From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Tony Krowiak <akrowiak@linux.ibm.com>,
linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: cohuck@redhat.com, pasic@linux.vnet.ibm.com,
jjherne@linux.ibm.com, jgg@nvidia.com,
alex.williamson@redhat.com, kwankhede@nvidia.com,
frankja@linux.ibm.com, david@redhat.com, imbrenda@linux.ibm.com,
hca@linux.ibm.com
Subject: Re: [PATCH v4 0/2] s390/vfio-ap: fix memory leak in mdev remove callback
Date: Mon, 14 Jun 2021 09:51:12 +0200 [thread overview]
Message-ID: <b5ff6818-fb8c-3d50-2d2e-d3992be1644b@de.ibm.com> (raw)
In-Reply-To: <20210521193648.940864-1-akrowiak@linux.ibm.com>
On 21.05.21 21:36, Tony Krowiak wrote:
> Fixes a memory leak in the mdev remove callback when invoked while the
> mdev is in use by a KVM guest. Instead of returning -EBUSY from the
> callback, a full cleanup of the resources allocated to the mdev is
> performed because regardless of the value returned from the function, the
> mdev is removed from sysfs.
>
> The cleanup of resources allocated to the mdev may coincide with the
> interception of the PQAP(AQIC) instruction in which case data needed to
> handle the interception may get removed. A patch is included in this series
> to synchronize access to resources needed by the interception handler to
> protect against invalid memory accesses.
>
> The first pass (PATCH v3) at trying to synchronize access to the pqap
> function pointer employed RCU. The problem is, the RCU read-side critical
> section would have to include the execution of the pqap function which
> sleeps; RCU disallows sleeping inside an RCU region. When I subsequently
> tried to encompass the pqap function within the
> rcu_read_lock/rcu_read_unlock, I ended up seeing lockdep warnings in the
> syslog.
>
> It was suggested that we use an rw_semaphore to synchronize access to
> the pqap hook, but I also ran into similar lockdep complaints something
> like the following:
>
> Possible unsafe locking scenario:
>
> CPU0 CPU1
> ---- ----
> down_read(&rwsem)
> in handle_pqap (priv.c);
>
> lock(&matrix_dev->lock);
> in vfio_ap_mdev_set_kvm (vfio_ap_ops.c)
>
> down_write(&rwsem;
> in vfio_ap_mdev_set_kvm (vfio_ap_ops.c)
>
> lock(&matrix_dev->lock);
> in handle_pqap(vfio_ap_ops.c)
>
> Access to the mdev must be done under the matrix_dev->lock to ensure that
> it doesn't get freed via the remove callback while in use. This appears
> to be mutually exclusive with setting/unsetting the pqap_hook pointer
> due to lockdep issues.
>
> The solution:
> ------------
> The lifetime of the handle_pqap function (vfio_ap_ops) is syncrhonous
> with the lifetime of the vfio_ap module, so there really is not reason
> to tie the setting/clearing of its function pointer with the lifetime
> of a guest or even an mdev. If the function pointer is set when the
> vfio_ap module is loaded and cleared when the vfio_ap module is unloaded,
> then access to it can be protected independently from mdev creation or
> removal as well as the starting or shutdown of a guest. As long as
> access to the mdev is always controlled by the matrix_dev->lock, the
> mdev can not be freed without other functions being aware.
>
> Change log:
> v3 -> v4:
> --------
> * Created a registry for crypto hooks in priv.c with functions for
> registering/unregistering function pointers in kvm_host.h (for s390).
>
> * Register the function pointer for handling the PQAP instruction when
> the vfio_ap module is loaded and unregister it when the module is
> unloaded.
Was there a v5? I cannot find it.
next prev parent reply other threads:[~2021-06-14 7:51 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-21 19:36 [PATCH v4 0/2] s390/vfio-ap: fix memory leak in mdev remove callback Tony Krowiak
2021-05-21 19:36 ` [PATCH v4 1/2] " Tony Krowiak
2021-05-25 13:03 ` Halil Pasic
2021-05-25 13:22 ` Tony Krowiak
2021-05-26 12:37 ` Tony Krowiak
2021-05-21 19:36 ` [PATCH v4 2/2] s390/vfio-ap: control access to PQAP(AQIC) interception handler Tony Krowiak
2021-05-23 22:57 ` Jason Gunthorpe
2021-05-25 14:59 ` Tony Krowiak
2021-05-25 15:00 ` Jason Gunthorpe
2021-05-24 14:37 ` Jason J. Herne
2021-05-25 13:16 ` Tony Krowiak
2021-05-25 13:19 ` Jason Gunthorpe
2021-05-25 15:08 ` Tony Krowiak
2021-05-25 15:11 ` Jason Gunthorpe
2021-05-25 15:56 ` Tony Krowiak
2021-05-25 16:29 ` Jason Gunthorpe
2021-05-27 2:28 ` Tony Krowiak
2021-05-27 11:24 ` Jason Gunthorpe
2021-05-25 13:24 ` Jason J. Herne
2021-05-25 13:26 ` Jason Gunthorpe
2021-05-25 14:07 ` Jason J. Herne
2021-05-25 14:16 ` Jason Gunthorpe
2021-06-14 7:51 ` Christian Borntraeger [this message]
2021-06-16 14:24 ` [PATCH v4 0/2] s390/vfio-ap: fix memory leak in mdev remove callback Tony Krowiak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b5ff6818-fb8c-3d50-2d2e-d3992be1644b@de.ibm.com \
--to=borntraeger@de.ibm.com \
--cc=akrowiak@linux.ibm.com \
--cc=alex.williamson@redhat.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=jgg@nvidia.com \
--cc=jjherne@linux.ibm.com \
--cc=kwankhede@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=pasic@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox