From: "Michael S. Tsirkin" <mst@redhat.com>
To: Suman Anna <s-anna@ti.com>
Cc: Jason Wang <jasowang@redhat.com>, Tiwei Bie <tiwei.bie@intel.com>,
"David S. Miller" <davem@davemloft.net>,
virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org
Subject: Re: [PATCH] virtio_ring: Fix mem leak with vring_new_virtqueue()
Date: Sun, 8 Mar 2020 03:58:05 -0400 [thread overview]
Message-ID: <20200308035751-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <a4335428-e29e-d567-b18b-3c144020a726@ti.com>
On Thu, Mar 05, 2020 at 06:27:53PM -0600, Suman Anna wrote:
> On 2/25/20 9:13 PM, Jason Wang wrote:
> >
> > On 2020/2/26 上午12:51, Suman Anna wrote:
> >> Hi Jason,
> >>
> >> On 2/24/20 11:39 PM, Jason Wang wrote:
> >>> On 2020/2/25 上午5:26, Suman Anna wrote:
> >>>> The functions vring_new_virtqueue() and __vring_new_virtqueue() are
> >>>> used
> >>>> with split rings, and any allocations within these functions are
> >>>> managed
> >>>> outside of the .we_own_ring flag. The commit cbeedb72b97a
> >>>> ("virtio_ring:
> >>>> allocate desc state for split ring separately") allocates the desc
> >>>> state
> >>>> within the __vring_new_virtqueue() but frees it only when the
> >>>> .we_own_ring
> >>>> flag is set. This leads to a memory leak when freeing such allocated
> >>>> virtqueues with the vring_del_virtqueue() function.
> >>>>
> >>>> Fix this by moving the desc_state free code outside the flag and only
> >>>> for split rings. Issue was discovered during testing with remoteproc
> >>>> and virtio_rpmsg.
> >>>>
> >>>> Fixes: cbeedb72b97a ("virtio_ring: allocate desc state for split ring
> >>>> separately")
> >>>> Signed-off-by: Suman Anna<s-anna@ti.com>
> >>>> ---
> >>>> drivers/virtio/virtio_ring.c | 4 ++--
> >>>> 1 file changed, 2 insertions(+), 2 deletions(-)
> >>>>
> >>>> diff --git a/drivers/virtio/virtio_ring.c
> >>>> b/drivers/virtio/virtio_ring.c
> >>>> index 867c7ebd3f10..58b96baa8d48 100644
> >>>> --- a/drivers/virtio/virtio_ring.c
> >>>> +++ b/drivers/virtio/virtio_ring.c
> >>>> @@ -2203,10 +2203,10 @@ void vring_del_virtqueue(struct virtqueue *_vq)
> >>>> vq->split.queue_size_in_bytes,
> >>>> vq->split.vring.desc,
> >>>> vq->split.queue_dma_addr);
> >>>> -
> >>>> - kfree(vq->split.desc_state);
> >>>> }
> >>>> }
> >>>> + if (!vq->packed_ring)
> >>>> + kfree(vq->split.desc_state);
> >>> Nitpick, it looks to me it would be more clear if we just free
> >>> desc_state unconditionally here (and remove the kfree for packed above).
> >> OK, are you sure you want that to be folded into this patch? It looks to
> >> me a separate cleanup/consolidation patch, and packed desc_state does
> >> not suffer this memleak, and need not be backported into stable kernels.
> >>
> >> regards
> >> Suman
> >
> >
> > Though it's just a small tweak, I'm fine for leaving it for future.
> >
> > So
> >
> > Acked-by: Jason Wang <jasowang@redhat.com>
> >
>
> Mike,
> Ping on this. I don't see the patch in -next yet. Can we get this into
> the current -rc please?
>
> regards
> Suman
Yes will queue it shortly, thanks!
