Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp2737557rdg;
        Mon, 16 Oct 2023 13:17:34 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEUme9L+NDap2dcY9pHUyM+i9MQGfSv2vznUUuY406CWcISJJaXUinQW299V0DMWIIwozCe
X-Received: by 2002:a05:6a20:9153:b0:160:c1b9:a759 with SMTP id x19-20020a056a20915300b00160c1b9a759mr149383pzc.20.1697487454011;
        Mon, 16 Oct 2023 13:17:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697487453; cv=none;
        d=google.com; s=arc-20160816;
        b=0CGP5wjCIZ2kKC1XRPtEorteKNdAbddZjaYDgK/5W43IHkGMnR/Qt8dXnIZ0v6pv8X
         DmCBPOwF3FH6z7mPZauRmIdvdLGsuzFPUs/jysz5JtFTUSBup9gt6lG1j97H8bcGy8O/
         EXXiiyn5IjbIR7lTfvuyDakYjxoQc33WyR8KKjZXPpG7/8D3lG6vRZqqL1z8C0vgBLq4
         c8V0ywJoEo91sHa8feoj1JBfH1//Dw7RqO7vAkcYLIBJWfsrBC6RqjdQia4sETmwvqkJ
         v1fIP6dOWU0r6ZrjJeGIyjtPcWUM1A/fSCEO7CdrYGLrEJ+7wEZiNJgrN8LZN7GLyC3N
         9Mow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=hZtbQXcsubytl4k+2ppLTWsAsX5032GxW5VF2x3Wx24=;
        fh=QgHbIUA1+trzD3NqFbFX/7r4psWcQpmAq8UBQigi60c=;
        b=HMfjOaLzQTjLojkgplkrpXGi9EhAPHvjNwjnsbmzjfm4w9W1XJE8PaHRlso/4gbYi3
         pZgrUGKpW+qhDaZjknMlTVxfryGGMMP1L7dbtCs0/b4WwQML1p6CjzZzD7y6GqYchBS3
         vQq8MWZ0iLraVZjv/KuaLE/xdCpJnwnGZUUwGgVcihbS0o86DF6fKMzuohd31YQvD5vR
         WHU/aO3ViEP5UkuscjpbmRLICiEIzm4thqq2OppHoOm+0Z/vOddPD82z2dOz0re7oNe5
         QOVJ/vaHuQendmUrZ8aJA+sCI+nKwRa+tNzA8roFmLEbhyWiooOMzSIpVcm6teWQd01q
         +DNg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=S5Z4yzVe;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7])
        by mx.google.com with ESMTPS id y5-20020a17090ad70500b00277624ffa82si6639124pju.86.2023.10.16.13.17.33
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 16 Oct 2023 13:17:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=S5Z4yzVe;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by snail.vger.email (Postfix) with ESMTP id 117C28061B4E;
	Mon, 16 Oct 2023 13:17:33 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234107AbjJPURb (ORCPT <rfc822;0xff07.lkml@gmail.com>
        + 99 others); Mon, 16 Oct 2023 16:17:31 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50234 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231221AbjJPURa (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 16 Oct 2023 16:17:30 -0400
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A8A8683
        for <linux-kernel@vger.kernel.org>; Mon, 16 Oct 2023 13:16:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1697487399;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=hZtbQXcsubytl4k+2ppLTWsAsX5032GxW5VF2x3Wx24=;
        b=S5Z4yzVeU+8LUFkIA/ZvNV+FeuwR6aSvwlYHKXEQsZMXA0Y2NqmfQg+jXooAL5ZRZ1MGAb
