Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp2343079rdg;
        Mon, 16 Oct 2023 00:53:47 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHx3zp7ednxtRLS0zMe1+G6gtro7GxyJtGOtPq1f7vmgu/15Q45VVHzddLXqTdUJ5z7sqWF
X-Received: by 2002:a17:902:ec8c:b0:1bf:6ad7:2286 with SMTP id x12-20020a170902ec8c00b001bf6ad72286mr26379280plg.43.1697442827238;
        Mon, 16 Oct 2023 00:53:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697442827; cv=none;
        d=google.com; s=arc-20160816;
        b=t+x5bjEsbfRzloG3bUzGVhK6nvd0cAmshJAzPmnWHjvGO0PzbIULKor3J7WnT6KER6
         Tw/4RBSMLFTi6brgE62PBRLz0L8quU6swoVhaLzCYX6ZdNxq/02ZmHbi/mT7mGOdK1bi
         ZXN2J9nYI3WV8UvQaJWtsDW4d0tG1sNdQ7xwFdx7GRuMiR+ezUqSElPvnVJOkbtBbCUP
         fyzYrQCJhvq+PgR5TzrPEKGbhMjxZJGsnVmy4PBM7BpXnmzDWbi+ob7irNDNBzvCDLZx
         O6aAdvSCh2JR+KhVUXsUL4NYio815TY8ImdYZ+n5cN8oaXIDosO1gmbn/JYYnQMxnDbh
         4jKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=Gd31wjQltRaRKMtxCuA7b8PZltpyuznttFUDFi0zJmk=;
        fh=om0Bi4dLmuzknwUma4wAiG5ZCCZqlQJ6IR6+Y6XUIBg=;
        b=046b7Ab19I95keoNsrKFI7WLeCzecoRLrGGTmztkhvLe3nU8/Hd7GCPE57oyTFmGqm
         1dO6oh+4gcPJ4COt/ng0rRZTR4Ph3d5hUSuTtDtzXicY9FsvPz09J+LDQYT+efNeqjV8
         2s1GgIN0mZ/dvhizc8Msetqr4ZuDdFcKCvYNcq7CflW2Mh3B2x64I1Fq/rQ5xA4JhnFd
         pPsak1la5PhvgQkUkrigdzi8kN6QkYc4xOZItdI776+2yeLYtvN4DNdmyRWymB76oX7O
         RO47y3kfGsQCqLJrbBNIofWxKl25XaBkNedzDrQBoJOlaskEqY+tv4i1KbgB3PWQJuRb
         EC9g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NdEEa627;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from howler.vger.email (howler.vger.email. [23.128.96.34])
        by mx.google.com with ESMTPS id n3-20020a170903110300b001ca335f71bbsi4699179plh.140.2023.10.16.00.53.46
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 16 Oct 2023 00:53:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NdEEa627;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by howler.vger.email (Postfix) with ESMTP id 68AEB80608F3;
	Mon, 16 Oct 2023 00:53:44 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229636AbjJPHxe (ORCPT <rfc822;0xff07.lkml@gmail.com>
        + 99 others); Mon, 16 Oct 2023 03:53:34 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35378 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229478AbjJPHxd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 16 Oct 2023 03:53:33 -0400
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0EA5A1
        for <linux-kernel@vger.kernel.org>; Mon, 16 Oct 2023 00:52:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1697442766;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=Gd31wjQltRaRKMtxCuA7b8PZltpyuznttFUDFi0zJmk=;
