| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Sep 2022 17:14:02 +0200
From: Niklas Schnelle <schnelle@...ux.ibm.com>
To: Matthew Rosato <mjrosato@...ux.ibm.com>,
Pierre Morel <pmorel@...ux.ibm.com>, iommu@...ts.linux.dev
Cc: linux-s390@...r.kernel.org, borntraeger@...ux.ibm.com,
hca@...ux.ibm.com, gor@...ux.ibm.com,
gerald.schaefer@...ux.ibm.com, agordeev@...ux.ibm.com,
svens@...ux.ibm.com, joro@...tes.org, will@...nel.org,
robin.murphy@....com, jgg@...dia.com, linux-kernel@...r.kernel.org
Subject: [PATCH 3/3] iommu/s390: Get rid of s390_domain_device
When an s390_domain is freed without previously detaching all devices
the corresponding s390_domain_device is leaked. Instead of fixing this
leak by freeing the s390_domain_devices in s390_domain_free() do one
better and just get rid of s390_domain_device entirely by threading the
domain's device list through struct zpci_dev. This also gets rid of
a level of indirection during operations but also the allocation of
the s390_domain_device during attach thus making it more reliable under
memory pressure. Even though this naturally fixes the leak of
s390_domain_device let's still invalidate the list heads of formally
attached struct zpci_devs on s390_domain_free() to aid in debug.
Signed-off-by: Niklas Schnelle <schnelle@...ux.ibm.com>
---
arch/s390/include/asm/pci.h | 1 +
drivers/iommu/s390-iommu.c | 42 ++++++++++++++++---------------------
2 files changed, 19 insertions(+), 24 deletions(-)
diff --git a/arch/s390/include/asm/pci.h b/arch/s390/include/asm/pci.h
index 108e732d7b14..15f8714ca9b7 100644
--- a/arch/s390/include/asm/pci.h
+++ b/arch/s390/include/asm/pci.h
@@ -117,6 +117,7 @@ struct zpci_bus {
struct zpci_dev {
struct zpci_bus *zbus;
struct list_head entry; /* list of all zpci_devices, needed for hotplug, etc. */
+ struct list_head iommu_list;
struct kref kref;
struct hotplug_slot hotplug_slot;
diff --git a/drivers/iommu/s390-iommu.c b/drivers/iommu/s390-iommu.c
index de8f76775240..2fec198823a8 100644
--- a/drivers/iommu/s390-iommu.c
+++ b/drivers/iommu/s390-iommu.c
@@ -29,11 +29,6 @@ struct s390_domain {
spinlock_t list_lock;
};
-struct s390_domain_device {
- struct list_head list;
- struct zpci_dev *zdev;
-};
-
static struct s390_domain *to_s390_domain(struct iommu_domain *dom)
{
return container_of(dom, struct s390_domain, domain);
@@ -78,7 +73,15 @@ static struct iommu_domain *s390_domain_alloc(unsigned domain_type)
static void s390_domain_free(struct iommu_domain *domain)
{
struct s390_domain *s390_domain = to_s390_domain(domain);
+ struct zpci_dev *zdev, *tmp;
+ unsigned long flags;
+ spin_lock_irqsave(&s390_domain->list_lock, flags);
+ list_for_each_entry_safe(zdev, tmp,
+ &s390_domain->devices, iommu_list) {
+ list_del(&zdev->iommu_list);
+ }
+ spin_unlock_irqrestore(&s390_domain->list_lock, flags);
dma_cleanup_tables(s390_domain->dma_table);
kfree(s390_domain);
}
@@ -86,16 +89,15 @@ static void s390_domain_free(struct iommu_domain *domain)
static bool __s390_iommu_detach_device(struct s390_domain *s390_domain,
struct zpci_dev *zdev)
{
- struct s390_domain_device *domain_device, *tmp;
+ struct zpci_dev *zdev_iter, *tmp;
unsigned long flags;
bool found = false;
spin_lock_irqsave(&s390_domain->list_lock, flags);
- list_for_each_entry_safe(domain_device, tmp, &s390_domain->devices,
- list) {
- if (domain_device->zdev == zdev) {
- list_del(&domain_device->list);
- kfree(domain_device);
+ list_for_each_entry_safe(zdev_iter, tmp, &s390_domain->devices,
+ iommu_list) {
+ if (zdev_iter == zdev) {
+ list_del(&zdev->iommu_list);
found = true;
break;
}
@@ -114,7 +116,6 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
{
struct s390_domain *s390_domain = to_s390_domain(domain);
struct zpci_dev *zdev = to_zpci_dev(dev);
- struct s390_domain_device *domain_device;
struct s390_domain *prev_domain = NULL;
unsigned long flags;
int cc, rc = 0;
@@ -122,10 +123,6 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
if (!zdev)
return -ENODEV;
- domain_device = kzalloc(sizeof(*domain_device), GFP_KERNEL);
- if (!domain_device)
- return -ENOMEM;
-
if (zdev->s390_domain) {
prev_domain = zdev->s390_domain;
if (!__s390_iommu_detach_device(zdev->s390_domain, zdev))
@@ -135,7 +132,7 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
rc = -EIO;
}
if (rc)
- goto out_free;
+ return rc;
zdev->dma_table = s390_domain->dma_table;
cc = zpci_register_ioat(zdev, 0, zdev->start_dma, zdev->end_dma,
@@ -158,9 +155,8 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
spin_unlock_irqrestore(&s390_domain->list_lock, flags);
goto out_unregister_restore;
}
- domain_device->zdev = zdev;
zdev->s390_domain = s390_domain;
- list_add(&domain_device->list, &s390_domain->devices);
+ list_add(&zdev->iommu_list, &s390_domain->devices);
spin_unlock_irqrestore(&s390_domain->list_lock, flags);
return 0;
@@ -174,8 +170,6 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
dev);
else
zpci_dma_init_device(zdev);
-out_free:
- kfree(domain_device);
return rc;
}
@@ -229,10 +223,10 @@ static int s390_iommu_update_trans(struct s390_domain *s390_domain,
phys_addr_t pa, dma_addr_t dma_addr,
size_t size, int flags)
{
- struct s390_domain_device *domain_device;
phys_addr_t page_addr = pa & PAGE_MASK;
dma_addr_t start_dma_addr = dma_addr;
unsigned long irq_flags, nr_pages, i;
+ struct zpci_dev *zdev;
unsigned long *entry;
int rc = 0;
@@ -257,8 +251,8 @@ static int s390_iommu_update_trans(struct s390_domain *s390_domain,
}
spin_lock(&s390_domain->list_lock);
- list_for_each_entry(domain_device, &s390_domain->devices, list) {
- rc = zpci_refresh_trans((u64) domain_device->zdev->fh << 32,
+ list_for_each_entry(zdev, &s390_domain->devices, iommu_list) {
+ rc = zpci_refresh_trans((u64)zdev->fh << 32,
start_dma_addr, nr_pages * PAGE_SIZE);
if (rc)
break;
--
2.34.1
Powered by blists - more mailing lists