Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp73898ybf; Wed, 26 Feb 2020 09:04:24 -0800 (PST) X-Google-Smtp-Source: APXvYqweYtYAUhpd0ru/EZgaD4MFS4/ahga4ooX9TazwXYTL54jmADHZEupOBUJEBbLMzQxv7E6K X-Received: by 2002:a9d:7617:: with SMTP id k23mr3704309otl.329.1582736664524; Wed, 26 Feb 2020 09:04:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582736664; cv=none; d=google.com; s=arc-20160816; b=l+NzDv3cB4bPVjWNNHgC5f7Ktgl3lKxNSvlN28L+ROj6SZ6Mpog+hsq2YiYbUmWa4y +UkpYmjbma+pZkqdxt46eje9uDg+5cSzEyBY+qPohv7g+7m6xq2czjORwwvTQoCf4YGs iuvStX00+OJwW37PTw2u7yAGrzj3NjuXVqUlXrguZOvHWHyVAVo9aLb/PrjAOthPY+RN eO+tZb9WYAOKMED2X6BSjCgAX4aOgSITVhjZoGisVH1sVJWrxp530tnBqyrvxQt64Gh8 M8drc/ddiHihuEakGq+PJ3ps5MyAyUPB0BopXJeR5alagYpwak+Is09vAFy6ZW2ZeTNe L4rQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=CZdphqXj3swfr3rshZA/0w1MD1hpzkcAcBfN76SapQ8=; b=Rb59gpVimGayUKfer7XwvOU1Q7B7BRUpbcvD6oMx/k5fxltAEBkbnEqk1Y1bO+o4iA vOWCa7qBVKBQrE0VV126ZFVGWsohfLbpzzjFF3JNPGP1m9Lr0DUqU5dFd0pdPsuKv6LW Ltf6vhEw1rju+rL8QNx+eNNv2AAwOm4RdaAtoNNRjkqnzaCEpzeA8jjnqFgI1OiN1UKq dCRBl7OdGgaco9IaMW5gphxJnmav3jqYA5ZqSFMb6EXsvtpvI2U5GCcyNFQsncQj5RdR 1dTqcjcjt7qaejts3SpwiYlCCYbDP8ATz248HrJpc9Vjt4lpGyYi+gvZEZy0j44GLdlY Bs8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ti.com header.s=ti-com-17Q1 header.b=SNNkUAvX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=ti.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u3si1564228oif.167.2020.02.26.09.04.11; Wed, 26 Feb 2020 09:04:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@ti.com header.s=ti-com-17Q1 header.b=SNNkUAvX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=ti.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728388AbgBZRBx (ORCPT + 99 others); Wed, 26 Feb 2020 12:01:53 -0500 Received: from lelv0142.ext.ti.com ([198.47.23.249]:32782 "EHLO lelv0142.ext.ti.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728073AbgBZRBw (ORCPT ); Wed, 26 Feb 2020 12:01:52 -0500 Received: from lelv0265.itg.ti.com ([10.180.67.224]) by lelv0142.ext.ti.com (8.15.2/8.15.2) with ESMTP id 01QH1VWD001892; Wed, 26 Feb 2020 11:01:31 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1582736491; bh=CZdphqXj3swfr3rshZA/0w1MD1hpzkcAcBfN76SapQ8=; h=Subject:To:CC:References:From:Date:In-Reply-To; b=SNNkUAvXoggAOVNecqUg9xSNEJYjzrLU6umWjXK4EPh0R4/cJ/S47rUlRWY1b9T+P QDhnsksn0ISK030JdOaEcCRXcUbbV17LamWBReCcdX8mRyEN9OyLX+FQAd/jH99MMd UVOujwFW11cmasY9pEYlXh6M9mCuqTTCNzmHbROg= Received: from DLEE108.ent.ti.com (dlee108.ent.ti.com [157.170.170.38]) by lelv0265.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 01QH1V69116205 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 26 Feb 2020 11:01:31 -0600 Received: from DLEE114.ent.ti.com (157.170.170.25) by DLEE108.ent.ti.com (157.170.170.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1847.3; Wed, 26 Feb 2020 11:01:30 -0600 Received: from lelv0327.itg.ti.com (10.180.67.183) by DLEE114.ent.ti.com (157.170.170.