From nobody Sun Jun 14 08:17:53 2026 Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13FAB3C9429 for ; Wed, 1 Apr 2026 22:36:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775083024; cv=none; b=CfrFDx/TCcVf9hLNOJ9Jculq4n6aKNYEd30/LtT2Wt7T2v4umnZG+8TTZLIiEfzKLg1XPfJ0dpM5QvLKFloTiNhmrcnyJOJww9TbuNCGK9Lg6tirLP17uwHpjqzxkdQYUJKNdeVDlz4r6CY70Bf7CX/kTyTGfqrYTYseA8ZJl44= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775083024; c=relaxed/simple; bh=4rMAAirtKvyCDqoRrw6ORajqieswQnbEv6cHcq12FEI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F1HXiKw/yItgq+DJgvokJvqh3M3d1b1SI5i466sj1IJ4xUtJ8SlYQCmzTIPj4wLKLN1sAVZCDsBdo7gMaF4d7KawfBelNjMi2kUWwCu0fHMLkevbRx4j3MGN2v2ivHHOyUBBeI+6sObSiNqJcvZB+m1Z93E0aX8cm66QPvMlQuM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=GDkNzTxK; arc=none smtp.client-ip=209.85.128.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GDkNzTxK" Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-4853c1ca73aso1795775e9.2 for ; Wed, 01 Apr 2026 15:36:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775083016; x=1775687816; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rPTqHmm+mcBn865+o6reF9Ra06TvDtBCNwLriGowBOI=; b=GDkNzTxK3vZrL/a90o4Nh6tVX73AAQ93X/h60hyOosqOVhMi0V+Jdz33fcvhB+SXHX GIYxcU4Rm2QRz4zYP+a/HPcroK+ti/+WZvs5RA7cuCex9JO8uF1xoIhjRvnPBuT7mA4b zOpuy3cIH3XUdVjpP9OmpA9XGgb1huPCBXglv3WqtRDZbv+fG3aerdPHit9STJ/oTTBA Ctony+3vYMDL903Jr9vRlD1PT+B8r88AALedNk/ku9cFJwpaGm4E7HoJ/gSCPjT8qAmE EQVzsRZUGLTalfJ96Ci7MiGwueKm9oVg8wjtyhOjoCsxNqffuHy0UbJnIam9j16PMRUY hU/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775083016; x=1775687816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=rPTqHmm+mcBn865+o6reF9Ra06TvDtBCNwLriGowBOI=; b=ar0URxhUfhEqFuQG3+zW/0l4IZbVGTRIkS/EqVv0J9mB+7HntqSrGN/meqf/FS9cYD YEnQoo8sG3ciASgO8x4zU7Ho0RaDKdJ42m5xxxEOgYqOUXy0KI7DPKGYdb0E5tWUDUi+ P8izbZffBClhork3kjNRU0swTOPmYUTC5GyW4lEo5jJQKqf7UfGlE6e9VLGPMwU0Luah iQRfix69o95oTKRGGYU+GwWUFSAO218YD5ZoMd8IXWFih4GvuD9XZXxQL8S1Oqu3+rFy im5Qo/UptF4HOJDAokVaO1XNj8wcCUJxxMu+2OO9+DEzcyaqfJylpdI4kGytdJXNkZXD 7TBQ== X-Forwarded-Encrypted: i=1; AJvYcCVrmFD/mHanYSW0ZKizzYYYB+PO7XeF0htbDgC2hZiz7pKg7E+QhNdVarWNlWi5cmyF+NGq4vUJDFi5Thw=@vger.kernel.org X-Gm-Message-State: AOJu0Yx5QGhm7iUTYGGzautehFfEI+iUY1OGrgW4twpaBarZj2XxnBIq UIg0JeNXkX8hmhzzPNStiW/4AMhHuS/4u2HiR168V6ri3t/K7VwtFdB6 X-Gm-Gg: ATEYQzyC7lT8fLrRWoytS8nSYXBCzk0W0l1cX2AsBPGU6AmWbZQR8xCo+JlN3Ds4hy7 zHAkgdNwsO3xq9b+2JmS5IFEMDuB8MERCNBU8zPB1qxzyASnKB07gQWUDZsvc3eVI6rOaUq2hzs es7Q53Y27Ykti6XII08pqpZdxHxPFrMRrNQHMB8gK4OvXYJz/kcc1F2S6jdwKrTrz/wYr0tNWWd +1GCLBiykc1qP/fA7D4oVMsl33T6I6x1SUEhjOp+VP1uXEAp10/GlM/lAkOjgV1CXgDedQThnNe W5fgZ7oXE9aKTedGuFnsF2VOyPt7V9F4oVtoELwivbnFbRDtPVeYDW69kkR/IcXxHQovLXGnHwU VRDgZyZyiu7//DCzmtgrsGk/6RnKPuHUARJ+BtEHUq8m924coVPh1EwBO7K9ghJBl1mawH7JSOV uziu0rT908IU6Cel1Ui+cDwO+Xa4rVzW175fM0CJCiADWwj9u59TUjNKA1Kz/0pMhTPIRIaToCS T+QUSs1Z2LakgoFP9WFycqYIZR4B/XucUSQUUy7MVoo0I5O X-Received: by 2002:a05:600c:848d:b0:485:3c66:e230 with SMTP id 5b1f17b1804b1-488835b78f1mr98532205e9.29.1775083015767; Wed, 01 Apr 2026 15:36:55 -0700 (PDT) Received: from DESKTOP-NQ2T5I7.localdomain (heme-13-b2-v4wan-167795-cust403.vm32.cable.virginm.net. [81.108.45.148]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4888a705ebdsm30503715e9.10.2026.04.01.15.36.