* [PATCH v1 0/2] iommufd: Fix a small bug in fault.c
@ 2024-12-03 8:02 Nicolin Chen
2024-12-03 8:02 ` [PATCH v1 1/2] iommufd/fault: Fix out_fput in iommufd_fault_alloc() Nicolin Chen
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Nicolin Chen @ 2024-12-03 8:02 UTC (permalink / raw)
To: jgg, kevin.tian; +Cc: baolu.lu, iommu, linux-kernel, linux-kselftest, shuah
There are a few patches in vIRQ series that rework the fault.c file. So,
we should fix this before that bigger series touches the same code.
And add missing coverage for IOMMU_FAULT_QUEUE_ALLOC in iommufd_fail_nth.
Thanks!
Nicolin
Nicolin Chen (2):
iommufd/fault: Fix out_fput in iommufd_fault_alloc()
iommufd/selftest: Cover IOMMU_FAULT_QUEUE_ALLOC in iommufd_fail_nth
drivers/iommu/iommufd/fault.c | 2 --
tools/testing/selftests/iommu/iommufd_fail_nth.c | 14 ++++++++++++++
2 files changed, 14 insertions(+), 2 deletions(-)
--
2.43.0
^ permalink raw reply [flat|nested] 5+ messages in thread* [PATCH v1 1/2] iommufd/fault: Fix out_fput in iommufd_fault_alloc() 2024-12-03 8:02 [PATCH v1 0/2] iommufd: Fix a small bug in fault.c Nicolin Chen @ 2024-12-03 8:02 ` Nicolin Chen 2024-12-03 9:52 ` Yi Liu 2024-12-03 8:02 ` [PATCH v1 2/2] iommufd/selftest: Cover IOMMU_FAULT_QUEUE_ALLOC in iommufd_fail_nth Nicolin Chen 2024-12-03 16:23 ` [PATCH v1 0/2] iommufd: Fix a small bug in fault.c Jason Gunthorpe 2 siblings, 1 reply; 5+ messages in thread From: Nicolin Chen @ 2024-12-03 8:02 UTC (permalink / raw) To: jgg, kevin.tian; +Cc: baolu.lu, iommu, linux-kernel, linux-kselftest, shuah As fput() calls the file->f_op->release op, where fault obj and ictx are getting released, there is no need to release these two after fput() one more time, which would result in imbalanced refcounts: refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 48 PID: 2369 at lib/refcount.c:31 refcount_warn_saturate+0x60/0x230 Call trace: refcount_warn_saturate+0x60/0x230 (P) refcount_warn_saturate+0x60/0x230 (L) iommufd_fault_fops_release+0x9c/0xe0 [iommufd] ... VFS: Close: file count is 0 (f_op=iommufd_fops [iommufd]) WARNING: CPU: 48 PID: 2369 at fs/open.c:1507 filp_flush+0x3c/0xf0 Call trace: filp_flush+0x3c/0xf0 (P) filp_flush+0x3c/0xf0 (L) __arm64_sys_close+0x34/0x98 ... imbalanced put on file reference count WARNING: CPU: 48 PID: 2369 at fs/file.c:74 __file_ref_put+0x100/0x138 Call trace: __file_ref_put+0x100/0x138 (P) __file_ref_put+0x100/0x138 (L) __fput_sync+0x4c/0xd0 Drop those two lines to fix the warnings above. Fixes: 07838f7fd529 ("iommufd: Add iommufd fault object") Cc: stable@vger.kernel.org Signed-off-by: Nicolin Chen <nicolinc@nvidia.com> --- drivers/iommu/iommufd/fault.