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1847.3 via Frontend Transport; Wed, 26 Feb 2020 11:01:31 -0600 Received: from [128.247.58.153] (ileax41-snat.itg.ti.com [10.172.224.153]) by lelv0327.itg.ti.com (8.15.2/8.15.2) with ESMTP id 01QH1Ukv121969; Wed, 26 Feb 2020 11:01:30 -0600 Subject: Re: [PATCH] virtio_ring: Fix mem leak with vring_new_virtqueue() To: Jason Wang , "Michael S. Tsirkin" CC: Tiwei Bie , "David S. Miller" , , , References: <20200224212643.30672-1-s-anna@ti.com> <0ace3a3b-cf2f-7977-5337-f74f530afbe1@ti.com> <1ce2bee4-64ed-f630-2695-8e8b9b8e27c1@redhat.com> From: Suman Anna Message-ID: <90f85329-9bec-1204-6a0d-892c92219eb1@ti.com> Date: Wed, 26 Feb 2020 11:01:30 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <1ce2bee4-64ed-f630-2695-8e8b9b8e27c1@redhat.com> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 8bit X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2/25/20 9:13 PM, Jason Wang wrote: > > On 2020/2/26 上午12:51, Suman Anna wrote: >> Hi Jason, >> >> On 2/24/20 11:39 PM, Jason Wang wrote: >>> On 2020/2/25 上午5:26, Suman Anna wrote: >>>> The functions vring_new_virtqueue() and __vring_new_virtqueue() are >>>> used >>>> with split rings, and any allocations within these functions are >>>> managed >>>> outside of the .we_own_ring flag. The commit cbeedb72b97a >>>> ("virtio_ring: >>>> allocate desc state for split ring separately") allocates the desc >>>> state >>>> within the __vring_new_virtqueue() but frees it only when the >>>> .we_own_ring >>>> flag is set. This leads to a memory leak when freeing such allocated >>>> virtqueues with the vring_del_virtqueue() function. >>>> >>>> Fix this by moving the desc_state free code outside the flag and only >>>> for split rings. Issue was discovered during testing with remoteproc >>>> and virtio_rpmsg. >>>> >>>> Fixes: cbeedb72b97a ("virtio_ring: allocate desc state for split ring >>>> separately") >>>> Signed-off-by: Suman Anna >>>> --- >>>>    drivers/virtio/virtio_ring.c | 4 ++-- >>>>    1 file changed, 2 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/drivers/virtio/virtio_ring.c >>>> b/drivers/virtio/virtio_ring.c >>>> index 867c7ebd3f10..58b96baa8d48 100644 >>>> --- a/drivers/virtio/virtio_ring.c >>>> +++ b/drivers/virtio/virtio_ring.c >>>> @@ -2203,10 +2203,10 @@ void vring_del_virtqueue(struct virtqueue *_vq) >>>>                         vq->split.queue_size_in_bytes, >>>>                         vq->split.vring.desc, >>>>                         vq->split.queue_dma_addr); >>>> - >>>> -            kfree(vq->split.desc_state); >>>>            } >>>>        } >>>> +    if (!vq->packed_ring) >>>> +        kfree(vq->split.desc_state); >>> Nitpick, it looks to me it would be more clear if we just free >>> desc_state unconditionally here (and remove the kfree for packed above). >> OK, are you sure you want that to be folded into this patch? It looks to >> me a separate cleanup/consolidation patch, and packed desc_state does >> not suffer this memleak, and need not be backported into stable kernels. >> >> regards >> Suman > > > Though it's just a small tweak, I'm fine for leaving it for future. > > So > > Acked-by: Jason Wang Thanks Jason, will post a patch for the same once this is merged. regards Suman