Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1172982rwb; Thu, 1 Dec 2022 13:28:57 -0800 (PST) X-Google-Smtp-Source: AA0mqf4oSruV5Yy3orJFQG744ZOP6s4ZvAWIW9yS13d4+jXtvDfxWq7wdX7mmrl026L/gKkjXrTG X-Received: by 2002:a05:6a00:1696:b0:537:b0c3:691 with SMTP id k22-20020a056a00169600b00537b0c30691mr48909902pfc.59.1669930137615; Thu, 01 Dec 2022 13:28:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669930137; cv=none; d=google.com; s=arc-20160816; b=kEPz8Sifu/7exPGPaur5EJ+9kt7lSpohuNXO5u5Vo+wBHexB2oNJ9SB60uKCGne7ee ulbQz6faKmxvXajShGppwRY4RDFqoMCsLWq7+qr93BgOCnt/43auHd0SfH4VeB8EqqeU eDp/QqBrC4OQEwbu27ewx8/w5r+0FuxJT3No3OB0HczhXSAzgf53gWRSVRf05IiqfyYI b7EuHU/XtEa/Xmgo/GhJzHLSfIyDvVQ8NR9YW3RTDs6BVgou44V4Og2sH+OOlnG2WmCF w4B/vXZPkMdyfNMvNTB8a3hjIdQRGOr4TiMClKq6t7BT68VmVyayDgtTigOYiE5tr9PC +xdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=8ZG3sGb+U+LRPySnTCOGhSvzYDNSfM2+mgL0KXCWRaI=; b=lh2Zd74R/XdX7PZHWV2jIQi8AjiwOd6RFGsCI5QSKBzIclgggZaMjgvm+kZOeQQBKT TEMetCfEyUKebKgvcZzdFXKbs2mCIDwhYfmD7jJ9Xf+nfArYlTPtnQggoj75mBdTgEz6 EQH0BWi9cZoL9/llI8trOqk+pkwurGfrDCjn0cVONK9Yp3ZXKopRKkgftAlqJ0XJh1wm YilEtKU6LBvUrTRAM3IXgpjmbzOot2e/nl9iduMC72Ds2f0U4crQz1j/8XZvI16Sywfp 4NeNv8qS99MOSKAn7q4lnnoS1xIM+IpYYy3UY2B5ygHdq8+ZAdtbUV9/vmWYzoOc2qu5 8yPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=FDX0TcJy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f27-20020aa7969b000000b005612b15a927si5232955pfk.181.2022.12.01.13.28.47; Thu, 01 Dec 2022 13:28:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=FDX0TcJy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230312AbiLAVLQ (ORCPT + 81 others); Thu, 1 Dec 2022 16:11:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33164 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229967AbiLAVLO (ORCPT ); Thu, 1 Dec 2022 16:11:14 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 71121BEE1A for ; Thu, 1 Dec 2022 13:10:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669929018; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8ZG3sGb+U+LRPySnTCOGhSvzYDNSfM2+mgL0KXCWRaI=; b=FDX0TcJyUoNMBKTxRR5ZB+neCtUIBbG0etmoJItq6LtUF/KEk2CpRSCE+SrcpE99NNaxnp 6zwxI86bmFphP9FbIy+wo8CM+9nBtLW4Lv5vs4layhfj+iGoW2URu0FIM+s3iWGJHTSzM1 Pr2pxv53sT5GGCGnTGK36HwPE7fAReE= Received: from mail-il1-f199.google.com (mail-il1-f199.google.com [209.85.166.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-517-cswW6udmM0W0DuB3HaTqHg-1; Thu, 01 Dec 2022 16:10:17 -0500 X-MC-Unique: cswW6udmM0W0DuB3HaTqHg-1 Received: by mail-il1-f199.google.com with SMTP id y12-20020a056e021bec00b00302a7d5bc83so3202302ilv.16 for ; Thu, 01 Dec 2022 13:10:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8ZG3sGb+U+LRPySnTCOGhSvzYDNSfM2+mgL0KXCWRaI=; b=wqyGSrSG2LtI0g8T0uhb0d5D0NgdU68zFtBUyMjE9h+8NZ0kPIIDvyC4dn7LCg6fVU NgkYUYQTSsTprGMcGEz7B/zk8dxT0vojp5ooyi7Vl4zCN9mfkejDGnoMbKYr40/NVHd3 5jXvGZn3/qbYGVrZYljR114DLrV0pXeF4z8n7gMsaWFubEPDOWdjvFROoXB1IiaOSBFs 56n6+V5jW8I47+DKkl+kwScy+IAyiAde9V8joy4Ga5C31ij6Xz8SpgUvcRyyHf1GNot0 3jtaBOYlKzM7Lgw2eV/WvsUiNNGymfSV7i84JzyfqBCz/+It87ygCC+29KYVrLgzqOdz aFxA== X-Gm-Message-State: ANoB5pkLg2qaUZYo5i7EqpD3lesKCNwGUoM/2i0bJx+d0jZ3LTSpCQHh pc+w2fBRwYi5pK7dM4paILu450lLcO/hs73AF503DaWEQAOfxOZD6CTJNqFoeq8BDCUzp/FD77f Ch9Y9ifTgrSunJ/uqkrWgK0jv X-Received: by 2002:a05:6638:164a:b0:389:d66d:c049 with SMTP id a10-20020a056638164a00b00389d66dc049mr13199706jat.195.1669929015967; Thu, 01 Dec 2022 13:10:15 -0800 (PST) X-Received: by 2002:a05:6638:164a:b0:389:d66d:c049 with SMTP id a10-20020a056638164a00b00389d66dc049mr13199696jat.195.1669929015701; Thu, 01 Dec 2022 13:10:15 -0800 (PST) Received: from redhat.com ([38.15.36.239]) by smtp.gmail.com with ESMTPSA id g12-20020a056602072c00b006cab79c4214sm1963330iox.46.2022.12.01.13.10.