Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp1601633pxy; Thu, 6 May 2021 11:10:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGs4GIU5sA6BoA0GgG2xijh739yeM5Bd5T+chBZNwJxR+dCZO6A2QtV9QWywhEvqflqOqy X-Received: by 2002:a17:906:1684:: with SMTP id s4mr5809995ejd.506.1620324641637; Thu, 06 May 2021 11:10:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620324641; cv=none; d=google.com; s=arc-20160816; b=L9ul+KoCrDISwfIgqjGXgaNLPIwaLfkPXrgvbC/00Hc1eGx7D+tuxN2fJEhnS/Rmyx 8qlsMn1vQBJNdWo3tSNYGBRhuFHGG/eUdZRpoigbFHFtDCQJ6P9iBVTO5hHjBC74ORDG WzneMai8BCAkPTmJGJJ2uy5jI5BdMRVms8VagWHfkO9lb8nBRGMzTwmy5/J9yhqk+/6u 7EwiAXIRAu8Tw/P4HszmaElFpY2iP69Ce/eiH7uROZS5Ww6I3gIl0MO/LUsKiNSlNqgt 6+GkiG0LZ627OxwxNxGeAFP5ZsEKCNyPcBzKh4d4gf00TYTFSXOtK4MQazXxNq7bET28 IWxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=5iD+tjKV6hDgGKw77PGTUybnlAkb873omzNjbbs3y68=; b=zDp/4j7WVYcLnjx22xXfFoTKY7egrI8QDI1WXnGrc3a0pDj4ukHbjbR/uq0aJDZJae 9DayBs8qbzkcPdjLBBiRWNvRlZphLnYwiw+gjWA3iqX2M9Mzqel+L6XMJuioOw6Hk6uC 72aC/LUsRJoi7qX06QrSNDoEloGLHnWXojBUu+vyECcSQ9j6DlU1ScxXQxbk0/oVjUxT Vdrz2hk3+QelI1XVtXY0P/MNH7+zIyrq889VBHM0uTUvPjRs6KViKcYJXEGc/HKblJPw MCCHTvxQ05FF9yFr0wRhqh863ZoFoRTNNvxaJn5QMBzJONBjNS46fxCPOuh2ebttlkt3 nL/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=R5GgiQiB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s11si49053ejz.440.2021.05.06.11.10.16; Thu, 06 May 2021 11:10:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=R5GgiQiB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234379AbhEFKYB (ORCPT + 99 others); Thu, 6 May 2021 06:24:01 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:25674 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234201AbhEFKX6 (ORCPT ); Thu, 6 May 2021 06:23:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620296579; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5iD+tjKV6hDgGKw77PGTUybnlAkb873omzNjbbs3y68=; b=R5GgiQiBnUC0tgE2EPdJRaTgvIXN3mT6Z4IMMH2SSdtjuYld5WjpXnecCqPYd6SGeiVRLl j+fx143BtAe332xWUfCyXk+EaBTCb0U94aAkH977sIrHSq425i1J3/G6hsg/L8SFUtbEYn wahFqYCJWG68a+b1QKHODN97zz4Ocr8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-171-TUsZUqhPOAiG_fqF_bC7qg-1; Thu, 06 May 2021 06:22:56 -0400 X-MC-Unique: TUsZUqhPOAiG_fqF_bC7qg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9948A64167; Thu, 6 May 2021 10:22:54 +0000 (UTC) Received: from gondolin.fritz.box (ovpn-113-111.ams2.redhat.com [10.36.113.111]) by smtp.corp.redhat.com (Postfix) with ESMTP id 624331064146; Thu, 6 May 2021 10:22:48 +0000 (UTC) Date: Thu, 6 May 2021 12:22:45 +0200 From: Cornelia Huck To: Tony Krowiak Cc: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, borntraeger@de.ibm.com, pasic@linux.vnet.ibm.com, jjherne@linux.ibm.com, jgg@nvidia.com, alex.williamson@redhat.com, kwankhede@nvidia.com, stable@vger.kernel.org, Tony Krowiak Subject: Re: [PATCH] s390/vfio-ap: fix memory leak in mdev remove callback Message-ID: <20210506122245.20f4ba21.cohuck@redhat.com> In-Reply-To: <20210505172826.105304-1-akrowiak@linux.ibm.com> References: <20210505172826.105304-1-akrowiak@linux.ibm.com> Organization: Red Hat GmbH MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 5 May 2021 13:28:26 -0400 Tony Krowiak wrote: > The mdev remove callback for the vfio_ap device driver bails out with > -EBUSY if the mdev is in use by a KVM guest. The intended purpose was > to prevent the mdev from being removed while in use; however, returning a > non-zero rc does not prevent removal. This could result in a memory leak > of the resources allocated when the mdev was created. In addition, the > KVM guest will still have access to the AP devices assigned to the mdev > even though the mdev no longer exists. > > To prevent this scenario, cleanup will be done - including unplugging the > AP adapters, domains and control domains - regardless of whether the mdev > is in use by a KVM guest or not. > > Fixes: 258287c994de ("s390: vfio-ap: implement mediated device open callback") > Cc: stable@vger.kernel.org > Signed-off-by: Tony Krowiak > Signed-off-by: Tony Krowiak > --- > drivers/s390/crypto/vfio_ap_ops.c | 39 +++++++++++++++++++++++-------- > 1 file changed, 29 insertions(+), 10 deletions(-) > > diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c > index b2c7e10dfdcd..757166da947e 100644 > --- a/drivers/s390/crypto/vfio_ap_ops.c > +++ b/drivers/s390/crypto/vfio_ap_ops.c > @@ -335,6 +335,32 @@ static void vfio_ap_matrix_init(struct ap_config_info *info, > matrix->adm_max = info->apxa ? info->Nd : 15; > } > > +static bool vfio_ap_mdev_has_crycb(struct ap_matrix_mdev *matrix_mdev) > +{ > + return (matrix_mdev->kvm && matrix_mdev->kvm->arch.crypto.crycbd); > +} > + > +static void vfio_ap_mdev_clear_apcb(struct ap_matrix_mdev *matrix_mdev) > +{ > + /* > + * If the KVM pointer is in the process of being set, wait until the > + * process has completed. > + */ > + wait_event_cmd(matrix_mdev->wait_for_kvm, > + !matrix_mdev->kvm_busy, > + mutex_unlock(&matrix_dev->lock), > + mutex_lock(&matrix_dev->lock)); > + > + if (vfio_ap_mdev_has_crycb(matrix_mdev)) { > + matrix_mdev->kvm_busy = true; > + mutex_unlock(&matrix_dev->lock); > + kvm_arch_crypto_clear_masks(matrix_mdev->kvm); > + mutex_lock(&matrix_dev->lock); > + matrix_mdev->kvm_busy = false; > + wake_up_all(&matrix_mdev->wait_for_kvm); > + } > +} Looking at vfio_ap_mdev_unset_kvm(), do you need to unhook the kvm here as well? (Or can you maybe even combine the two functions into one?) > + > static int vfio_ap_mdev_create(struct mdev_device *mdev) > { > struct ap_matrix_mdev *matrix_mdev; > @@ -366,16 +392,9 @@ static int vfio_ap_mdev_remove(struct mdev_device *mdev) > struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev); > > mutex_lock(&matrix_dev->lock); > - > - /* > - * If the KVM pointer is in flux or the guest is running, disallow > - * un-assignment of control domain. > - */ > - if (matrix_mdev->kvm_busy || matrix_mdev->kvm) { > - mutex_unlock(&matrix_dev->lock); > - return -EBUSY; > - } > - > + WARN(vfio_ap_mdev_has_crycb(matrix_mdev), > + "Removing mdev leaves KVM guest without any crypto devices"); > + vfio_ap_mdev_clear_apcb(matrix_mdev); > vfio_ap_mdev_reset_queues(mdev); > list_del(&matrix_mdev->node); > kfree(matrix_mdev);