| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211012233247.63b7a22c.pasic@linux.ibm.com>
Date: Tue, 12 Oct 2021 23:32:47 +0200
From: Halil Pasic <pasic@...ux.ibm.com>
To: Vineeth Vijayan <vneethv@...ux.ibm.com>
Cc: Peter Oberparleiter <oberpar@...ux.ibm.com>,
Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ibm.com>,
Michael Mueller <mimu@...ux.ibm.com>,
Cornelia Huck <cohuck@...hat.com>,
Pierre Morel <pmorel@...ux.ibm.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org, bfu@...hat.com,
Halil Pasic <pasic@...ux.ibm.com>
Subject: Re: [RFC PATCH 1/1] s390/cio: make ccw_device_dma_* more robust
On Tue, 12 Oct 2021 15:36:36 +0200
Vineeth Vijayan <vneethv@...ux.ibm.com> wrote:
> Looks good. Thanks.
> Acked-by: Vineeth Vijayan <vneethv@...ux.ibm.com>
Can I convince you to upgrade to Reviewed-by?
>
> Some minor questions below.
>
> On Mon, 2021-10-11 at 13:59 +0200, Halil Pasic wrote:
> > Since commit 48720ba56891 ("virtio/s390: use DMA memory for ccw I/O
> > and
> > classic notifiers") we were supposed to make sure that
> > virtio_ccw_release_dev() completes before the ccw device and the
> > attached dma pool are torn down, but unfortunately we did
> > not. Before
> > that commit it used to be OK to delay cleaning up the memory
> > allocated
> > by virtio-ccw indefinitely (which isn't really intuitive for guys
> > used
> > to destruction happens in reverse construction order), but now we
> > trigger a BUG_ON if the genpool is destroyed before all memory
> > allocated
> > form it.
> allocated from it ?
Yes. And I think I should add "is deallocated." to the end as well,
because we don't destroy memory, we deallocate it ;)
> > Which brings down the guest. We can observe this problem, when
> > unregister_virtio_device() does not give up the last reference to the
> > virtio_device (e.g. because a virtio-scsi attached scsi disk got
> > removed
> > without previously unmounting its previously mounted partition).
> >
> > To make sure that the genpool is only destroyed after all the
> > necessary
> > freeing is done let us take a reference on the ccw device on each
> > ccw_device_dma_zalloc() and give it up on each ccw_device_dma_free().
> >
> > Actually there are multiple approaches to fixing the problem at hand
> > that can work. The upside of this one is that it is the safest one
> > while
> > remaining simple. We don't crash the guest even if the driver does
> > not
> > pair allocations and frees. The downside is the reference counting
> > overhead, that the reference counting for ccw devices becomes more
> > complex, in a sense that we need to pair the calls to the
> > aforementioned
> > functions for it to be correct, and that if we happen to leak, we
> > leak
> > more than necessary (the whole ccw device instead of just the
> > genpool).
> >
> > Some alternatives to this approach are taking a reference in
> > virtio_ccw_online() and giving it up in virtio_ccw_release_dev() or
> > making sure virtio_ccw_release_dev() completes its work before
> > virtio_ccw_remove() returns. The downside of these approaches is that
> > these are less safe against programming errors.
> >
> > Cc: <stable@...r.kernel.org> # v5.3
> > Signed-off-by: Halil Pasic <pasic@...ux.ibm.com>
> > Fixes: 48720ba56891 ("virtio/s390: use DMA memory for ccw I/O and
> > classic notifiers")
> > Reported-by: bfu@...hat.com
> >
> > ---
> >
> > FYI I've proposed a different fix to this very same problem:
> > https://lore.kernel.org/lkml/20210915215742.1793314-1-pasic@linux.ibm.com/
> >
> > This patch is more or less a result of that discussion.
> >
>
Powered by blists - more mailing lists