* [PATCH AUTOSEL 5.12 39/43] virtio-blk: Fix memory leak among suspend/resume procedure
[not found] <20210710234915.3220342-1-sashal@kernel.org>
@ 2021-07-10 23:49 ` Sasha Levin
2021-07-10 23:49 ` [PATCH AUTOSEL 5.12 40/43] virtio_net: Fix error handling in virtnet_restore() Sasha Levin
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Sasha Levin @ 2021-07-10 23:49 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sasha Levin, Michael S . Tsirkin, virtualization, linux-block,
Xie Yongji
From: Xie Yongji <xieyongji@bytedance.com>
[ Upstream commit b71ba22e7c6c6b279c66f53ee7818709774efa1f ]
The vblk->vqs should be freed before we call init_vqs()
in virtblk_restore().
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Link: https://lore.kernel.org/r/20210517084332.280-1-xieyongji@bytedance.com
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/virtio_blk.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index b9fa3ef5b57c..425bae618131 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -948,6 +948,8 @@ static int virtblk_freeze(struct virtio_device *vdev)
blk_mq_quiesce_queue(vblk->disk->queue);
vdev->config->del_vqs(vdev);
+ kfree(vblk->vqs);
+
return 0;
}
--
2.30.2
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH AUTOSEL 5.12 40/43] virtio_net: Fix error handling in virtnet_restore()
[not found] <20210710234915.3220342-1-sashal@kernel.org>
2021-07-10 23:49 ` [PATCH AUTOSEL 5.12 39/43] virtio-blk: Fix memory leak among suspend/resume procedure Sasha Levin
@ 2021-07-10 23:49 ` Sasha Levin
2021-07-10 23:49 ` [PATCH AUTOSEL 5.12 41/43] virtio_console: Assure used length from device is limited Sasha Levin
2021-07-10 23:49 ` [PATCH AUTOSEL 5.12 42/43] virtio: fix up virtio_disable_cb Sasha Levin
3 siblings, 0 replies; 6+ messages in thread
From: Sasha Levin @ 2021-07-10 23:49 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sasha Levin, Michael S . Tsirkin, netdev, virtualization,
Xie Yongji
From: Xie Yongji <xieyongji@bytedance.com>
[ Upstream commit 3f2869cace829fb4b80fc53b3ddaa7f4ba9acbf1 ]
Do some cleanups in virtnet_restore() when virtnet_cpu_notif_add() failed.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Link: https://lore.kernel.org/r/20210517084516.332-1-xieyongji@bytedance.com
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/virtio_net.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 0824e6999e49..9007d73863d0 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -3223,8 +3223,11 @@ static __maybe_unused int virtnet_restore(struct virtio_device *vdev)
virtnet_set_queues(vi, vi->curr_queue_pairs);
err = virtnet_cpu_notif_add(vi);
- if (err)
+ if (err) {
+ virtnet_freeze_down(vdev);
+ remove_vq_common(vi);
return err;
+ }
return 0;
}
--
2.30.2
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH AUTOSEL 5.12 41/43] virtio_console: Assure used length from device is limited
[not found] <20210710234915.3220342-1-sashal@kernel.org>
2021-07-10 23:49 ` [PATCH AUTOSEL 5.12 39/43] virtio-blk: Fix memory leak among suspend/resume procedure Sasha Levin
2021-07-10 23:49 ` [PATCH AUTOSEL 5.12 40/43] virtio_net: Fix error handling in virtnet_restore() Sasha Levin
@ 2021-07-10 23:49 ` Sasha Levin
2021-07-10 23:49 ` [PATCH AUTOSEL 5.12 42/43] virtio: fix up virtio_disable_cb Sasha Levin
3 siblings, 0 replies; 6+ messages in thread
From: Sasha Levin @ 2021-07-10 23:49 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sasha Levin, Xie Yongji, virtualization, Michael S . Tsirkin
From: Xie Yongji <xieyongji@bytedance.com>
[ Upstream commit d00d8da5869a2608e97cfede094dfc5e11462a46 ]
The buf->len might come from an untrusted device. This
ensures the value would not exceed the size of the buffer
to avoid data corruption or loss.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Link: https://lore.kernel.org/r/20210525125622.1203-1-xieyongji@bytedance.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/virtio_console.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 1836cc56e357..673522874cec 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -475,7 +475,7 @@ static struct port_buffer *get_inbuf(struct port *port)
buf = virtqueue_get_buf(port->in_vq, &len);
if (buf) {
- buf->len = len;
+ buf->len = min_t(size_t, len, buf->size);
buf->offset = 0;
port->stats.bytes_received += len;
}
@@ -1712,7 +1712,7 @@ static void control_work_handler(struct work_struct *work)
while ((buf = virtqueue_get_buf(vq, &len))) {
spin_unlock(&portdev->c_ivq_lock);
- buf->len = len;
+ buf->len = min_t(size_t, len, buf->size);
buf->offset = 0;
handle_control_message(vq->vdev, portdev, buf);
--
2.30.2
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH AUTOSEL 5.12 42/43] virtio: fix up virtio_disable_cb
[not found] <20210710234915.3220342-1-sashal@kernel.org>
` (2 preceding siblings ...)
