit: a17f4bed811c60712d8131883cdba11a105d0161 PR: 264057 MFC after: 1 week Sponsored by: NVIDIA Networking sys/ofed/drivers/infiniband/core/ib_mad.c | 1 + 1 file changed, 1 insertion(+)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=6953b4870f00e4d2ef99ae561ae03da028cb21e6 commit 6953b4870f00e4d2ef99ae561ae03da028cb21e6 Author: Hans Petter Selasky <hselasky@FreeBSD.org> AuthorDate: 2022-05-19 08:06:42 +0000 Commit: Hans Petter Selasky <hselasky@FreeBSD.org> CommitDate: 2022-06-07 06:44:28 +0000 ibcore: Fix possible memory leak in ib_mad_post_receive_mads() If ib_dma_mapping_error() returns non-zero value, ib_mad_post_receive_mads() will jump out of loops and return -ENOMEM without freeing mad_priv. Fix this memory-leak problem by freeing mad_priv in this case. Linux commit: a17f4bed811c60712d8131883cdba11a105d0161 PR: 264057 Sponsored by: NVIDIA Networking (cherry picked from commit ad7741ff693a39bab59b75e432bd922a62f3ef0a) sys/ofed/drivers/infiniband/core/ib_mad.c | 1 + 1 file changed, 1 insertion(+)
A commit in branch stable/12 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=33870019c5f247b4602f1f044feadcc46bafa514 commit 33870019c5f247b4602f1f044feadcc46bafa514 Author: Hans Petter Selasky <hselasky@FreeBSD.org> AuthorDate: 2022-05-19 08:06:42 +0000 Commit: Hans Petter Selasky <hselasky@FreeBSD.org> CommitDate: 2022-06-07 06:46:10 +0000 ibcore: Fix possible memory leak in ib_mad_post_receive_mads() If ib_dma_mapping_error() returns non-zero value, ib_mad_post_receive_mads() will jump out of loops and return -ENOMEM without freeing mad_priv. Fix this memory-leak problem by freeing mad_priv in this case. Linux commit: a17f4bed811c60712d8131883cdba11a105d0161 PR: 264057 Sponsored by: NVIDIA Networking (cherry picked from commit ad7741ff693a39bab59b75e432bd922a62f3ef0a) sys/ofed/drivers/infiniband/core/ib_mad.c | 1 + 1 file changed, 1 insertion(+)