Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp1290432ybh; Sun, 8 Mar 2020 00:00:51 -0800 (PST) X-Google-Smtp-Source: ADFU+vvpL5YSLEyj8CI6IA669EzINybWaV7Kc964Rr5ntuF3WiBY3YhROrebB3vTTAobH9XKa3nM X-Received: by 2002:aca:f1c2:: with SMTP id p185mr8006610oih.87.1583654451417; Sun, 08 Mar 2020 00:00:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583654451; cv=none; d=google.com; s=arc-20160816; b=i7LEteZaxyJYmsX/Lrtt4MhpKIJgnfOxBqvXsf6AmeT2B+EIQN8RWt8P6YMEIYFpVn Hu3Ktkbs+IhbcrosJpS81rR2zAFyDl6syN2KjwnOzBbGA4hBmIrw2QxUoQ4ARE/jZJQW pself9+NG9YibdzLqSc1IdaQ52S22+lCfed4TMLcSRqhmCg8G2IGot4YzVOPOLmSZDbR cjP3IQn5sh8qqORTy/KyuoIVklNG4nTqd3XzkfCqDacQnNwjWnLC4Q4B5vBqwcPIbEGN 8ZSyzYRHw6chwzavcEvWUkJ9AoiRBvO+YMtlDzbQsFfnnwsaIvRAR7LnweV+VdaqVZvQ LJMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=/iQ3FcNLQi6DjD/zqwYipJZvlLCEPpHUkTbLpJbck20=; b=H2ao8XIavcEaoutC4Bizns4w02DcAaK90qXtHIEzBUtyr5No+GAGF3Yq92RF/1ivyY 3JN5407AS3rV4lc5LISfKDAgiwBLDKHI0fK8Rmzji14X2N/QzkOi4fLA3NjQHBFQSqp3 L1dAYOcw01XA3EFHMVyM0bKR3Sk8VaktZ+/frXULrcz+V2bBVxHTg7Luc7G6zDSZxAai 1o6hRVD1DlEB/FK7UQgPZZS9jx4+mFC9qut5wMZBETZRqzxCtdWJQkSsqAUV9GR6AxIH GXhauZif3PaD83h8IvqLy1dkjSFMXAgyD1ybcOov5kyCoUJK7iKmneNOi/IImQb4wCwv 9Dpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=epTEvCJ+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l16si4169942otp.260.2020.03.08.00.00.33; Sun, 08 Mar 2020 00:00:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=epTEvCJ+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726138AbgCHH6O (ORCPT + 99 others); Sun, 8 Mar 2020 03:58:14 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:39198 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725904AbgCHH6O (ORCPT ); Sun, 8 Mar 2020 03:58:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1583654293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/iQ3FcNLQi6DjD/zqwYipJZvlLCEPpHUkTbLpJbck20=; b=epTEvCJ+aneXSiVlVbGQ849E1QJeGlzYPTRzxYVUQz1VULvtHylB0W8hXzDxaak+Y/9HTQ II6HbsbvMnGcsztRfuj6K0xQPvF1E6+Wu9m1g1tofS8iPWufJNQBcJvQua7xBOPbpvY3ZM RLdM/bDH51PrQvMjiRr5sR1GEHGPmRI= Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-186-unkFEO4OPzClP2pYeqgl8Q-1; Sun, 08 Mar 2020 03:58:11 -0400 X-MC-Unique: unkFEO4OPzClP2pYeqgl8Q-1 Received: by mail-qk1-f199.google.com with SMTP id z124so4962349qkd.20 for ; Sat, 07 Mar 2020 23:58:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=/iQ3FcNLQi6DjD/zqwYipJZvlLCEPpHUkTbLpJbck20=; b=DCrOEkGGXkmEHRi5sWZ1KC4IZTB81+OscsLiSGR4koO2xzOl80vPIhp44WvEOPoxEJ LjbVP51WNtbkIxpTqSOtnCN8VeubIjyks/q1v7WCDolUshbOkkOi91MmfS2ME6RcpHHK dQ5g86YNdZiKbn/bULvpc4AzXsQMXeIOuRs/TerNWq4baLokNqPd++idKBhOMttMjMEE UpF26skXyTRA1GbFZUrBFhNXyy7WxzvHwub2sKLwd/LXoTJY1TH6QDkA+xXPNIVJDn0t jn+tig0yGy6Jje8Lwl5OGTdpFBuEFH2t+3rHvqy4PLSWHUYTjBjt29igNqAPm/xddejb R5ZQ== X-Gm-Message-State: ANhLgQ0Ujgs9J3Wrg3E9qjABD2JkeTmrEtt64G8suFFlTXts1mlRTESg CmndWSL95Dy/4GmMTYgELuTu+qajfAPJCejnBAU6lnOS8dSteHF8TYeOtderFRJVOzGr8GZv6NQ 1z5RF3BH4wh7/D9/t69e5/XSA X-Received: by 2002:a0c:fc46:: with SMTP id w6mr10078462qvp.46.1583654290653; Sat, 07 Mar 2020 23:58:10 -0800 (PST) X-Received: by 2002:a0c:fc46:: with SMTP id w6mr10078456qvp.46.1583654290419; Sat, 07 Mar 2020 23:58:10 -0800 (PST) Received: from redhat.com (bzq-79-178-2-19.red.bezeqint.net. [79.178.2.19]) by smtp.gmail.com with ESMTPSA id f128sm20670117qke.54.2020.03.07.23.58.