[2/2] iommu: fix smmu initialization memory leak problem

Message ID	20221021035147.15292-3-liulongfang@huawei.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org> From: Longfang Liu <liulongfang@huawei.com> To: <will@kernel.org>, <robin.murphy@arm.com> CC: <linux-arm-kernel@lists.infradead.org>, <iommu@lists.linux.dev>, <liulongfang@huawei.com> Subject: [PATCH 2/2] iommu: fix smmu initialization memory leak problem Date: Fri, 21 Oct 2022 11:51:47 +0800 Message-ID: <20221021035147.15292-3-liulongfang@huawei.com> In-Reply-To: <20221021035147.15292-1-liulongfang@huawei.com> References: <20221021035147.15292-1-liulongfang@huawei.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	fix the memory leak of iopf \| expand [0/2] fix the memory leak of iopf [1/2] iommu: fix memory leak of iopf [2/2] iommu: fix smmu initialization memory leak problem

Message ID

20221021035147.15292-3-liulongfang@huawei.com (mailing list archive)

State

New, archived

Headers

From: Longfang Liu <liulongfang@huawei.com>
To: <will@kernel.org>, <robin.murphy@arm.com>
CC: <linux-arm-kernel@lists.infradead.org>, <iommu@lists.linux.dev>,
	<liulongfang@huawei.com>
Subject: [PATCH 2/2] iommu: fix smmu initialization memory leak problem
Date: Fri, 21 Oct 2022 11:51:47 +0800
Message-ID: <20221021035147.15292-3-liulongfang@huawei.com>
In-Reply-To: <20221021035147.15292-1-liulongfang@huawei.com>
References: <20221021035147.15292-1-liulongfang@huawei.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

fix the memory leak of iopf | expand

Commit Message

Longfang Liu Oct. 21, 2022, 3:51 a.m. UTC

When iommu_device_register() in arm_smmu_device_probe() fails,
in addition to sysfs needs to be deleted, device should also
be disabled, and the memory of iopf needs to be released to
prevent memory leak of iopf.

Signed-off-by: Longfang Liu <liulongfang@huawei.com>
---
 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

Comments

Will Deacon Nov. 14, 2022, 6:08 p.m. UTC | #1

On Fri, Oct 21, 2022 at 11:51:47AM +0800, Longfang Liu wrote:
> When iommu_device_register() in arm_smmu_device_probe() fails,
> in addition to sysfs needs to be deleted, device should also
> be disabled, and the memory of iopf needs to be released to
> prevent memory leak of iopf.
> 
> Signed-off-by: Longfang Liu <liulongfang@huawei.com>
> ---
>  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> index a1db07bed6a9..c70defb0c866 100644
> --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> @@ -3816,11 +3816,16 @@ static int arm_smmu_device_probe(struct platform_device *pdev)
>  	ret = iommu_device_register(&smmu->iommu, &arm_smmu_ops, dev);
>  	if (ret) {
>  		dev_err(dev, "Failed to register iommu\n");
> -		iommu_device_sysfs_remove(&smmu->iommu);
> -		return ret;
> +		goto err_sysfs_remove;
>  	}
>  
>  	return 0;
> +
> +err_sysfs_remove:
> +	iommu_device_sysfs_remove(&smmu->iommu);
> +	arm_smmu_device_disable(smmu);
> +	iopf_queue_free(smmu->evtq.iopf);
> +	return ret;

Doesn't this miss the cases where iommu_device_sysfs_add() or
arm_smmu_device_reset() fail?

We'd probably be better off using something like devres_alloc() to track
the iopf queue here.

Will

Longfang Liu Nov. 18, 2022, 9:28 a.m. UTC | #2

On 2022/11/15 2:08, Will Deacon Wrote:
> On Fri, Oct 21, 2022 at 11:51:47AM +0800, Longfang Liu wrote:
>> When iommu_device_register() in arm_smmu_device_probe() fails,
>> in addition to sysfs needs to be deleted, device should also
>> be disabled, and the memory of iopf needs to be released to
>> prevent memory leak of iopf.
>>
>> Signed-off-by: Longfang Liu <liulongfang@huawei.com>
>> ---
>>  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 9 +++++++--
>>  1 file changed, 7 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>> index a1db07bed6a9..c70defb0c866 100644
>> --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>> +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>> @@ -3816,11 +3816,16 @@ static int arm_smmu_device_probe(struct platform_device *pdev)
>>  	ret = iommu_device_register(&smmu->iommu, &arm_smmu_ops, dev);
>>  	if (ret) {
>>  		dev_err(dev, "Failed to register iommu\n");
>> -		iommu_device_sysfs_remove(&smmu->iommu);
>> -		return ret;
>> +		goto err_sysfs_remove;
>>  	}
>>  
>>  	return 0;
>> +
>> +err_sysfs_remove:
>> +	iommu_device_sysfs_remove(&smmu->iommu);
>> +	arm_smmu_device_disable(smmu);
>> +	iopf_queue_free(smmu->evtq.iopf);
>> +	return ret;
> 
> Doesn't this miss the cases where iommu_device_sysfs_add() or
> arm_smmu_device_reset() fail?
> 
> We'd probably be better off using something like devres_alloc() to track
> the iopf queue here.
> 
This is actually not a problem found by the test, but a problem found
by the code logic analysis. When an error exits, the memory allocated
by the iopf queue is not released during the entire exit process.


In addition, it can also be seen from arm_smmu_device_remove()
that the missing operation when the probe error exits.

