Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935100Ab3FSS1c (ORCPT ); Wed, 19 Jun 2013 14:27:32 -0400 Received: from mx1.redhat.com ([209.132.183.28]:4097 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934963Ab3FSS13 (ORCPT ); Wed, 19 Jun 2013 14:27:29 -0400 Date: Wed, 19 Jun 2013 21:28:09 +0300 From: "Michael S. Tsirkin" To: Andrew Vagin Cc: virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Rusty Russell Subject: Re: [PATCH] virtio-pci: fix leaks of msix_affinity_masks Message-ID: <20130619182809.GC15017@redhat.com> References: <1371657588-2782922-1-git-send-email-avagin@openvz.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1371657588-2782922-1-git-send-email-avagin@openvz.org> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3626 Lines: 96 On Wed, Jun 19, 2013 at 07:59:48PM +0400, Andrew Vagin wrote: > vp_dev->msix_vectors should be initialized before allocating > msix_affinity_masks, otherwise vp_free_vectors will not free these > objects. > > unreferenced object 0xffff88010f969d88 (size 512): > comm "systemd-udevd", pid 158, jiffies 4294673645 (age 80.545s) > hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [] kmemleak_alloc+0x5e/0xc0 > [] kmem_cache_alloc_node_trace+0x141/0x2c0 > [] alloc_cpumask_var_node+0x23/0x80 > [] alloc_cpumask_var+0xe/0x10 > [] vp_try_to_find_vqs+0x25d/0x810 > [] vp_find_vqs+0x81/0xb0 > [] init_vqs+0x85/0x120 [virtio_balloon] > [] virtballoon_probe+0xf9/0x1a0 [virtio_balloon] > [] virtio_dev_probe+0xde/0x140 > [] driver_probe_device+0x98/0x3a0 > [] __driver_attach+0xab/0xb0 > [] bus_for_each_dev+0x94/0xb0 > [] driver_attach+0x1e/0x20 > [] bus_add_driver+0x200/0x280 > [] driver_register+0x74/0x160 > [] register_virtio_driver+0x20/0x40 > > Cc: Rusty Russell > Cc: "Michael S. Tsirkin" > Signed-off-by: Andrew Vagin > --- > drivers/virtio/virtio_pci.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/drivers/virtio/virtio_pci.c b/drivers/virtio/virtio_pci.c > index a7ce730..3c0a6ef 100644 > --- a/drivers/virtio/virtio_pci.c > +++ b/drivers/virtio/virtio_pci.c > @@ -309,6 +309,8 @@ static int vp_request_msix_vectors(struct virtio_device *vdev, int nvectors, > unsigned i, v; > int err = -ENOMEM; > > + vp_dev->msix_vectors = nvectors; > + > vp_dev->msix_entries = kmalloc(nvectors * sizeof *vp_dev->msix_entries, > GFP_KERNEL); > if (!vp_dev->msix_entries) > @@ -336,7 +338,6 @@ static int vp_request_msix_vectors(struct virtio_device *vdev, int nvectors, > err = -ENOSPC; > if (err) > goto error; > - vp_dev->msix_vectors = nvectors; > vp_dev->msix_enabled = 1; > > /* Set the vector used for configuration */ This introduces a bug. The assumption was that vp_free_vectors is only set if msix is successfully enabled, so it's not cleared by vp_free_vectors. So there are places like vp_synchronize_vectors that assume that msix_vectors is only set if msix works fine. If you change the assumption, and assign msix_vectors even if msix can later fail, need too clear it unconditionally. Like this (untested) Signed-off-by: Michael S. Tsirkin diff --git a/drivers/virtio/virtio_pci.c b/drivers/virtio/virtio_pci.c index 03564fe..4236d92 100644 --- a/drivers/virtio/virtio_pci.c +++ b/drivers/virtio/virtio_pci.c @@ -289,9 +289,9 @@ static void vp_free_vectors(struct virtio_device *vdev) pci_disable_msix(vp_dev->pci_dev); vp_dev->msix_enabled = 0; - vp_dev->msix_vectors = 0; } + vp_dev->msix_vectors = 0; vp_dev->msix_used_vectors = 0; kfree(vp_dev->msix_names); vp_dev->msix_names = NULL; > -- > 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/