        KjfCBzUCI8scxtz/haS+izMuiVesJwjMtnA/XgRMkBw3fgpe/y4JH3jw8UaZq7zf7Nkf4j
        Ks9T5yyUxRMsl15t8n7Q4fPPoY2UMPM=
Received: from mail-io1-f71.google.com (mail-io1-f71.google.com
 [209.85.166.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-677-ILy-LTobPr6omCDdDVWrEA-1; Mon, 16 Oct 2023 16:16:38 -0400
X-MC-Unique: ILy-LTobPr6omCDdDVWrEA-1
Received: by mail-io1-f71.google.com with SMTP id ca18e2360f4ac-7913a5d6546so348061439f.1
        for <linux-kernel@vger.kernel.org>; Mon, 16 Oct 2023 13:16:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1697487397; x=1698092197;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=hZtbQXcsubytl4k+2ppLTWsAsX5032GxW5VF2x3Wx24=;
        b=N+uciQurwPIFbgKyGpg9dMlLCwcdxUejKzvWTOHs65qpTg6O9V9uvND3K78+YzrNkA
         i4aSCKiBhqcj34HMlNtRQ5NAJWzRn/YEbbZnDhdttVuCjG99+NfSR0si20fXkwvrrFjj
         nUbVLb9qT5D/tkV8KotnaUlhfmok9Bsq+upV26+nxvuTnMY7DQIzOYhR7f10/4CupO8m
         qsJh367XMe/ZNIZQC9e0QKzCSU8TgCVAS3Ks6x6DjBeALDXNd7IizBBsX5IrfTy74i15
         OyqtsmACqVbm+rAOK7IaZyh09B34xkHM7h8POHjNp8XlZ7h27SmAyyphWUKiuYN8Ppjf
         Jviw==
X-Gm-Message-State: AOJu0YwkKwUEGVyA2M/k9XUj7scjYm5QQWwvY99UqvW/ktiZlqhB/NEq
        5Pc/spHqd6ZIIg9nzGCmFbOch1JPxzI8hhrKcOx9juvxSgzG3krBLGvYhr1oOzNiZ/TUlkRaOVZ
        MFTeRyPyfhF1TiOZcoPpPffQN
X-Received: by 2002:a05:6e02:1523:b0:357:4ce1:6eaf with SMTP id i3-20020a056e02152300b003574ce16eafmr515003ilu.21.1697487397476;
        Mon, 16 Oct 2023 13:16:37 -0700 (PDT)
X-Received: by 2002:a05:6e02:1523:b0:357:4ce1:6eaf with SMTP id i3-20020a056e02152300b003574ce16eafmr514991ilu.21.1697487397226;
        Mon, 16 Oct 2023 13:16:37 -0700 (PDT)
Received: from redhat.com ([38.15.60.12])
        by smtp.gmail.com with ESMTPSA id l12-20020a92290c000000b0034fe7ae6514sm3610343ilg.75.2023.10.16.13.16.36
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 16 Oct 2023 13:16:36 -0700 (PDT)
Date:   Mon, 16 Oct 2023 14:16:35 -0600
From:   Alex Williamson <alex.williamson@redhat.com>
To:     =?UTF-8?B?Q8OpZHJpYw==?= Le Goater <clg@redhat.com>
Cc:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] vfio/mtty: Fix eventfd leak
Message-ID: <20231016141635.74f8908e.alex.williamson@redhat.com>
In-Reply-To: <04d9af1d-e459-4431-bea3-679ade88f7d5@redhat.com>
References: <20231013195653.1222141-1-alex.williamson@redhat.com>
        <20231013195653.1222141-2-alex.williamson@redhat.com>
        <04d9af1d-e459-4431-bea3-679ade88f7d5@redhat.com>
X-Mailer: Claws Mail 4.1.1 (GTK 3.24.35; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,
        SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 16 Oct 2023 13:17:33 -0700 (PDT)