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 13:10:14 -0800 (PST) Date: Thu, 1 Dec 2022 14:10:13 -0700 From: Alex Williamson To: "Tian, Kevin" Cc: ruanjinjie , "kwankhede@nvidia.com" , "kraxel@redhat.com" , "cjia@nvidia.com" , "kvm@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "akrowiak@linux.ibm.com" , "pasic@linux.ibm.com" , "jjherne@linux.ibm.com" , "farman@linux.ibm.com" , "mjrosato@linux.ibm.com" Subject: Re: [PATCH] vfio/mdev: fix possible memory leak in module init funcs Message-ID: <20221201141013.68d2b0cf.alex.williamson@redhat.com> In-Reply-To: References: <20221118032827.3725190-1-ruanjinjie@huawei.com> <20221130160622.0cf3e47d.alex.williamson@redhat.com> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.34; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 1 Dec 2022 02:00:57 +0000 "Tian, Kevin" wrote: > > From: Alex Williamson > > Sent: Thursday, December 1, 2022 7:06 AM > > > > [Cc +vfio-ap, vfio-ccw] > > > > On Fri, 18 Nov 2022 11:28:27 +0800 > > ruanjinjie wrote: > > > > > Inject fault while probing module, if device_register() fails, > > > but the refcount of kobject is not decreased to 0, the name > > > allocated in dev_set_name() is leaked. Fix this by calling > > > put_device(), so that name can be freed in callback function > > > kobject_cleanup(). > > It's not just about the name. The problem of kboject not being > released is a bigger one. > > put_device() is always required no matter device_register() > succeeds or not: > > * NOTE: _Never_ directly free @dev after calling this function, even > * if it returned an error! Always use put_device() to give up the > * reference initialized in this function instead. > */ > int device_register(struct device *dev) > > > > @@ -1430,8 +1430,10 @@ static int __init mbochs_dev_init(void) > > > dev_set_name(&mbochs_dev, "%s", MBOCHS_NAME); > > > > > > ret = device_register(&mbochs_dev); > > > - if (ret) > > > + if (ret) { > > > + put_device(&mbochs_dev); > > > goto err_class; > > > + } > > > > > > ret = mdev_register_parent(&mbochs_parent, &mbochs_dev, > > &mbochs_driver, > > > mbochs_mdev_types, > > > > > > vfio-ap has a similar unwind as the sample drivers, but actually makes > > an attempt to catch this ex: > > > > ... > > ret = device_register(&matrix_dev->device); > > if (ret) > > goto matrix_reg_err; > > > > ret = driver_register(&matrix_driver); > > if (ret) > > goto matrix_drv_err; > > > > return 0; > > > > matrix_drv_err: > > device_unregister(&matrix_dev->device); > > matrix_reg_err: > > put_device(&matrix_dev->device); > > ... > > > > So of the vfio drivers calling device_register(), vfio-ap is the only > > one that does a put_device() if device_register() fails, but it also > > seems sketchy to call both device_unregister() and put_device() in the > > case that we exit via matrix_drv_err. > > > > I wonder if all of these shouldn't adopt a flow like: > > > > ret = device_register(&dev); > > if (ret) > > goto err1; > > > > .... > > > > return 0; > > > > err2: > > device_del(&dev); > > err1: > > put_device(&dev); > > > > It's kind of a mixed model. > > With above unwind it's clearer to use device_initialize() and device_add() instead. That would go against the comment for device_register() recommending that device_initialize() and device_add() should only be called separately if we have a clearly defined need. I can only imagine a patch bot would quickly come along to rectify the situation if we simply open code device_register() for aesthetics. I don't see that splitting device_unregister() for the purpose of having a common unwind path necessitates any changes relative to