From: Eric Farman <farman@linux.ibm.com>
To: "Zeng, Xin" <xin.zeng@intel.com>, Christoph Hellwig <hch@lst.de>,
Kirti Wankhede <kwankhede@nvidia.com>,
Tony Krowiak <akrowiak@linux.ibm.com>,
Halil Pasic <pasic@linux.ibm.com>,
Jason Herne <jjherne@linux.ibm.com>,
Matthew Rosato <mjrosato@linux.ibm.com>,
Zhenyu Wang <zhenyuw@linux.intel.com>,
"Wang, Zhi A" <zhi.a.wang@intel.com>,
Alex Williamson <alex.williamson@redhat.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"intel-gvt-dev@lists.freedesktop.org"
<intel-gvt-dev@lists.freedesktop.org>,
"Tian, Kevin" <kevin.tian@intel.com>
Subject: Re: [PATCH 05/14] vfio/mdev: simplify mdev_type handling
Date: Tue, 23 Aug 2022 14:07:02 -0400 [thread overview]
Message-ID: <83cce81d95cf85468f9ac2aabda495b0cf20e1ca.camel@linux.ibm.com> (raw)
In-Reply-To: <DM4PR11MB5502308793A102A470A91CF888709@DM4PR11MB5502.namprd11.prod.outlook.com>
On Tue, 2022-08-23 at 05:53 +0000, Zeng, Xin wrote:
> On Monday, August 22, 2022 2:22 PM, Christoph Hellwig <hch@lst.de>
> wrote:
>
> > /*
> > * Used in mdev_type_attribute sysfs functions to return the
> > parent struct
> > * device
> > @@ -85,6 +65,8 @@ static int mdev_device_remove_cb(struct device
> > *dev,
> > void *data)
> > * @parent: parent structure registered
> > * @dev: device structure representing parent device.
> > * @mdev_driver: Device driver to bind to the newly created mdev
> > + * @types: Array of supported mdev types
> > + * @nr_types: Number of entries in @types
> > *
> > * Registers the @parent stucture as a parent for mdev types and
> > thus mdev
> > * devices. The caller needs to hold a reference on @dev that
> > must not be
> > @@ -93,20 +75,19 @@ static int mdev_device_remove_cb(struct device
> > *dev, void *data)
> > * Returns a negative value on error, otherwise 0.
> > */
> > int mdev_register_parent(struct mdev_parent *parent, struct device
> > *dev,
> > - struct mdev_driver *mdev_driver)
> > + struct mdev_driver *mdev_driver, struct mdev_type
> > **types,
> > + unsigned int nr_types)
> > {
> > char *env_string = "MDEV_STATE=registered";
> > char *envp[] = { env_string, NULL };
> > int ret;
> >
> > - /* check for mandatory ops */
> > - if (!mdev_driver->supported_type_groups)
> > - return -EINVAL;
> > -
> > memset(parent, 0, sizeof(*parent));
> > init_rwsem(&parent->unreg_sem);
> > parent->dev = dev;
> > parent->mdev_driver = mdev_driver;
> > + parent->types = types;
>
> This would potentially introduce a bug. Types is passed from the
> parent and memory reserved for it is
> managed by the parent driver, while if you are doing so, it will be
> freed when types->kobj is released in
> mdev module, i.e. in mdev_type_release, types will be freed as a
> chunk of memory in heap.
> This will lead to unpredictable behavior and require a fix, either
> in here or in mdev_type_release.
I can confirm that this is still broken.