On Mon, 16 Oct 2023 09:52:41 +0200
C=C3=A9dric Le Goater <clg@redhat.com> wrote:

> On 10/13/23 21:56, Alex Williamson wrote:
> > Found via kmemleak, eventfd context is leaked if not explicitly torn
> > down by userspace.  Clear pointers to track released contexts.  Also
> > remove unused irq_fd field in mtty structure, set but never used. =20
>=20
> This could be 2 different patches, one cleanup and one fix.

Of course.

> > Fixes: 9d1a546c53b4 ("docs: Sample driver to demonstrate how to use Med=
iated device framework.")
> > Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
> > ---
> >   samples/vfio-mdev/mtty.c | 28 +++++++++++++++++++++++-----
> >   1 file changed, 23 insertions(+), 5 deletions(-)
> >=20
> > diff --git a/samples/vfio-mdev/mtty.c b/samples/vfio-mdev/mtty.c
> > index 5af00387c519..0a2760818e46 100644
> > --- a/samples/vfio-mdev/mtty.c
> > +++ b/samples/vfio-mdev/mtty.c
> > @@ -127,7 +127,6 @@ struct serial_port {
> >   /* State of each mdev device */
> >   struct mdev_state {
> >   	struct vfio_device vdev;
> > -	int irq_fd;
> >   	struct eventfd_ctx *intx_evtfd;
> >   	struct eventfd_ctx *msi_evtfd;
> >   	int irq_index;
> > @@ -938,8 +937,10 @@ static int mtty_set_irqs(struct mdev_state *mdev_s=
tate, uint32_t flags,
> >   		{
> >   			if (flags & VFIO_IRQ_SET_DATA_NONE) {
> >   				pr_info("%s: disable INTx\n", __func__);
> > -				if (mdev_state->intx_evtfd)
> > +				if (mdev_state->intx_evtfd) {
> >   					eventfd_ctx_put(mdev_state->intx_evtfd);
> > +					mdev_state->intx_evtfd =3D NULL;
> > +				}
> >   				break;
> >   			}
> >  =20
> > @@ -955,7 +956,6 @@ static int mtty_set_irqs(struct mdev_state *mdev_st=
ate, uint32_t flags,
> >   						break;
> >   					} =20
>=20
> Shouln't mdev_state->intx_evtfd value be tested before calling
> eventfd_ctx() ?

The state of mtty interrupt handling is really quite atrocious, it's a
pretty significant overhaul to really make it comply with the SET_IRQS
ioctl.  I'll see what I can do, but it's so broken that I hope you
won't insist on splitting out each fix.  Thanks,

Alex

> >   					mdev_state->intx_evtfd =3D evt;
> > -					mdev_state->irq_fd =3D fd;
> >   					mdev_state->irq_index =3D index;
> >   					break;
> >   				}
> > @@ -971,8 +971,10 @@ static int mtty_set_irqs(struct mdev_state *mdev_s=
tate, uint32_t flags,
> >   			break;
> >   		case VFIO_IRQ_SET_ACTION_TRIGGER:
> >   			if (flags & VFIO_IRQ_SET_DATA_NONE) {
> > -				if (mdev_state->msi_evtfd)
> > +				if (mdev_state->msi_evtfd) {
> >   					eventfd_ctx_put(mdev_state->msi_evtfd);
> > +					mdev_state->msi_evtfd =3D NULL;
> > +				}
> >   				pr_info("%s: disable MSI\n", __func__);
> >   				mdev_state->irq_index =3D VFIO_PCI_INTX_IRQ_INDEX;
> >   				break;
> > @@ -993,7 +995,6 @@ static int mtty_set_irqs(struct mdev_state *mdev_st=
ate, uint32_t flags,
> >   					break;
> >   				}
> >   				mdev_state->msi_evtfd =3D evt;
> > -				mdev_state->irq_fd =3D fd;
> >   				mdev_state->irq_index =3D index;
> >   			}
> >   			break;
> > @@ -1262,6 +1263,22 @@ static unsigned int mtty_get_available(struct md=
ev_type *mtype)
> >   	return atomic_read(&mdev_avail_ports) / type->nr_ports;
> >   }
> >  =20
> > +static void mtty_close(struct vfio_device *vdev)
> > +{
> > +	struct mdev_state *mdev_state =3D
> > +		container_of(vdev, struct mdev_state, vdev);
> > +
> > +	if (mdev_state->intx_evtfd) {
> > +		eventfd_ctx_put(mdev_state->intx_evtfd);
> > +		mdev_state->intx_evtfd =3D NULL;
> > +	}
> > +	if (mdev_state->msi_evtfd) {
> > +		eventfd_ctx_put(mdev_state->msi_evtfd);
> > +		mdev_state->msi_evtfd =3D NULL;
> > +	}
> > +	mdev_state->irq_index =3D -1;
> > +}
> > +
> >   static const struct vfio_device_ops mtty_dev_ops =3D {
> >   	.name =3D "vfio-mtty",
> >   	.init =3D mtty_init_dev,
> > @@ -1273,6 +1290,7 @@ static const struct vfio_device_ops mtty_dev_ops =
=3D {
> >   	.unbind_iommufd	=3D vfio_iommufd_emulated_unbind,
> >   	.attach_ioas	=3D vfio_iommufd_emulated_attach_ioas,
> >   	.detach_ioas	=3D vfio_iommufd_emulated_detach_ioas,
> > +	.close_device	=3D mtty_close,
> >   };
> >  =20
> >   static struct mdev_driver mtty_driver =3D { =20
>=20