        b=NdEEa627aUm2crOG4IpfNuHt6qZeIEY5Klre++zHtR3Xudn2jWwKffuuEM3m4hSkjBTnzp
        EWAixpLrxEf4DDOgt4XY0SMRVvsQPEHnCEfiv7bm0dtMlJ6aCtclQMCgswfsztds86cbCi
        yDwNjJuhBUq9xhzhHXcO/kV0KId6XQI=
Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com
 [209.85.222.198]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-106-KsmrrJ4JNS66v2g89rXFgw-1; Mon, 16 Oct 2023 03:52:45 -0400
X-MC-Unique: KsmrrJ4JNS66v2g89rXFgw-1
Received: by mail-qk1-f198.google.com with SMTP id af79cd13be357-77574c5f713so497579685a.0
        for <linux-kernel@vger.kernel.org>; Mon, 16 Oct 2023 00:52:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1697442764; x=1698047564;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Gd31wjQltRaRKMtxCuA7b8PZltpyuznttFUDFi0zJmk=;
        b=qSpsqJ8cEStCxUSbfMZkqPrmtQObdY26T+hvHjYZjbxRaVLqbX3TESxXq3iF490RnL
         omBY8OgsuHLyhZEPOeS13yngO7/2+YXTY+HJ/650bJzGv+Q13Pvmo/PVp6JfdZM+gVUS
         kgWb9IIjuZSFdI1yhyJY/UIWoIHgka3N2ja0jx0v2keC50zFoMfmK3QRxIhD6WHHtUWZ
         Qg5n6bHMMF+PCHT2liKT7ir4QX2fHLXGvoR+rN5ge2GK3QxJ8wrsVYntTz8KrjlnUevV
         mPPz0xetXo4FOFfFLyllxPPNrWSKJBiNUuCpnE9LuabUr4fxoDymFgO1u1c+jGhx3mBj
         iWKg==
X-Gm-Message-State: AOJu0YytZpCrmMr8ACFxZ2wBzlPKKCRbdcqP3A1n0vPZ9S4HrgLdcOx7
        0urygS6LnnjFsIhh4TE+sJ5lXpSiE5UhLJuHdESPxICdY3eCShzE7lNoLYJ8u3w599D53kYSdRI
        1m5/+dgKaNIVugJddV4jYoKIz
X-Received: by 2002:a05:620a:2848:b0:772:64cb:bc64 with SMTP id h8-20020a05620a284800b0077264cbbc64mr40238565qkp.12.1697442764626;
        Mon, 16 Oct 2023 00:52:44 -0700 (PDT)
X-Received: by 2002:a05:620a:2848:b0:772:64cb:bc64 with SMTP id h8-20020a05620a284800b0077264cbbc64mr40238553qkp.12.1697442764336;
        Mon, 16 Oct 2023 00:52:44 -0700 (PDT)
Received: from ?IPV6:2a01:e0a:280:24f0:9db0:474c:ff43:9f5c? ([2a01:e0a:280:24f0:9db0:474c:ff43:9f5c])
        by smtp.gmail.com with ESMTPSA id r30-20020a05620a03de00b0076ca9f79e1fsm2799111qkm.46.2023.10.16.00.52.43
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 16 Oct 2023 00:52:43 -0700 (PDT)
Message-ID: <04d9af1d-e459-4431-bea3-679ade88f7d5@redhat.com>
Date:   Mon, 16 Oct 2023 09:52:41 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH 1/2] vfio/mtty: Fix eventfd leak
Content-Language: en-US
To:     Alex Williamson <alex.williamson@redhat.com>
Cc:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org
References: <20231013195653.1222141-1-alex.williamson@redhat.com>
 <20231013195653.1222141-2-alex.williamson@redhat.com>
From:   =?UTF-8?Q?C=C3=A9dric_Le_Goater?= <clg@redhat.com>
In-Reply-To: <20231013195653.1222141-2-alex.williamson@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Mon, 16 Oct 2023 00:53:44 -0700 (PDT)

