A splat from kmem_cache_destroy() was seen with a kernel prior to
commit ee2653bbe89d ("iommu/vt-d: Remove domain and devinfo mempool")
when there was a failure in init_dmars(), because the iommu_domain
cache still had objects. While the mempool code is now gone, there
still is a leak of the si_domain memory if init_dmars() fails. So
clean up si_domain in the init_dmars() error path.
Cc: Lu Baolu <[email protected]>
Cc: Joerg Roedel <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Robin Murphy <[email protected]>
Fixes: 86080ccc223a ("iommu/vt-d: Allocate si_domain in init_dmars()")
Signed-off-by: Jerry Snitselaar <[email protected]>
---
drivers/iommu/intel/iommu.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 31bc50e538a3..8f1f80a4d0c5 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -3042,6 +3042,8 @@ static int __init init_dmars(void)
disable_dmar_iommu(iommu);
free_dmar_iommu(iommu);
}
+ if (si_domain)
+ domain_exit(si_domain);
return ret;
}
--
2.37.2
On 2022/10/10 14:56, Jerry Snitselaar wrote:
> A splat from kmem_cache_destroy() was seen with a kernel prior to
> commit ee2653bbe89d ("iommu/vt-d: Remove domain and devinfo mempool")
> when there was a failure in init_dmars(), because the iommu_domain
> cache still had objects. While the mempool code is now gone, there
> still is a leak of the si_domain memory if init_dmars() fails. So
> clean up si_domain in the init_dmars() error path.
>
> Cc: Lu Baolu <[email protected]>
> Cc: Joerg Roedel <[email protected]>
> Cc: Will Deacon <[email protected]>
> Cc: Robin Murphy <[email protected]>
> Fixes: 86080ccc223a ("iommu/vt-d: Allocate si_domain in init_dmars()")
> Signed-off-by: Jerry Snitselaar <[email protected]>
> ---
> drivers/iommu/intel/iommu.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index 31bc50e538a3..8f1f80a4d0c5 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -3042,6 +3042,8 @@ static int __init init_dmars(void)
> disable_dmar_iommu(iommu);
> free_dmar_iommu(iommu);
> }
> + if (si_domain)
> + domain_exit(si_domain);
Thank you for the patch.
Above requires si_domain to be NULL or a valid pointer. So do you also
need to add the following change?
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -2410,6 +2410,7 @@ static int __init si_domain_init(int hw)
if (md_domain_init(si_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
domain_exit(si_domain);
+ si_domain = NULL;
return -EFAULT;
}
Best regards,
baolu
On Mon, Oct 10, 2022 at 07:32:43PM +0800, Baolu Lu wrote:
> On 2022/10/10 14:56, Jerry Snitselaar wrote:
> > A splat from kmem_cache_destroy() was seen with a kernel prior to
> > commit ee2653bbe89d ("iommu/vt-d: Remove domain and devinfo mempool")
> > when there was a failure in init_dmars(), because the iommu_domain
> > cache still had objects. While the mempool code is now gone, there
> > still is a leak of the si_domain memory if init_dmars() fails. So
> > clean up si_domain in the init_dmars() error path.
> >
> > Cc: Lu Baolu <[email protected]>
> > Cc: Joerg Roedel <[email protected]>
> > Cc: Will Deacon <[email protected]>
> > Cc: Robin Murphy <[email protected]>
> > Fixes: 86080ccc223a ("iommu/vt-d: Allocate si_domain in init_dmars()")
> > Signed-off-by: Jerry Snitselaar <[email protected]>
> > ---
> > drivers/iommu/intel/iommu.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> > index 31bc50e538a3..8f1f80a4d0c5 100644
> > --- a/drivers/iommu/intel/iommu.c
> > +++ b/drivers/iommu/intel/iommu.c
> > @@ -3042,6 +3042,8 @@ static int __init init_dmars(void)
> > disable_dmar_iommu(iommu);
> > free_dmar_iommu(iommu);
> > }
> > + if (si_domain)
> > + domain_exit(si_domain);
>
> Thank you for the patch.
>
> Above requires si_domain to be NULL or a valid pointer. So do you also
> need to add the following change?
>
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -2410,6 +2410,7 @@ static int __init si_domain_init(int hw)
>
> if (md_domain_init(si_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
> domain_exit(si_domain);
> + si_domain = NULL;
> return -EFAULT;
> }
>
> Best regards,
> baolu
Hi Baolu,
Yes. I think should add it after the domain_exit() call I added as well.
Regards,
Jerry
A splat from kmem_cache_destroy() was seen with a kernel prior to
commit ee2653bbe89d ("iommu/vt-d: Remove domain and devinfo mempool")
when there was a failure in init_dmars(), because the iommu_domain
cache still had objects. While the mempool code is now gone, there
still is a leak of the si_domain memory if init_dmars() fails. So
clean up si_domain in the init_dmars() error path.
Cc: Lu Baolu <[email protected]>
Cc: Joerg Roedel <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Robin Murphy <[email protected]>
Fixes: 86080ccc223a ("iommu/vt-d: Allocate si_domain in init_dmars()")
Signed-off-by: Jerry Snitselaar <[email protected]>
---
v2: Set si_domain to NULL after the memory it points to has been freed.
drivers/iommu/intel/iommu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 31bc50e538a3..ecc0b05b2796 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -2400,6 +2400,7 @@ static int __init si_domain_init(int hw)
if (md_domain_init(si_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
domain_exit(si_domain);
+ si_domain = NULL;
return -EFAULT;
}
@@ -3042,6 +3043,10 @@ static int __init init_dmars(void)
disable_dmar_iommu(iommu);
free_dmar_iommu(iommu);
}
+ if (si_domain) {
+ domain_exit(si_domain);
+ si_domain = NULL;
+ }
return ret;
}
--
2.37.2
On 10/10/22 10:48 PM, Jerry Snitselaar wrote:
> A splat from kmem_cache_destroy() was seen with a kernel prior to
> commit ee2653bbe89d ("iommu/vt-d: Remove domain and devinfo mempool")
> when there was a failure in init_dmars(), because the iommu_domain
> cache still had objects. While the mempool code is now gone, there
> still is a leak of the si_domain memory if init_dmars() fails. So
> clean up si_domain in the init_dmars() error path.
>
> Cc: Lu Baolu<[email protected]>
> Cc: Joerg Roedel<[email protected]>
> Cc: Will Deacon<[email protected]>
> Cc: Robin Murphy<[email protected]>
> Fixes: 86080ccc223a ("iommu/vt-d: Allocate si_domain in init_dmars()")
> Signed-off-by: Jerry Snitselaar<[email protected]>
Thanks for the patch. It has been queued for v6.1.
https://lore.kernel.org/linux-iommu/[email protected]/
Best regards,
baolu