2021-07-10 23:49 ` [PATCH AUTOSEL 5.12 41/43] virtio_console: Assure used length from device is limited Sasha Levin
@ 2021-07-10 23:49 ` Sasha Levin
2021-07-11 4:23 ` Michael S. Tsirkin
3 siblings, 1 reply; 6+ messages in thread
From: Sasha Levin @ 2021-07-10 23:49 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Sasha Levin, virtualization, Michael S. Tsirkin
From: "Michael S. Tsirkin" <mst@redhat.com>
[ Upstream commit 8d622d21d24803408b256d96463eac4574dcf067 ]
virtio_disable_cb is currently a nop for split ring with event index.
This is because it used to be always called from a callback when we know
device won't trigger more events until we update the index. However,
now that we run with interrupts enabled a lot we also poll without a
callback so that is different: disabling callbacks will help reduce the
number of spurious interrupts.
Further, if using event index with a packed ring, and if being called
from a callback, we actually do disable interrupts which is unnecessary.
Fix both issues by tracking whenever we get a callback. If that is
the case disabling interrupts with event index can be a nop.
If not the case disable interrupts. Note: with a split ring
there's no explicit "no interrupts" value. For now we write
a fixed value so our chance of triggering an interupt
is 1/ring size. It's probably better to write something
related to the last used index there to reduce the chance
even further. For now I'm keeping it simple.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/virtio/virtio_ring.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index 71e16b53e9c1..88f0b16b11b8 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -113,6 +113,9 @@ struct vring_virtqueue {
/* Last used index we've seen. */
u16 last_used_idx;
+ /* Hint for event idx: already triggered no need to disable. */
+ bool event_triggered;
+
union {
/* Available for split ring */
struct {
@@ -739,7 +742,10 @@ static void virtqueue_disable_cb_split(struct virtqueue *_vq)
if (!(vq->split.avail_flags_shadow & VRING_AVAIL_F_NO_INTERRUPT)) {
vq->split.avail_flags_shadow |= VRING_AVAIL_F_NO_INTERRUPT;
- if (!vq->event)
+ if (vq->event)
+ /* TODO: this is a hack. Figure out a cleaner value to write. */
+ vring_used_event(&vq->split.vring) = 0x0;
+ else
vq->split.vring.avail->flags =
cpu_to_virtio16(_vq->vdev,
vq->split.avail_flags_shadow);
@@ -1605,6 +1611,7 @@ static struct virtqueue *vring_create_virtqueue_packed(
vq->weak_barriers = weak_barriers;
vq->broken = false;
vq->last_used_idx = 0;
+ vq->event_triggered = false;
vq->num_added = 0;
vq->packed_ring = true;
vq->use_dma_api = vring_use_dma_api(vdev);
@@ -1919,6 +1926,12 @@ void virtqueue_disable_cb(struct virtqueue *_vq)
{
struct vring_virtqueue *vq = to_vvq(_vq);
+ /* If device triggered an event already it won't trigger one again:
+ * no need to disable.
+ */
+ if (vq->event_triggered)
+ return;
+
if (vq->packed_ring)
virtqueue_disable_cb_packed(_vq);
else
@@ -1942,6 +1955,9 @@ unsigned virtqueue_enable_cb_prepare(struct virtqueue *_vq)
{
struct vring_virtqueue *vq = to_vvq(_vq);
+ if (vq->event_triggered)
+ vq->event_triggered = false;
+
return vq->packed_ring ? virtqueue_enable_cb_prepare_packed(_vq) :
virtqueue_enable_cb_prepare_split(_vq);
}
@@ -2005,6 +2021,9 @@ bool virtqueue_enable_cb_delayed(struct virtqueue *_vq)
{
struct vring_virtqueue *vq = to_vvq(_vq);
+ if (vq->event_triggered)
+ vq->event_triggered = false;
+
return vq->packed_ring ? virtqueue_enable_cb_delayed_packed(_vq) :
virtqueue_enable_cb_delayed_split(_vq);
}
@@ -2044,6 +2063,10 @@ irqreturn_t vring_interrupt(int irq, void *_vq)
if (unlikely(vq->broken))
return IRQ_HANDLED;
+ /* Just a hint for performance: so it's ok that this can be racy! */
+ if (vq->event)
+ vq->event_triggered = true;
+
pr_debug("virtqueue callback for %p (%p)\n", vq, vq->vq.callback);
if (vq->vq.callback)
vq->vq.callback(&vq->vq);
@@ -2083,6 +2106,7 @@ struct virtqueue *__vring_new_virtqueue(unsigned int index,
vq->weak_barriers = weak_barriers;
vq->broken = false;
vq->last_used_idx = 0;
+ vq->event_triggered = false;
vq->num_added = 0;
vq->use_dma_api = vring_use_dma_api(vdev);
#ifdef DEBUG
--
2.30.2
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH AUTOSEL 5.12 42/43] virtio: fix up virtio_disable_cb
2021-07-10 23:49 ` [PATCH AUTOSEL 5.12 42/43] virtio: fix up virtio_disable_cb Sasha Levin
@ 2021-07-11 4:23 ` Michael S. Tsirkin
2021-07-18 1:41 ` Sasha Levin
0 siblings, 1 reply; 6+ messages in thread
From: Michael S. Tsirkin @ 2021-07-11 4:23 UTC (permalink / raw)
To: Sasha Levin; +Cc: linux-kernel, stable, virtualization
On Sat, Jul 10, 2021 at 07:49:14PM -0400, Sasha Levin wrote:
> From: "Michael S. Tsirkin" <mst@redhat.com>
>
> [ Upstream commit 8d622d21d24803408b256d96463eac4574dcf067 ]
>
> virtio_disable_cb is currently a nop for split ring with event index.
> This is because it used to be always called from a callback when we know
> device won't trigger more events until we update the index. However,
> now that we run with interrupts enabled a lot we also poll without a
> callback so that is different: disabling callbacks will help reduce the
> number of spurious interrupts.
> Further, if using event index with a packed ring, and if being called
> from a callback, we actually do disable interrupts which is unnecessary.
>
> Fix both issues by tracking whenever we get a callback. If that is
> the case disabling interrupts with event index can be a nop.
> If not the case disable interrupts. Note: with a split ring
> there's no explicit "no interrupts" value. For now we write
> a fixed value so our chance of triggering an interupt
> is 1/ring size. It's probably better to write something
> related to the last used index there to reduce the chance
> even further. For now I'm keeping it simple.
>
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
I am not sure we want this in stable yet. It should in theory
fix the reported interrupt storms but the reporter is on vacation.
> ---
> drivers/virtio/virtio_ring.c | 26 +++++++++++++++++++++++++-
> 1 file changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
> index 71e16b53e9c1..88f0b16b11b8 100644
> --- a/drivers/virtio/virtio_ring.c
> +++ b/drivers/virtio/virtio_ring.c
> @@ -113,6 +113,9 @@ struct vring_virtqueue {
> /* Last used index we've seen. */
> u16 last_used_idx;
>
> + /* Hint for event idx: already triggered no need to disable. */
> + bool event_triggered;
> +
> union {
> /* Available for split ring */
> struct {
> @@ -739,7 +742,10 @@ static void virtqueue_disable_cb_split(struct virtqueue *_vq)
>
> if (!(vq->split.avail_flags_shadow & VRING_AVAIL_F_NO_INTERRUPT)) {
> vq->split.avail_flags_shadow |= VRING_AVAIL_F_NO_INTERRUPT;
> - if (!vq->event)
> + if (vq->event)
> + /* TODO: this is a hack. Figure out a cleaner value to write. */
> + vring_used_event(&vq->split.vring) = 0x0;
> + else
> vq->split.vring.avail->flags =
> cpu_to_virtio16(_vq->vdev,
> vq->split.avail_flags_shadow);
> @@ -1605,6 +1611,7 @@ static struct virtqueue *vring_create_virtqueue_packed(
> vq->weak_barriers = weak_barriers;
> vq->broken = false;
> vq->last_used_idx = 0;
> + vq->event_triggered = false;
> vq->num_added = 0;
> vq->packed_ring = true;
> vq->use_dma_api = vring_use_dma_api(vdev);
> @@ -1919,6 +1926,12 @@ void virtqueue_disable_cb(struct virtqueue *_vq)
> {
> struct vring_virtqueue *vq = to_vvq(_vq);
>
> + /* If device triggered an event already it won't trigger one again:
> + * no need to disable.
> + */
> + if (vq->event_triggered)
> + return;
> +
> if (vq->packed_ring)
> virtqueue_disable_cb_packed(_vq);
> else
> @@ -1942,6 +1955,9 @@ unsigned virtqueue_enable_cb_prepare(struct virtqueue *_vq)
> {
> struct vring_virtqueue *vq = to_vvq(_vq);
>
> + if (vq->event_triggered)
> + vq->event_triggered = false;
> +
> return vq->packed_ring ? virtqueue_enable_cb_prepare_packed(_vq) :
> virtqueue_enable_cb_prepare_split(_vq);
> }
> @@ -2005,6 +2021,9 @@ bool virtqueue_enable_cb_delayed(struct virtqueue *_vq)
> {
> struct vring_virtqueue *vq = to_vvq(_vq);
>
> + if (vq->event_triggered)
> + vq->event_triggered = false;
> +
> return vq->packed_ring ? virtqueue_enable_cb_delayed_packed(_vq) :
> virtqueue_enable_cb_delayed_split(_vq);
> }
> @@ -2044,6 +2063,10 @@ irqreturn_t vring_interrupt(int irq, void *_vq)
> if (unlikely(vq->broken))
> return IRQ_HANDLED;
>
> + /* Just a hint for performance: so it's ok that this can be racy! */
> + if (vq->event)
> + vq->event_triggered = true;
> +
> pr_debug("virtqueue callback for %p (%p)\n", vq, vq->vq.callback);
> if (vq->vq.callback)
> vq->vq.callback(&vq->vq);
> @@ -2083,6 +2106,7 @@ struct virtqueue *__vring_new_virtqueue(unsigned int index,
> vq->weak_barriers = weak_barriers;
> vq->broken = false;
> vq->last_used_idx = 0;
> + vq->event_triggered = false;
> vq->num_added = 0;
> vq->use_dma_api = vring_use_dma_api(vdev);
> #ifdef DEBUG
> --
> 2.30.2
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH AUTOSEL 5.12 42/43] virtio: fix up virtio_disable_cb
2021-07-11 4:23 ` Michael S. Tsirkin
@ 2021-07-18 1:41 ` Sasha Levin
0 siblings, 0 replies; 6+ messages in thread
From: Sasha Levin @ 2021-07-18 1:41 UTC (permalink / raw)
To: Michael S. Tsirkin; +Cc: linux-kernel, stable, virtualization
On Sun, Jul 11, 2021 at 12:23:59AM -0400, Michael S. Tsirkin wrote:
>On Sat, Jul 10, 2021 at 07:49:14PM -0400, Sasha Levin wrote:
>> From: "Michael S. Tsirkin" <mst@redhat.com>
>>
>> [ Upstream commit 8d622d21d24803408b256d96463eac4574dcf067 ]
>>
>> virtio_disable_cb is currently a nop for split ring with event index.
>> This is because it used to be always called from a callback when we know
>> device won't trigger more events until we update the index. However,
>> now that we run with interrupts enabled a lot we also poll without a
>> callback so that is different: disabling callbacks will help reduce the
>> number of spurious interrupts.
>> Further, if using event index with a packed ring, and if being called
>> from a callback, we actually do disable interrupts which is unnecessary.
>>
>> Fix both issues by tracking whenever we get a callback. If that is
>> the case disabling interrupts with event index can be a nop.
>> If not the case disable interrupts. Note: with a split ring
>> there's no explicit "no interrupts" value. For now we write
>> a fixed value so our chance of triggering an interupt
>> is 1/ring size. It's probably better to write something
>> related to the last used index there to reduce the chance
>> even further. For now I'm keeping it simple.
>>
>> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>
>I am not sure we want this in stable yet. It should in theory
>fix the reported interrupt storms but the reporter is on vacation.
Sure, I'll drop it for now. Let me know when you want it re-added.
Thanks!
--
Thanks,
Sasha
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 6+ messages in thread