On 10/13/23 21:56, Alex Williamson wrote:
> Found via kmemleak, eventfd context is leaked if not explicitly torn
> down by userspace.  Clear pointers to track released contexts.  Also
> remove unused irq_fd field in mtty structure, set but never used.

This could be 2 different patches, one cleanup and one fix.
  
> Fixes: 9d1a546c53b4 ("docs: Sample driver to demonstrate how to use Mediated device framework.")
> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
> ---
>   samples/vfio-mdev/mtty.c | 28 +++++++++++++++++++++++-----
>   1 file changed, 23 insertions(+), 5 deletions(-)
> 
> diff --git a/samples/vfio-mdev/mtty.c b/samples/vfio-mdev/mtty.c
> index 5af00387c519..0a2760818e46 100644
> --- a/samples/vfio-mdev/mtty.c
> +++ b/samples/vfio-mdev/mtty.c
> @@ -127,7 +127,6 @@ struct serial_port {
>   /* State of each mdev device */
>   struct mdev_state {
>   	struct vfio_device vdev;
> -	int irq_fd;
>   	struct eventfd_ctx *intx_evtfd;
>   	struct eventfd_ctx *msi_evtfd;
>   	int irq_index;
> @@ -938,8 +937,10 @@ static int mtty_set_irqs(struct mdev_state *mdev_state, uint32_t flags,
>   		{
>   			if (flags & VFIO_IRQ_SET_DATA_NONE) {
>   				pr_info("%s: disable INTx\n", __func__);
> -				if (mdev_state->intx_evtfd)
> +				if (mdev_state->intx_evtfd) {
>   					eventfd_ctx_put(mdev_state->intx_evtfd);
> +					mdev_state->intx_evtfd = NULL;
> +				}
>   				break;
>   			}
>   
> @@ -955,7 +956,6 @@ static int mtty_set_irqs(struct mdev_state *mdev_state, uint32_t flags,
>   						break;
>   					}

Shouln't mdev_state->intx_evtfd value be tested before calling
eventfd_ctx() ?

Thanks,

C.


>   					mdev_state->intx_evtfd = evt;
> -					mdev_state->irq_fd = fd;
>   					mdev_state->irq_index = index;
>   					break;
>   				}
> @@ -971,8 +971,10 @@ static int mtty_set_irqs(struct mdev_state *mdev_state, uint32_t flags,
>   			break;
>   		case VFIO_IRQ_SET_ACTION_TRIGGER:
>   			if (flags & VFIO_IRQ_SET_DATA_NONE) {
> -				if (mdev_state->msi_evtfd)
> +				if (mdev_state->msi_evtfd) {
>   					eventfd_ctx_put(mdev_state->msi_evtfd);
> +					mdev_state->msi_evtfd = NULL;
> +				}
>   				pr_info("%s: disable MSI\n", __func__);
>   				mdev_state->irq_index = VFIO_PCI_INTX_IRQ_INDEX;
>   				break;
> @@ -993,7 +995,6 @@ static int mtty_set_irqs(struct mdev_state *mdev_state, uint32_t flags,
>   					break;
>   				}
>   				mdev_state->msi_evtfd = evt;
> -				mdev_state->irq_fd = fd;
>   				mdev_state->irq_index = index;
>   			}
>   			break;
> @@ -1262,6 +1263,22 @@ static unsigned int mtty_get_available(struct mdev_type *mtype)
>   	return atomic_read(&mdev_avail_ports) / type->nr_ports;
>   }
>   
> +static void mtty_close(struct vfio_device *vdev)
> +{
> +	struct mdev_state *mdev_state =
> +		container_of(vdev, struct mdev_state, vdev);
> +
> +	if (mdev_state->intx_evtfd) {
> +		eventfd_ctx_put(mdev_state->intx_evtfd);
> +		mdev_state->intx_evtfd = NULL;
> +	}
> +	if (mdev_state->msi_evtfd) {
> +		eventfd_ctx_put(mdev_state->msi_evtfd);
> +		mdev_state->msi_evtfd = NULL;
> +	}
> +	mdev_state->irq_index = -1;
> +}
> +
>   static const struct vfio_device_ops mtty_dev_ops = {
>   	.name = "vfio-mtty",
>   	.init = mtty_init_dev,
> @@ -1273,6 +1290,7 @@ static const struct vfio_device_ops mtty_dev_ops = {
>   	.unbind_iommufd	= vfio_iommufd_emulated_unbind,
>   	.attach_ioas	= vfio_iommufd_emulated_attach_ioas,
>   	.detach_ioas	= vfio_iommufd_emulated_detach_ioas,
> +	.close_device	= mtty_close,
>   };
>   
>   static struct mdev_driver mtty_driver = {