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/iommu/iommufd/fault.c b/drivers/iommu/iommufd/fault.c index 053b0e30f55a..1fe804e28a86 100644 --- a/drivers/iommu/iommufd/fault.c +++ b/drivers/iommu/iommufd/fault.c @@ -420,8 +420,6 @@ int iommufd_fault_alloc(struct iommufd_ucmd *ucmd) put_unused_fd(fdno); out_fput: fput(filep); - refcount_dec(&fault->obj.users); - iommufd_ctx_put(fault->ictx); out_abort: iommufd_object_abort_and_destroy(ucmd->ictx, &fault->obj); -- 2.43.0 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v1 1/2] iommufd/fault: Fix out_fput in iommufd_fault_alloc() 2024-12-03 8:02 ` [PATCH v1 1/2] iommufd/fault: Fix out_fput in iommufd_fault_alloc() Nicolin Chen @ 2024-12-03 9:52 ` Yi Liu 0 siblings, 0 replies; 5+ messages in thread From: Yi Liu @ 2024-12-03 9:52 UTC (permalink / raw) To: Nicolin Chen, jgg, kevin.tian Cc: baolu.lu, iommu, linux-kernel, linux-kselftest, shuah On 2024/12/3 16:02, Nicolin Chen wrote: > As fput() calls the file->f_op->release op, where fault obj and ictx are > getting released, there is no need to release these two after fput() one > more time, which would result in imbalanced refcounts: > refcount_t: decrement hit 0; leaking memory. > WARNING: CPU: 48 PID: 2369 at lib/refcount.c:31 refcount_warn_saturate+0x60/0x230 > Call trace: > refcount_warn_saturate+0x60/0x230 (P) > refcount_warn_saturate+0x60/0x230 (L) > iommufd_fault_fops_release+0x9c/0xe0 [iommufd] > ... > VFS: Close: file count is 0 (f_op=iommufd_fops [iommufd]) > WARNING: CPU: 48 PID: 2369 at fs/open.c:1507 filp_flush+0x3c/0xf0 > Call trace: > filp_flush+0x3c/0xf0 (P) > filp_flush+0x3c/0xf0 (L) > __arm64_sys_close+0x34/0x98 > ... > imbalanced put on file reference count > WARNING: CPU: 48 PID: 2369 at fs/file.c:74 __file_ref_put+0x100/0x138 > Call trace: > __file_ref_put+0x100/0x138 (P) > __file_ref_put+0x100/0x138 (L) > __fput_sync+0x4c/0xd0 > > Drop those two lines to fix the warnings above. > > Fixes: 07838f7fd529 ("iommufd: Add iommufd fault object") > Cc: stable@vger.kernel.org > Signed-off-by: Nicolin Chen <nicolinc@nvidia.com> > --- > drivers/iommu/iommufd/fault.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/drivers/iommu/iommufd/fault.c b/drivers/iommu/iommufd/fault.c > index 053b0e30f55a..1fe804e28a86 100644 > --- a/drivers/iommu/iommufd/fault.c > +++ b/drivers/iommu/iommufd/fault.c > @@ -420,8 +420,6 @@ int iommufd_fault_alloc(struct iommufd_ucmd *ucmd) > put_unused_fd(fdno); > out_fput: > fput(filep); > - refcount_dec(&fault->obj.users); > - iommufd_ctx_put(fault->ictx); > out_abort: > iommufd_object_abort_and_destroy(ucmd->ictx, &fault->obj); > Reviewed-by: Yi Liu <yi.l.liu@intel.com> -- Regards, Yi Liu ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v1 2/2] iommufd/selftest: Cover IOMMU_FAULT_QUEUE_ALLOC in iommufd_fail_nth 2024-12-03 8:02 [PATCH v1 0/2] iommufd: Fix a small bug in fault.c Nicolin Chen 2024-12-03 8:02 ` [PATCH v1 1/2] iommufd/fault: Fix out_fput in iommufd_fault_alloc() Nicolin Chen @ 2024-12-03 8:02 ` Nicolin Chen 2024-12-03 16:23 ` [PATCH v1 0/2] iommufd: Fix a small bug in fault.c Jason Gunthorpe 2 siblings, 0 replies; 5+ messages in thread From: Nicolin Chen @ 2024-12-03 8:02 UTC (permalink / raw) To: jgg, kevin.tian; +Cc: baolu.lu, iommu, linux-kernel, linux-kselftest, shuah This was missing in the series introducing the fault object. Thus, add it. Signed-off-by: Nicolin Chen <nicolinc@nvidia.com> --- tools/testing/selftests/iommu/iommufd_fail_nth.