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 15:36:55 -0700 (PDT) From: Prathamesh Deshpande To: prathameshdeshpande7@gmail.com Cc: dledford@redhat.com, haggaie@mellanox.com, jgg@ziepe.ca, leon@kernel.org, linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org Subject: [PATCH v3] IB/mlx5: Fix tdn leak and state corruption in mlx5_ib_alloc_transport_domain Date: Wed, 1 Apr 2026 23:35:50 +0100 Message-ID: <20260401223550.20040-1-prathameshdeshpande7@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260331230852.18479-1-prathameshdeshpande7@gmail.com> References: <20260331230852.18479-1-prathameshdeshpande7@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In mlx5_ib_alloc_transport_domain(), an early success path was returning 'err' (which is 0) instead of a literal 0. Additionally, as identified by Sashiko, if mlx5_ib_enable_lb() fails at the end of the function: 1. The allocated transport domain (tdn) is leaked. 2. The internal loopback software state and reference counters are left in an inconsistent state. Explicitly return 0 in the early success path. In the failure path for loopback enablement, call mlx5_ib_disable_lb() to roll back the software state and deallocate the transport domain. Signed-off-by: Prathamesh Deshpande --- v3: - Also call mlx5_ib_disable_lb() on failure to roll back software state/cou= nters [Sashiko]. v2: - Added deallocation of tdn if mlx5_ib_enable_lb() fails [Sashiko]. - Reworded commit message to reflect the functional fix and credit the tool. Hi Leon, In this v3, I've incorporated the additional fix identified by Sashiko. Beyond the tdn leak, Sashiko pointed out that a failure in mlx5_ib_enable_lb() leaves internal software state and counters inconsistent. I've added a call to mlx5_ib_disable_lb() in the error path to safely roll back those changes. Thanks, Prathamesh drivers/infiniband/hw/mlx5/main.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5= /main.c index 635002e684a5..3d9f0e2e7548 100644 --- a/drivers/infiniband/hw/mlx5/main.c +++ b/drivers/infiniband/hw/mlx5/main.c @@ -2068,9 +2068,15 @@ static int mlx5_ib_alloc_transport_domain(struct mlx= 5_ib_dev *dev, u32 *tdn, if ((MLX5_CAP_GEN(dev->mdev, port_type) !=3D MLX5_CAP_PORT_TYPE_ETH) || (!MLX5_CAP_GEN(dev->mdev, disable_local_lb_uc) && !MLX5_CAP_GEN(dev->mdev, disable_local_lb_mc))) - return err; + return 0; + + err =3D mlx5_ib_enable_lb(dev, true, false); + if (err) { + mlx5_ib_disable_lb(dev, true, false); + mlx5_cmd_dealloc_transport_domain(dev->mdev, *tdn, uid); + } =20 - return mlx5_ib_enable_lb(dev, true, false); + return err; } =20 static void mlx5_ib_dealloc_transport_domain(struct mlx5_ib_dev *dev, u32 = tdn, --=20 2.43.0