Re: IPoIB memory use after free
On Wed, 2010-02-17 at 12:08 -0800, Arthur Kepner wrote: > On Wed, Feb 17, 2010 at 12:02:36PM -0800, Ralph Campbell wrote: > > I have been tracking down a kernel panic while running qperf udp_bw > > tests and it looks like ib_ipoib is using memory after freeing it. > > > > The problem is with connected mode. I don't see the panic with > > datagram mode. Looking at the source code, I see that the process > > of creating the QP with the connection manager, ipoib_cm_create_tx(), > > has pointers to struct ipoib_neigh and struct ipoib_path but there > > doesn't seem to be a reference count or struct completion similar to > > the way the SA path record look up process has to prevent this. > > > > I'm working on a patch to test this theory but wanted to post > > this before going too far in case others are already aware > > of the problem and working on it. > > > > Could what you're seeing be related to what's reported here: > > http://lists.openfabrics.org/pipermail/general/2008-April/049629.html It is related but it is not the same since I'm talking about struct ipoib_cm_tx holding a stale pointer instead of in ipoib_neigh_cleanup(). -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: IPoIB memory use after free
On Wed, Feb 17, 2010 at 12:02:36PM -0800, Ralph Campbell wrote: > I have been tracking down a kernel panic while running qperf udp_bw > tests and it looks like ib_ipoib is using memory after freeing it. > > The problem is with connected mode. I don't see the panic with > datagram mode. Looking at the source code, I see that the process > of creating the QP with the connection manager, ipoib_cm_create_tx(), > has pointers to struct ipoib_neigh and struct ipoib_path but there > doesn't seem to be a reference count or struct completion similar to > the way the SA path record look up process has to prevent this. > > I'm working on a patch to test this theory but wanted to post > this before going too far in case others are already aware > of the problem and working on it. > Could what you're seeing be related to what's reported here: http://lists.openfabrics.org/pipermail/general/2008-April/049629.html ? -- Arthur -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
IPoIB memory use after free
I have been tracking down a kernel panic while running qperf udp_bw tests and it looks like ib_ipoib is using memory after freeing it. The problem is with connected mode. I don't see the panic with datagram mode. Looking at the source code, I see that the process of creating the QP with the connection manager, ipoib_cm_create_tx(), has pointers to struct ipoib_neigh and struct ipoib_path but there doesn't seem to be a reference count or struct completion similar to the way the SA path record look up process has to prevent this. I'm working on a patch to test this theory but wanted to post this before going too far in case others are already aware of the problem and working on it. -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