device_register(). > Otherwise what this patch does looks better IMHO: > > ret = device_register(&dev); > if (ret) { > put_device(&dev); > goto err1; > } > > ... > > return 0; > > err2: > device_unregister(&dev); > err1: > earlier_unwind(); > This is essentially what was originally proposed. It could also be called a "mixed model", implementing part of the unwind in the error branch before jumping to the common unwind. As demonstrated below, every current vfio driver calling device_register() follows a similar goto unwind stack as found in the sample drivers, which makes it trivially easy to split the device_unregister() call and add a goto target in between. Either way, they're equivalent and I'll take whichever version addresses all the vfio related use cases and gets acks from their maintainers. Thanks, Alex diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c index c2a65808605a..54aba7cceb33 100644 --- a/drivers/s390/cio/vfio_ccw_drv.c +++ b/drivers/s390/cio/vfio_ccw_drv.c @@ -199,8 +199,9 @@ static int vfio_ccw_sch_probe(struct subchannel *sch) return 0; out_unreg: - device_unregister(&parent->dev); + device_del(&parent->dev); out_free: + put_device(&parent->dev); dev_set_drvdata(&sch->dev, NULL); return ret; } diff --git a/drivers/s390/crypto/vfio_ap_drv.c b/drivers/s390/crypto/vfio_ap_drv.c index f43cfeabd2cc..997b524bdd2b 100644 --- a/drivers/s390/crypto/vfio_ap_drv.c +++ b/drivers/s390/crypto/vfio_ap_drv.c @@ -122,7 +122,7 @@ static int vfio_ap_matrix_dev_create(void) return 0; matrix_drv_err: - device_unregister(&matrix_dev->device); + device_del(&matrix_dev->device); matrix_reg_err: put_device(&matrix_dev->device); matrix_alloc_err: diff --git a/samples/vfio-mdev/mbochs.c b/samples/vfio-mdev/mbochs.c index 8b5a3a778a25..e54eb752e1ba 100644 --- a/samples/vfio-mdev/mbochs.c +++ b/samples/vfio-mdev/mbochs.c @@ -1430,7 +1430,7 @@ static int __init mbochs_dev_init(void) ret = device_register(&mbochs_dev); if (ret) - goto err_class; + goto err_put; ret = mdev_register_parent(&mbochs_parent, &mbochs_dev, &mbochs_driver, mbochs_mdev_types, @@ -1441,8 +1441,9 @@ static int __init mbochs_dev_init(void) return 0; err_device: - device_unregister(&mbochs_dev); -err_class: + device_del(&mbochs_dev); +err_put: + put_device(&mbochs_dev); class_destroy(mbochs_class); err_driver: mdev_unregister_driver(&mbochs_driver); diff --git a/samples/vfio-mdev/mdpy.c b/samples/vfio-mdev/mdpy.c index 721fb06c6413..e8400fdab71d 100644 --- a/samples/vfio-mdev/mdpy.c +++ b/samples/vfio-mdev/mdpy.c @@ -717,7 +717,7 @@ static int __init mdpy_dev_init(void) ret = device_register(&mdpy_dev); if (ret) - goto err_class; + goto err_put; ret = mdev_register_parent(&mdpy_parent, &mdpy_dev, &mdpy_driver, mdpy_mdev_types, @@ -728,8 +728,9 @@ static int __init mdpy_dev_init(void) return 0; err_device: - device_unregister(&mdpy_dev); -err_class: + device_del(&mdpy_dev); +err_put: + put_device(&mdpy_dev); class_destroy(mdpy_class); err_driver: mdev_unregister_driver(&mdpy_driver); diff --git a/samples/vfio-mdev/mtty.c b/samples/vfio-mdev/mtty.c index 3c2a421b9b69..e887de672c52 100644 --- a/samples/vfio-mdev/mtty.c +++ b/samples/vfio-mdev/mtty.c @@ -1330,7 +1330,7 @@ static int __init mtty_dev_init(void) ret = device_register(&mtty_dev.dev); if (ret) - goto err_class; + goto err_put; ret = mdev_register_parent(&mtty_dev.parent, &mtty_dev.dev, &mtty_driver, mtty_mdev_types, @@ -1340,8 +1340,9 @@ static int __init mtty_dev_init(void) return 0; err_device: - device_unregister(&mtty_dev.dev); -err_class: + device_del(&mtty_dev.dev); +err_put: + put_device(&mtty_dev.dev); class_destroy(mtty_dev.vd_class); err_driver: mdev_unregister_driver(&mtty_driver);