WARNING: multiple messages have this Message-ID (diff)
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Suman Anna <s-anna@ti.com>
Cc: linux-remoteproc@vger.kernel.org, linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH] virtio_ring: Fix mem leak with vring_new_virtqueue()
Date: Sun, 8 Mar 2020 03:58:05 -0400 [thread overview]
Message-ID: <20200308035751-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <a4335428-e29e-d567-b18b-3c144020a726@ti.com>
On Thu, Mar 05, 2020 at 06:27:53PM -0600, Suman Anna wrote:
> On 2/25/20 9:13 PM, Jason Wang wrote:
> >
> > On 2020/2/26 上午12:51, Suman Anna wrote:
> >> Hi Jason,
> >>
> >> On 2/24/20 11:39 PM, Jason Wang wrote:
> >>> On 2020/2/25 上午5:26, Suman Anna wrote:
> >>>> The functions vring_new_virtqueue() and __vring_new_virtqueue() are
> >>>> used
> >>>> with split rings, and any allocations within these functions are
> >>>> managed
> >>>> outside of the .we_own_ring flag. The commit cbeedb72b97a
> >>>> ("virtio_ring:
> >>>> allocate desc state for split ring separately") allocates the desc
> >>>> state
> >>>> within the __vring_new_virtqueue() but frees it only when the
> >>>> .we_own_ring
> >>>> flag is set. This leads to a memory leak when freeing such allocated
> >>>> virtqueues with the vring_del_virtqueue() function.
> >>>>
> >>>> Fix this by moving the desc_state free code outside the flag and only
> >>>> for split rings. Issue was discovered during testing with remoteproc
> >>>> and virtio_rpmsg.
> >>>>
> >>>> Fixes: cbeedb72b97a ("virtio_ring: allocate desc state for split ring
> >>>> separately")
> >>>> Signed-off-by: Suman Anna<s-anna@ti.com>
> >>>> ---
> >>>> drivers/virtio/virtio_ring.c | 4 ++--
> >>>> 1 file changed, 2 insertions(+), 2 deletions(-)
> >>>>
> >>>> diff --git a/drivers/virtio/virtio_ring.c
> >>>> b/drivers/virtio/virtio_ring.c
> >>>> index 867c7ebd3f10..58b96baa8d48 100644
> >>>> --- a/drivers/virtio/virtio_ring.c
> >>>> +++ b/drivers/virtio/virtio_ring.c
> >>>> @@ -2203,10 +2203,10 @@ void vring_del_virtqueue(struct virtqueue *_vq)
> >>>> vq->split.queue_size_in_bytes,
> >>>> vq->split.vring.desc,
> >>>> vq->split.queue_dma_addr);
> >>>> -
> >>>> - kfree(vq->split.desc_state);
> >>>> }
> >>>> }
> >>>> + if (!vq->packed_ring)
> >>>> + kfree(vq->split.desc_state);
> >>> Nitpick, it looks to me it would be more clear if we just free
> >>> desc_state unconditionally here (and remove the kfree for packed above).
> >> OK, are you sure you want that to be folded into this patch? It looks to
> >> me a separate cleanup/consolidation patch, and packed desc_state does
> >> not suffer this memleak, and need not be backported into stable kernels.
> >>
> >> regards
> >> Suman
> >
> >
> > Though it's just a small tweak, I'm fine for leaving it for future.
> >
> > So
> >
> > Acked-by: Jason Wang <jasowang@redhat.com>
> >
>
> Mike,
> Ping on this. I don't see the patch in -next yet. Can we get this into
> the current -rc please?
>
> regards
> Suman
Yes will queue it shortly, thanks!
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2020-03-08 7:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-24 21:26 [PATCH] virtio_ring: Fix mem leak with vring_new_virtqueue() Suman Anna
2020-02-24 21:26 ` Suman Anna
2020-02-24 21:26 ` Suman Anna via Virtualization
2020-02-25 5:39 ` Jason Wang
2020-02-25 5:39 ` Jason Wang
2020-02-25 16:51 ` Suman Anna
2020-02-25 16:51 ` Suman Anna
2020-02-25 16:51 ` Suman Anna via Virtualization
2020-02-26 3:13 ` Jason Wang
2020-02-26 17:01 ` Suman Anna
2020-02-26 17:01 ` Suman Anna
2020-02-26 17:01 ` Suman Anna via Virtualization
2020-03-06 0:27 ` Suman Anna
2020-03-06 0:27 ` Suman Anna
2020-03-06 0:27 ` Suman Anna via Virtualization
2020-03-08 7:58 ` Michael S. Tsirkin [this message]
2020-03-08 7:58 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200308035751-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=davem@davemloft.net \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-remoteproc@vger.kernel.org \
--cc=s-anna@ti.com \
--cc=tiwei.bie@intel.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.