From: Alex Williamson <alex.williamson@redhat.com>
To: Kirti Wankhede <kwankhede@nvidia.com>
Cc: Parav Pandit <parav@mellanox.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/8] vfio/mdev: Fix to not do put_device on device_register failure
Date: Mon, 25 Mar 2019 13:21:27 -0600 [thread overview]
Message-ID: <20190325132127.7430864b@x1.home> (raw)
In-Reply-To: <2c096714-74cd-48ff-496f-b3919990e3e5@nvidia.com>
On Mon, 25 Mar 2019 23:47:30 +0530
Kirti Wankhede <kwankhede@nvidia.com> wrote:
> On 3/23/2019 4:50 AM, Parav Pandit wrote:
> > device_register() performs put_device() if device_add() fails.
> > This balances with device_initialize().
> >
> > mdev core performing put_device() when device_register() fails,
> > is an error that puts already released device again.
> > Therefore, don't put the device on error.
> >
>
> device_add() on all errors doesn't call put_device(dev). It releases
> reference to its parent, put_device(parent), but not the device itself,
> put_device(dev).
Sort of, device_initialize() initializes the reference count to 1,
device_add() increments the reference count to 2 via the get_device()
and then drops it back to 1 on all exit paths. The oddity is the
failure path of get_device() itself, but that can only happen if passed
a NULL device, where put_device() is a no-op and not relevant here. So
in all cases device_register() returns with a reference count of 1 and
we need to call put_device() to free the allocated object. The below
change would leak the mdev on error. Thanks,
Alex
> > Fixes: 7b96953bc640 ("vfio: Mediated device Core driver")
> > Signed-off-by: Parav Pandit <parav@mellanox.com>
> > ---
> > drivers/vfio/mdev/mdev_core.c | 4 +---
> > 1 file changed, 1 insertion(+), 3 deletions(-)
> >
> > diff --git a/drivers/vfio/mdev/mdev_core.c b/drivers/vfio/mdev/mdev_core.c
> > index 0212f0e..3e5880a 100644
> > --- a/drivers/vfio/mdev/mdev_core.c
> > +++ b/drivers/vfio/mdev/mdev_core.c
> > @@ -318,10 +318,8 @@ int mdev_device_create(struct kobject *kobj, struct device *dev, uuid_le uuid)
> > dev_set_name(&mdev->dev, "%pUl", uuid.b);
> >
> > ret = device_register(&mdev->dev);
> > - if (ret) {
> > - put_device(&mdev->dev);
> > + if (ret)
> > goto mdev_fail;
> > - }
> >
> > ret = mdev_device_create_ops(kobj, mdev);
> > if (ret)
> >
next prev parent reply other threads:[~2019-03-25 19:21 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-22 23:20 [PATCH 0/8] vfio/mdev: Improve vfio/mdev core module Parav Pandit
2019-03-22 23:20 ` [PATCH 1/8] vfio/mdev: Fix to not do put_device on device_register failure Parav Pandit
2019-03-25 11:48 ` Maxim Levitsky
2019-03-25 18:17 ` Kirti Wankhede
2019-03-25 19:21 ` Alex Williamson [this message]
2019-03-25 21:11 ` Parav Pandit
2019-03-22 23:20 ` [PATCH 2/8] vfio/mdev: Avoid release parent reference during error path Parav Pandit
2019-03-25 11:49 ` Maxim Levitsky
2019-03-25 18:27 ` Kirti Wankhede
2019-03-22 23:20 ` [PATCH 3/8] vfio/mdev: Removed unused kref Parav Pandit
2019-03-25 11:50 ` Maxim Levitsky
2019-03-25 18:41 ` Kirti Wankhede
2019-03-22 23:20 ` [PATCH 4/8] vfio/mdev: Drop redundant extern for exported symbols Parav Pandit
2019-03-25 11:56 ` Maxim Levitsky
2019-03-25 19:07 ` Kirti Wankhede
2019-03-25 19:49 ` Alex Williamson
2019-03-25 21:27 ` Parav Pandit
2019-03-22 23:20 ` [PATCH 5/8] vfio/mdev: Avoid masking error code to EBUSY Parav Pandit
2019-03-25 11:57 ` Maxim Levitsky
2019-03-25 19:18 ` Kirti Wankhede
2019-03-25 21:29 ` Parav Pandit
2019-03-22 23:20 ` [PATCH 6/8] vfio/mdev: Follow correct remove sequence Parav Pandit
2019-03-25 11:58 ` Maxim Levitsky
2019-03-25 20:20 ` Alex Williamson
2019-03-25 21:31 ` Parav Pandit
2019-03-22 23:20 ` [PATCH 7/8] vfio/mdev: Fix aborting mdev child device removal if one fails Parav Pandit
2019-03-25 11:58 ` Maxim Levitsky
2019-03-25 19:35 ` Kirti Wankhede
2019-03-25 20:49 ` Alex Williamson
2019-03-25 21:36 ` Parav Pandit
2019-03-25 21:52 ` Alex Williamson
2019-03-25 22:07 ` Parav Pandit
2019-03-22 23:20 ` [PATCH 8/8] vfio/mdev: Improve the create/remove sequence Parav Pandit
2019-03-25 13:24 ` Maxim Levitsky
2019-03-25 21:42 ` Parav Pandit
2019-03-25 23:18 ` Alex Williamson
2019-03-25 23:34 ` Parav Pandit
2019-03-26 0:05 ` Alex Williamson
2019-03-26 1:43 ` Parav Pandit
2019-03-26 2:16 ` Alex Williamson
2019-03-26 3:19 ` Parav Pandit
2019-03-26 5:53 ` Parav Pandit
2019-03-26 15:21 ` Alex Williamson
2019-03-26 7:06 ` Kirti Wankhede
2019-03-26 15:26 ` Alex Williamson
2019-03-27 3:19 ` Parav Pandit
2019-03-26 15:30 ` Parav Pandit
2019-03-28 17:20 ` Kirti Wankhede
2019-03-29 14:49 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190325132127.7430864b@x1.home \
--to=alex.williamson@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=kwankhede@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=parav@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox