[RFC,02/24] vhost-vdpa: fix vqs leak in vhost_vdpa_open()

Message ID	20200924032125.18619-3-jasowang@redhat.com
State	New
Headers	show Return-Path: <SRS0=kx4c=DB=vger.kernel.org=netdev-owner@kernel.org> From: Jason Wang <jasowang@redhat.com> To: mst@redhat.com, jasowang@redhat.com Cc: lulu@redhat.com, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, rob.miller@broadcom.com, lingshan.zhu@intel.com, eperezma@redhat.com, hanand@xilinx.com, mhabets@solarflare.com, eli@mellanox.com, amorenoz@redhat.com, maxime.coquelin@redhat.com, stefanha@redhat.com, sgarzare@redhat.com Subject: [RFC PATCH 02/24] vhost-vdpa: fix vqs leak in vhost_vdpa_open() Date: Thu, 24 Sep 2020 11:21:03 +0800 Message-Id: <20200924032125.18619-3-jasowang@redhat.com> In-Reply-To: <20200924032125.18619-1-jasowang@redhat.com> References: <20200924032125.18619-1-jasowang@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Control VQ support in vDPA \| expand [RFC,00/24] Control VQ support in vDPA [RFC,02/24] vhost-vdpa: fix vqs leak in vhost_vdpa_open() [RFC,04/24] virtio-vdpa: don't set callback if virtio doesn't need it [RFC,06/24] vhost-vdpa: switch to use vhost-vdpa specific IOTLB [RFC,08/24] vdpa: introduce virtqueue groups [RFC,10/24] vdpa: introduce config operations for associating ASID to a virtqueue group [RFC,12/24] vhost: support ASID in IOTLB API [RFC,14/24] vhost-vdpa: introduce uAPI to get the number of virtqueue groups [RFC,16/24] vhost-vdpa: uAPI to get virtqueue group id [RFC,18/24] vhost-vdpa: support ASID based IOTLB API [RFC,20/24] vdpa_sim: advertise VIRTIO_NET_F_MTU [RFC,22/24] vdpa_sim: factor out buffer completion logic [RFC,23/24] vdpa_sim: filter destination mac address

Message ID

20200924032125.18619-3-jasowang@redhat.com

State

New

Headers

From: Jason Wang <jasowang@redhat.com>
To: mst@redhat.com, jasowang@redhat.com
Cc: lulu@redhat.com, kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org, rob.miller@broadcom.com,
	lingshan.zhu@intel.com, eperezma@redhat.com, hanand@xilinx.com,
	mhabets@solarflare.com, eli@mellanox.com, amorenoz@redhat.com,
	maxime.coquelin@redhat.com, stefanha@redhat.com, sgarzare@redhat.com
Subject: [RFC PATCH 02/24] vhost-vdpa: fix vqs leak in vhost_vdpa_open()
Date: Thu, 24 Sep 2020 11:21:03 +0800
Message-Id: <20200924032125.18619-3-jasowang@redhat.com>
In-Reply-To: <20200924032125.18619-1-jasowang@redhat.com>
References: <20200924032125.18619-1-jasowang@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Control VQ support in vDPA | expand

We need to free vqs during the err path after it has been allocated since vhost won't do that for us. Signed-off-by: Jason Wang <jasowang@redhat.com> --- drivers/vhost/vdpa.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-)

Comments

Eli Cohen Sept. 24, 2020, 7:48 a.m. UTC | #1

On Thu, Sep 24, 2020 at 11:21:03AM +0800, Jason Wang wrote:
> We need to free vqs during the err path after it has been allocated

> since vhost won't do that for us.

> 

> Signed-off-by: Jason Wang <jasowang@redhat.com>

> ---

>  drivers/vhost/vdpa.c | 11 ++++++++---

>  1 file changed, 8 insertions(+), 3 deletions(-)

> 

> diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c

> index 796fe979f997..9c641274b9f3 100644

> --- a/drivers/vhost/vdpa.c

> +++ b/drivers/vhost/vdpa.c

> @@ -764,6 +764,12 @@ static void vhost_vdpa_free_domain(struct vhost_vdpa *v)

>  	v->domain = NULL;

>  }

>  

> +static void vhost_vdpa_cleanup(struct vhost_vdpa *v)

> +{

> +	vhost_dev_cleanup(&v->vdev);

> +	kfree(v->vdev.vqs);

> +}

> +


Wouldn't it be cleaner to call kfree(vqs) explicilty inside
vhost_vdpa_open() in case of failure and keep the symetry of
vhost_dev_init()/vhost_dev_cleanup()?