Thanks
Longfang.
> Will
> .
>

Robin Murphy Nov. 18, 2022, 11:54 a.m. UTC | #3

On 2022-11-18 09:28, liulongfang wrote:
> On 2022/11/15 2:08, Will Deacon Wrote:
>> On Fri, Oct 21, 2022 at 11:51:47AM +0800, Longfang Liu wrote:
>>> When iommu_device_register() in arm_smmu_device_probe() fails,
>>> in addition to sysfs needs to be deleted, device should also
>>> be disabled, and the memory of iopf needs to be released to
>>> prevent memory leak of iopf.
>>>
>>> Signed-off-by: Longfang Liu <liulongfang@huawei.com>
>>> ---
>>>   drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 9 +++++++--
>>>   1 file changed, 7 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>> index a1db07bed6a9..c70defb0c866 100644
>>> --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>> +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>> @@ -3816,11 +3816,16 @@ static int arm_smmu_device_probe(struct platform_device *pdev)
>>>   	ret = iommu_device_register(&smmu->iommu, &arm_smmu_ops, dev);
>>>   	if (ret) {
>>>   		dev_err(dev, "Failed to register iommu\n");
>>> -		iommu_device_sysfs_remove(&smmu->iommu);
>>> -		return ret;
>>> +		goto err_sysfs_remove;
>>>   	}
>>>   
>>>   	return 0;
>>> +
>>> +err_sysfs_remove:
>>> +	iommu_device_sysfs_remove(&smmu->iommu);
>>> +	arm_smmu_device_disable(smmu);
>>> +	iopf_queue_free(smmu->evtq.iopf);
>>> +	return ret;
>>
>> Doesn't this miss the cases where iommu_device_sysfs_add() or
>> arm_smmu_device_reset() fail?
>>
>> We'd probably be better off using something like devres_alloc() to track
>> the iopf queue here.
>>
> This is actually not a problem found by the test, but a problem found
> by the code logic analysis. When an error exits, the memory allocated
> by the iopf queue is not released during the entire exit process.

Sure, but the point is that there are at least 5 points of failure after 
iopf_queue_alloc() succeeds, which could result in an early exit from 
probe. This patch only affects the last one of those, so the theoretical 
problem it claims to fix still exists just as much as before.

Robin.

Longfang Liu Nov. 21, 2022, 2:09 a.m. UTC | #4

On 2022/11/18 19:54, Robin Murphy wrote:
> On 2022-11-18 09:28, liulongfang wrote:
>> On 2022/11/15 2:08, Will Deacon Wrote:
>>> On Fri, Oct 21, 2022 at 11:51:47AM +0800, Longfang Liu wrote:
>>>> When iommu_device_register() in arm_smmu_device_probe() fails,
>>>> in addition to sysfs needs to be deleted, device should also
>>>> be disabled, and the memory of iopf needs to be released to
>>>> prevent memory leak of iopf.
>>>>
>>>> Signed-off-by: Longfang Liu <liulongfang@huawei.com>
>>>> ---
>>>>   drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 9 +++++++--
>>>>   1 file changed, 7 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>>> index a1db07bed6a9..c70defb0c866 100644
>>>> --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>>> +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>>> @@ -3816,11 +3816,16 @@ static int arm_smmu_device_probe(struct platform_device *pdev)
>>>>       ret = iommu_device_register(&smmu->iommu, &arm_smmu_ops, dev);
>>>>       if (ret) {
>>>>           dev_err(dev, "Failed to register iommu\n");
>>>> -        iommu_device_sysfs_remove(&smmu->iommu);
>>>> -        return ret;
>>>> +        goto err_sysfs_remove;
>>>>       }
>>>>         return 0;
>>>> +
>>>> +err_sysfs_remove:
>>>> +    iommu_device_sysfs_remove(&smmu->iommu);
>>>> +    arm_smmu_device_disable(smmu);
>>>> +    iopf_queue_free(smmu->evtq.iopf);
>>>> +    return ret;
>>>
>>> Doesn't this miss the cases where iommu_device_sysfs_add() or
>>> arm_smmu_device_reset() fail?
>>>
>>> We'd probably be better off using something like devres_alloc() to track
>>> the iopf queue here.
>>>
>> This is actually not a problem found by the test, but a problem found
>> by the code logic analysis. When an error exits, the memory allocated
>> by the iopf queue is not released during the entire exit process.
> 
> Sure, but the point is that there are at least 5 points of failure after iopf_queue_alloc() succeeds, 

OK! Let me change this patch and modify the abnormal exit part related to iopf_queue_alloc() in probe()

Thanks,
Longfang.

which could result in an early exit from probe. This patch only affects the last one of those, so the theoretical problem it claims to fix still exists just as much as before.
> 
> Robin.
> 
> .
>

diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
index a1db07bed6a9..c70defb0c866 100644
--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
@@ -3816,11 +3816,16 @@  static int arm_smmu_device_probe(struct platform_device *pdev)
 	ret = iommu_device_register(&smmu->iommu, &arm_smmu_ops, dev);
 	if (ret) {
 		dev_err(dev, "Failed to register iommu\n");
-		iommu_device_sysfs_remove(&smmu->iommu);
-		return ret;
+		goto err_sysfs_remove;
 	}
 
 	return 0;
+
+err_sysfs_remove:
+	iommu_device_sysfs_remove(&smmu->iommu);
+	arm_smmu_device_disable(smmu);
+	iopf_queue_free(smmu->evtq.iopf);
+	return ret;
 }
 
 static int arm_smmu_device_remove(struct platform_device *pdev)

[2/2] iommu: fix smmu initialization memory leak problem

Commit Message

Comments

Patch