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/iommu/iommufd_fail_nth.c b/tools/testing/selftests/iommu/iommufd_fail_nth.c index 22f6fd5f0f74..64b1f8e1b0cf 100644 --- a/tools/testing/selftests/iommu/iommufd_fail_nth.c +++ b/tools/testing/selftests/iommu/iommufd_fail_nth.c @@ -615,7 +615,12 @@ TEST_FAIL_NTH(basic_fail_nth, access_pin_domain) /* device.c */ TEST_FAIL_NTH(basic_fail_nth, device) { + struct iommu_hwpt_selftest data = { + .iotlb = IOMMU_TEST_IOTLB_DEFAULT, + }; struct iommu_test_hw_info info; + uint32_t fault_id, fault_fd; + uint32_t fault_hwpt_id; uint32_t ioas_id; uint32_t ioas_id2; uint32_t stdev_id; @@ -678,6 +683,15 @@ TEST_FAIL_NTH(basic_fail_nth, device) if (_test_cmd_vdevice_alloc(self->fd, viommu_id, idev_id, 0, &vdev_id)) return -1; + if (_test_ioctl_fault_alloc(self->fd, &fault_id, &fault_fd)) + return -1; + close(fault_fd); + + if (_test_cmd_hwpt_alloc(self->fd, idev_id, hwpt_id, fault_id, + IOMMU_HWPT_FAULT_ID_VALID, &fault_hwpt_id, + IOMMU_HWPT_DATA_SELFTEST, &data, sizeof(data))) + return -1; + return 0; } -- 2.43.0 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v1 0/2] iommufd: Fix a small bug in fault.c 2024-12-03 8:02 [PATCH v1 0/2] iommufd: Fix a small bug in fault.c Nicolin Chen 2024-12-03 8:02 ` [PATCH v1 1/2] iommufd/fault: Fix out_fput in iommufd_fault_alloc() Nicolin Chen 2024-12-03 8:02 ` [PATCH v1 2/2] iommufd/selftest: Cover IOMMU_FAULT_QUEUE_ALLOC in iommufd_fail_nth Nicolin Chen @ 2024-12-03 16:23 ` Jason Gunthorpe 2 siblings, 0 replies; 5+ messages in thread From: Jason Gunthorpe @ 2024-12-03 16:23 UTC (permalink / raw) To: Nicolin Chen Cc: kevin.tian, baolu.lu, iommu, linux-kernel, linux-kselftest, shuah On Tue, Dec 03, 2024 at 12:02:53AM -0800, Nicolin Chen wrote: > There are a few patches in vIRQ series that rework the fault.c file. So, > we should fix this before that bigger series touches the same code. > > And add missing coverage for IOMMU_FAULT_QUEUE_ALLOC in iommufd_fail_nth. > > Thanks! > Nicolin > > Nicolin Chen (2): > iommufd/fault: Fix out_fput in iommufd_fault_alloc() > iommufd/selftest: Cover IOMMU_FAULT_QUEUE_ALLOC in iommufd_fail_nth Applied to for-rc, thanks Jason ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-12-03 16:23 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-12-03 8:02 [PATCH v1 0/2] iommufd: Fix a small bug in fault.c Nicolin Chen 2024-12-03 8:02 ` [PATCH v1 1/2] iommufd/fault: Fix out_fput in iommufd_fault_alloc() Nicolin Chen 2024-12-03 9:52 ` Yi Liu 2024-12-03 8:02 ` [PATCH v1 2/2] iommufd/selftest: Cover IOMMU_FAULT_QUEUE_ALLOC in iommufd_fail_nth Nicolin Chen 2024-12-03 16:23 ` [PATCH v1 0/2] iommufd: Fix a small bug in fault.c Jason Gunthorpe
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.