>  static int vhost_vdpa_open(struct inode *inode, struct file *filep)

>  {

>  	struct vhost_vdpa *v;

> @@ -809,7 +815,7 @@ static int vhost_vdpa_open(struct inode *inode, struct file *filep)

>  	return 0;

>  

>  err_init_iotlb:

> -	vhost_dev_cleanup(&v->vdev);

> +	vhost_vdpa_cleanup(v);

>  err:

>  	atomic_dec(&v->opened);

>  	return r;

> @@ -840,8 +846,7 @@ static int vhost_vdpa_release(struct inode *inode, struct file *filep)

>  	vhost_vdpa_free_domain(v);

>  	vhost_vdpa_config_put(v);

>  	vhost_vdpa_clean_irq(v);

> -	vhost_dev_cleanup(&v->vdev);

> -	kfree(v->vdev.vqs);

> +	vhost_vdpa_cleanup(v);

>  	mutex_unlock(&d->mutex);

>  

>  	atomic_dec(&v->opened);

> -- 

> 2.20.1

>

Michael S. Tsirkin Sept. 24, 2020, 9:31 a.m. UTC | #2

On Thu, Sep 24, 2020 at 11:21:03AM +0800, Jason Wang wrote:
> We need to free vqs during the err path after it has been allocated
> since vhost won't do that for us.
> 
> Signed-off-by: Jason Wang <jasowang@redhat.com>

This is a bugfix too right? I don't see it posted separately ...

> ---
>  drivers/vhost/vdpa.c | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
> index 796fe979f997..9c641274b9f3 100644
> --- a/drivers/vhost/vdpa.c
> +++ b/drivers/vhost/vdpa.c
> @@ -764,6 +764,12 @@ static void vhost_vdpa_free_domain(struct vhost_vdpa *v)
>  	v->domain = NULL;
>  }
>  
> +static void vhost_vdpa_cleanup(struct vhost_vdpa *v)
> +{
> +	vhost_dev_cleanup(&v->vdev);
> +	kfree(v->vdev.vqs);
> +}
> +
>  static int vhost_vdpa_open(struct inode *inode, struct file *filep)
>  {
>  	struct vhost_vdpa *v;
> @@ -809,7 +815,7 @@ static int vhost_vdpa_open(struct inode *inode, struct file *filep)
>  	return 0;
>  
>  err_init_iotlb:
> -	vhost_dev_cleanup(&v->vdev);
> +	vhost_vdpa_cleanup(v);
>  err:
>  	atomic_dec(&v->opened);
>  	return r;
> @@ -840,8 +846,7 @@ static int vhost_vdpa_release(struct inode *inode, struct file *filep)
>  	vhost_vdpa_free_domain(v);
>  	vhost_vdpa_config_put(v);
>  	vhost_vdpa_clean_irq(v);
> -	vhost_dev_cleanup(&v->vdev);
> -	kfree(v->vdev.vqs);
> +	vhost_vdpa_cleanup(v);
>  	mutex_unlock(&d->mutex);
>  
>  	atomic_dec(&v->opened);
> -- 
> 2.20.1

Jason Wang Sept. 25, 2020, 11:27 a.m. UTC | #3

On 2020/9/24 下午5:31, Michael S. Tsirkin wrote:
> On Thu, Sep 24, 2020 at 11:21:03AM +0800, Jason Wang wrote:
>> We need to free vqs during the err path after it has been allocated
>> since vhost won't do that for us.
>>
>> Signed-off-by: Jason Wang <jasowang@redhat.com>
> This is a bugfix too right? I don't see it posted separately ...


A patch that is functional equivalent is posted here:

https://www.mail-archive.com/virtualization@lists.linux-foundation.org/msg42558.html

I'm a little bit lazy to use that one since this patch is probably wrote 
before that one.

Thanks


>
>> ---
>>   drivers/vhost/vdpa.c | 11 ++++++++---
>>   1 file changed, 8 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
>> index 796fe979f997..9c641274b9f3 100644
>> --- a/drivers/vhost/vdpa.c
>> +++ b/drivers/vhost/vdpa.c
>> @@ -764,6 +764,12 @@ static void vhost_vdpa_free_domain(struct vhost_vdpa *v)
>>   	v->domain = NULL;
>>   }
>>   
>> +static void vhost_vdpa_cleanup(struct vhost_vdpa *v)
>> +{
>> +	vhost_dev_cleanup(&v->vdev);
>> +	kfree(v->vdev.vqs);
>> +}
>> +
>>   static int vhost_vdpa_open(struct inode *inode, struct file *filep)
>>   {
>>   	struct vhost_vdpa *v;
>> @@ -809,7 +815,7 @@ static int vhost_vdpa_open(struct inode *inode, struct file *filep)
>>   	return 0;
>>   
>>   err_init_iotlb:
>> -	vhost_dev_cleanup(&v->vdev);
>> +	vhost_vdpa_cleanup(v);
>>   err:
>>   	atomic_dec(&v->opened);
>>   	return r;
>> @@ -840,8 +846,7 @@ static int vhost_vdpa_release(struct inode *inode, struct file *filep)
>>   	vhost_vdpa_free_domain(v);
>>   	vhost_vdpa_config_put(v);
>>   	vhost_vdpa_clean_irq(v);
>> -	vhost_dev_cleanup(&v->vdev);
>> -	kfree(v->vdev.vqs);
>> +	vhost_vdpa_cleanup(v);
>>   	mutex_unlock(&d->mutex);
>>   
>>   	atomic_dec(&v->opened);
>> -- 
>> 2.20.1