https://lore.kernel.org/r/65746aea193d4a814f895eca4b00b72cf29ac8f9.camel@linux.ibm.com/
Thanks,
Eric
>
> Thanks,
> Xin
>
> > + parent->nr_types = nr_types;
> >
> > if (!mdev_bus_compat_class) {
> > mdev_bus_compat_class =
> > class_compat_register("mdev_bus");
> > +static int mdev_type_add(struct mdev_parent *parent, struct
> > mdev_type
> > *type)
> > {
> > - struct mdev_type *type;
> > - struct attribute_group *group =
> > - parent->mdev_driver-
> > > supported_type_groups[type_group_id];
> > int ret;
> >
> > - if (!group->name) {
> > - pr_err("%s: Type name empty!\n", __func__);
> > - return ERR_PTR(-EINVAL);
> > - }
> > -
> > - type = kzalloc(sizeof(*type), GFP_KERNEL);
> > - if (!type)
> > - return ERR_PTR(-ENOMEM);
> > -
> > type->kobj.kset = parent->mdev_types_kset;
> > type->parent = parent;
> > /* Pairs with the put in mdev_type_release() */
> > get_device(parent->dev);
> > - type->type_group_id = type_group_id;
> >
> > ret = kobject_init_and_add(&type->kobj, &mdev_type_ktype,
> > NULL,
> > "%s-%s",
> > dev_driver_string(parent->dev),
> > - group->name);
> > + type->sysfs_name);
> > if (ret) {
> > kobject_put(&type->kobj);
> > - return ERR_PTR(ret);
> > + return ret;
> > }
> >
> > ret = sysfs_create_file(&type->kobj,
> > &mdev_type_attr_create.attr);
next prev parent reply other threads:[~2022-08-23 19:24 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-22 6:21 simplify the mdev interface v7 Christoph Hellwig
2022-08-22 6:21 ` [PATCH 01/14] drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types Christoph Hellwig
2022-08-22 6:21 ` [PATCH 02/14] drm/i915/gvt: simplify vgpu configuration management Christoph Hellwig
2022-08-22 6:21 ` [PATCH 03/14] vfio/mdev: make mdev.h standalone includable Christoph Hellwig
2022-08-23 15:15 ` Anthony Krowiak
2022-08-23 18:02 ` Eric Farman
2022-08-22 6:21 ` [PATCH 04/14] vfio/mdev: embedd struct mdev_parent in the parent data structure Christoph Hellwig
2022-08-23 15:47 ` Anthony Krowiak
2022-08-23 18:06 ` Eric Farman
2022-08-22 6:21 ` [PATCH 05/14] vfio/mdev: simplify mdev_type handling Christoph Hellwig
2022-08-23 5:53 ` Zeng, Xin
2022-08-23 18:07 ` Eric Farman [this message]
2022-08-24 14:26 ` Anthony Krowiak
2022-08-22 6:22 ` [PATCH 06/14] vfio/mdev: remove mdev_from_dev Christoph Hellwig
2022-08-22 6:22 ` [PATCH 07/14] vfio/mdev: unexport mdev_bus_type Christoph Hellwig
2022-08-22 6:22 ` [PATCH 08/14] vfio/mdev: remove mdev_parent_dev Christoph Hellwig
2022-08-22 6:22 ` [PATCH 09/14] vfio/mdev: remove mtype_get_parent_dev Christoph Hellwig
2022-08-22 6:22 ` [PATCH 10/14] vfio/mdev: consolidate all the device_api sysfs into the core code Christoph Hellwig
2022-08-23 15:59 ` Anthony Krowiak
2022-08-22 6:22 ` [PATCH 11/14] vfio/mdev: consolidate all the name " Christoph Hellwig
2022-08-23 16:23 ` Anthony Krowiak
2022-08-22 6:22 ` [PATCH 12/14] vfio/mdev: consolidate all the available_instance " Christoph Hellwig
2022-08-22 6:22 ` [PATCH 13/14] vfio/mdev: consolidate all the description " Christoph Hellwig
2022-08-22 6:22 ` [PATCH 14/14] vfio/mdev: add mdev available instance checking to the core Christoph Hellwig
2022-08-23 18:07 ` Eric Farman
-- strict thread matches above, loose matches on Subject: below --
2022-09-23 9:26 simplify the mdev interface v8 Christoph Hellwig
2022-09-23 9:26 ` [PATCH 05/14] vfio/mdev: simplify mdev_type handling Christoph Hellwig
2022-09-27 1:28 ` Eric Farman
2022-07-09 4:54 simplify the mdev interface v6 Christoph Hellwig
2022-07-09 4:54 ` [PATCH 05/14] vfio/mdev: simplify mdev_type handling Christoph Hellwig
2022-07-20 20:47 ` Eric Farman
2022-07-04 12:51 simplify the mdev interface v4 Christoph Hellwig
2022-07-04 12:51 ` [PATCH 05/14] vfio/mdev: simplify mdev_type handling Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83cce81d95cf85468f9ac2aabda495b0cf20e1ca.camel@linux.ibm.com \
--to=farman@linux.ibm.com \
--cc=akrowiak@linux.ibm.com \
--cc=alex.williamson@redhat.com \
--cc=hch@lst.de \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=jgg@nvidia.com \
--cc=jjherne@linux.ibm.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=kwankhede@nvidia.com \
--cc=linux-s390@vger.kernel.org \
--cc=mjrosato@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=xin.zeng@intel.com \
--cc=zhenyuw@linux.intel.com \
--cc=zhi.a.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox