| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201020103417.6d2dc4a9@w520.home>
Date: Tue, 20 Oct 2020 10:34:17 -0600
From: Alex Williamson <alex.williamson@...hat.com>
To: "xuxiaoyang (C)" <xuxiaoyang2@...wei.com>
Cc: <linux-kernel@...r.kernel.org>, <kvm@...r.kernel.org>,
<kwankhede@...dia.com>, <xieyingtai@...wei.com>,
<lizhengui@...wei.com>
Subject: Re: [PATCH] vfio iommu type1: Fix memory leak in
vfio_iommu_type1_pin_pages
On Fri, 16 Oct 2020 17:35:58 +0800
"xuxiaoyang (C)" <xuxiaoyang2@...wei.com> wrote:
> From 099744c26513e386e707faecb3f17726e236d9bc Mon Sep 17 00:00:00 2001
> From: Xiaoyang Xu <xuxiaoyang2@...wei.com>
> Date: Fri, 16 Oct 2020 15:32:02 +0800
> Subject: [PATCH] vfio iommu type1: Fix memory leak in
> vfio_iommu_type1_pin_pages
>
> pfn is not added to pfn_list when vfio_add_to_pfn_list fails.
> vfio_unpin_page_external will exit directly without calling
> vfio_iova_put_vfio_pfn.This will lead to a memory leak.
>
> Signed-off-by: Xiaoyang Xu <xuxiaoyang2@...wei.com>
> ---
> drivers/vfio/vfio_iommu_type1.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index c255a6683f31..26f518b02c81 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -640,6 +640,7 @@ static int vfio_iommu_type1_pin_pages(void *iommu_data,
> unsigned long remote_vaddr;
> struct vfio_dma *dma;
> bool do_accounting;
> + int unlocked;
>
> if (!iommu || !user_pfn || !phys_pfn)
> return -EINVAL;
> @@ -693,7 +694,9 @@ static int vfio_iommu_type1_pin_pages(void *iommu_data,
>
> ret = vfio_add_to_pfn_list(dma, iova, phys_pfn[i]);
> if (ret) {
> - vfio_unpin_page_external(dma, iova, do_accounting);
> + unlocked = put_pfn(phys_pfn[i], dma->prot);
> + if (do_accounting)
> + vfio_lock_acct(dma, -unlocked, true);
> goto pin_unwind;
> }
>
Thanks, this looks correct to me, but can also be simplified to:
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index defd44522319..57b068abceb9 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -693,7 +693,8 @@ static int vfio_iommu_type1_pin_pages(void *iommu_data,
ret = vfio_add_to_pfn_list(dma, iova, phys_pfn[i]);
if (ret) {
- vfio_unpin_page_external(dma, iova, do_accounting);
+ if (put_pfn(phys_pfn[i], dma->prot) && do_accounting)
+ vfio_lock_acct(dma, -1, true);
goto pin_unwind;
}
ie. we don't need a variable to track the one page we unpin that might
be accounted and we can avoid branching to vfio_lock_acct() for -0 unlocked.
We should also add a Fixes tag so this propagates back to the relevant
stable releases:
Fixes: a54eb55045ae ("vfio iommu type1: Add support for mediated devices")
I've made both of these changes in my next queue, please let me know if
I've overlooked something or there's an objection. Thanks,
Alex
Powered by blists - more mailing lists