Jason Wang Sept. 25, 2020, 11:41 a.m. UTC | #4

On 2020/9/24 下午3:48, Eli Cohen wrote:
> On Thu, Sep 24, 2020 at 11:21:03AM +0800, Jason Wang wrote:
>> We need to free vqs during the err path after it has been allocated
>> since vhost won't do that for us.
>>
>> Signed-off-by: Jason Wang <jasowang@redhat.com>
>> ---
>>   drivers/vhost/vdpa.c | 11 ++++++++---
>>   1 file changed, 8 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
>> index 796fe979f997..9c641274b9f3 100644
>> --- a/drivers/vhost/vdpa.c
>> +++ b/drivers/vhost/vdpa.c
>> @@ -764,6 +764,12 @@ static void vhost_vdpa_free_domain(struct vhost_vdpa *v)
>>   	v->domain = NULL;
>>   }
>>   
>> +static void vhost_vdpa_cleanup(struct vhost_vdpa *v)
>> +{
>> +	vhost_dev_cleanup(&v->vdev);
>> +	kfree(v->vdev.vqs);
>> +}
>> +
> Wouldn't it be cleaner to call kfree(vqs) explicilty inside
> vhost_vdpa_open() in case of failure and keep the symetry of
> vhost_dev_init()/vhost_dev_cleanup()?


That's also fine.

See 
https://www.mail-archive.com/virtualization@lists.linux-foundation.org/msg42558.html

I will use that for the next version.

Thanks.


>
>>   static int vhost_vdpa_open(struct inode *inode, struct file *filep)
>>   {
>>   	struct vhost_vdpa *v;
>> @@ -809,7 +815,7 @@ static int vhost_vdpa_open(struct inode *inode, struct file *filep)
>>   	return 0;
>>   
>>   err_init_iotlb:
>> -	vhost_dev_cleanup(&v->vdev);
>> +	vhost_vdpa_cleanup(v);
>>   err:
>>   	atomic_dec(&v->opened);
>>   	return r;
>> @@ -840,8 +846,7 @@ static int vhost_vdpa_release(struct inode *inode, struct file *filep)
>>   	vhost_vdpa_free_domain(v);
>>   	vhost_vdpa_config_put(v);
>>   	vhost_vdpa_clean_irq(v);
>> -	vhost_dev_cleanup(&v->vdev);
>> -	kfree(v->vdev.vqs);
>> +	vhost_vdpa_cleanup(v);
>>   	mutex_unlock(&d->mutex);
>>   
>>   	atomic_dec(&v->opened);
>> -- 
>> 2.20.1
>>

diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
index 796fe979f997..9c641274b9f3 100644
--- a/drivers/vhost/vdpa.c
+++ b/drivers/vhost/vdpa.c
@@ -764,6 +764,12 @@  static void vhost_vdpa_free_domain(struct vhost_vdpa *v)
 	v->domain = NULL;
 }
 
+static void vhost_vdpa_cleanup(struct vhost_vdpa *v)
+{
+	vhost_dev_cleanup(&v->vdev);
+	kfree(v->vdev.vqs);
+}
+
 static int vhost_vdpa_open(struct inode *inode, struct file *filep)
 {
 	struct vhost_vdpa *v;
@@ -809,7 +815,7 @@  static int vhost_vdpa_open(struct inode *inode, struct file *filep)
 	return 0;
 
 err_init_iotlb:
-	vhost_dev_cleanup(&v->vdev);
+	vhost_vdpa_cleanup(v);
 err:
 	atomic_dec(&v->opened);
 	return r;
@@ -840,8 +846,7 @@  static int vhost_vdpa_release(struct inode *inode, struct file *filep)
 	vhost_vdpa_free_domain(v);
 	vhost_vdpa_config_put(v);
 	vhost_vdpa_clean_irq(v);
-	vhost_dev_cleanup(&v->vdev);
-	kfree(v->vdev.vqs);
+	vhost_vdpa_cleanup(v);
 	mutex_unlock(&d->mutex);
 
 	atomic_dec(&v->opened);

[RFC,02/24] vhost-vdpa: fix vqs leak in vhost_vdpa_open()

Commit Message

Comments

Patch