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 07 Mar 2020 23:58:09 -0800 (PST) Date: Sun, 8 Mar 2020 03:58:05 -0400 From: "Michael S. Tsirkin" To: Suman Anna Cc: Jason Wang , Tiwei Bie , "David S. Miller" , virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org Subject: Re: [PATCH] virtio_ring: Fix mem leak with vring_new_virtqueue() Message-ID: <20200308035751-mutt-send-email-mst@kernel.org> References: <20200224212643.30672-1-s-anna@ti.com> <0ace3a3b-cf2f-7977-5337-f74f530afbe1@ti.com> <1ce2bee4-64ed-f630-2695-8e8b9b8e27c1@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 05, 2020 at 06:27:53PM -0600, Suman Anna wrote: > On 2/25/20 9:13 PM, Jason Wang wrote: > > > > On 2020/2/26 上午12:51, Suman Anna wrote: > >> Hi Jason, > >> > >> On 2/24/20 11:39 PM, Jason Wang wrote: > >>> On 2020/2/25 上午5:26, Suman Anna wrote: > >>>> The functions vring_new_virtqueue() and __vring_new_virtqueue() are > >>>> used > >>>> with split rings, and any allocations within these functions are > >>>> managed > >>>> outside of the .we_own_ring flag. The commit cbeedb72b97a > >>>> ("virtio_ring: > >>>> allocate desc state for split ring separately") allocates the desc > >>>> state > >>>> within the __vring_new_virtqueue() but frees it only when the > >>>> .we_own_ring > >>>> flag is set. This leads to a memory leak when freeing such allocated > >>>> virtqueues with the vring_del_virtqueue() function. > >>>> > >>>> Fix this by moving the desc_state free code outside the flag and only > >>>> for split rings. Issue was discovered during testing with remoteproc > >>>> and virtio_rpmsg. > >>>> > >>>> Fixes: cbeedb72b97a ("virtio_ring: allocate desc state for split ring > >>>> separately") > >>>> Signed-off-by: Suman Anna > >>>> --- > >>>>    drivers/virtio/virtio_ring.c | 4 ++-- > >>>>    1 file changed, 2 insertions(+), 2 deletions(-) > >>>> > >>>> diff --git a/drivers/virtio/virtio_ring.c > >>>> b/drivers/virtio/virtio_ring.c > >>>> index 867c7ebd3f10..58b96baa8d48 100644 > >>>> --- a/drivers/virtio/virtio_ring.c > >>>> +++ b/drivers/virtio/virtio_ring.c > >>>> @@ -2203,10 +2203,10 @@ void vring_del_virtqueue(struct virtqueue *_vq) > >>>>                         vq->split.queue_size_in_bytes, > >>>>                         vq->split.vring.desc, > >>>>                         vq->split.queue_dma_addr); > >>>> - > >>>> -            kfree(vq->split.desc_state); > >>>>            } > >>>>        } > >>>> +    if (!vq->packed_ring) > >>>> +        kfree(vq->split.desc_state); > >>> Nitpick, it looks to me it would be more clear if we just free > >>> desc_state unconditionally here (and remove the kfree for packed above). > >> OK, are you sure you want that to be folded into this patch? It looks to > >> me a separate cleanup/consolidation patch, and packed desc_state does > >> not suffer this memleak, and need not be backported into stable kernels. > >> > >> regards > >> Suman > > > > > > Though it's just a small tweak, I'm fine for leaving it for future. > > > > So > > > > Acked-by: Jason Wang > > > > Mike, > Ping on this. I don't see the patch in -next yet. Can we get this into > the current -rc please? > > regards > Suman Yes will queue it shortly, thanks!