| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <13162b9e48402f306b3f50e6686d76a051138a75.camel@linux.ibm.com>
Date: Tue, 12 Oct 2021 15:36:36 +0200
From: Vineeth Vijayan <vneethv@...ux.ibm.com>
To: Halil Pasic <pasic@...ux.ibm.com>,
Peter Oberparleiter <oberpar@...ux.ibm.com>,
Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ibm.com>,
Michael Mueller <mimu@...ux.ibm.com>,
Cornelia Huck <cohuck@...hat.com>,
Pierre Morel <pmorel@...ux.ibm.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: stable@...r.kernel.org, bfu@...hat.com
Subject: Re: [RFC PATCH 1/1] s390/cio: make ccw_device_dma_* more robust
Looks good. Thanks.
Acked-by: Vineeth Vijayan <vneethv@...ux.ibm.com>
Some minor questions below.
On Mon, 2021-10-11 at 13:59 +0200, Halil Pasic wrote:
> Since commit 48720ba56891 ("virtio/s390: use DMA memory for ccw I/O
> and
> classic notifiers") we were supposed to make sure that
> virtio_ccw_release_dev() completes before the ccw device and the
> attached dma pool are torn down, but unfortunately we did
> not. Before
> that commit it used to be OK to delay cleaning up the memory
> allocated
> by virtio-ccw indefinitely (which isn't really intuitive for guys
> used
> to destruction happens in reverse construction order), but now we
> trigger a BUG_ON if the genpool is destroyed before all memory
> allocated
> form it.
allocated from it ?
> Which brings down the guest. We can observe this problem, when
> unregister_virtio_device() does not give up the last reference to the
> virtio_device (e.g. because a virtio-scsi attached scsi disk got
> removed
> without previously unmounting its previously mounted partition).
>
> To make sure that the genpool is only destroyed after all the
> necessary
> freeing is done let us take a reference on the ccw device on each
> ccw_device_dma_zalloc() and give it up on each ccw_device_dma_free().
>
> Actually there are multiple approaches to fixing the problem at hand
> that can work. The upside of this one is that it is the safest one
> while
> remaining simple. We don't crash the guest even if the driver does
> not
> pair allocations and frees. The downside is the reference counting
> overhead, that the reference counting for ccw devices becomes more
> complex, in a sense that we need to pair the calls to the
> aforementioned
> functions for it to be correct, and that if we happen to leak, we
> leak
> more than necessary (the whole ccw device instead of just the
> genpool).
>
> Some alternatives to this approach are taking a reference in
> virtio_ccw_online() and giving it up in virtio_ccw_release_dev() or
> making sure virtio_ccw_release_dev() completes its work before
> virtio_ccw_remove() returns. The downside of these approaches is that
> these are less safe against programming errors.
>
> Cc: <stable@...r.kernel.org> # v5.3
> Signed-off-by: Halil Pasic <pasic@...ux.ibm.com>
> Fixes: 48720ba56891 ("virtio/s390: use DMA memory for ccw I/O and
> classic notifiers")
> Reported-by: bfu@...hat.com
>
> ---
>
> FYI I've proposed a different fix to this very same problem:
> https://lore.kernel.org/lkml/20210915215742.1793314-1-pasic@linux.ibm.com/
>
> This patch is more or less a result of that discussion.
>
Powered by blists - more mailing lists