Michael S. Tsirkin
2015-Jan-04 16:02 UTC
[PATCH 0/3] virtio_pci: fix DEBUG_KOBJECT_RELEASE
This is based on Sasha's patch, with some tweaks. Michael S. Tsirkin (2): virtio_pci: device-specific release callback virtio_pci: document why we defer kfree Sasha Levin (1): virtio_pci: defer kfree until release callback drivers/virtio/virtio_pci_common.h | 1 - drivers/virtio/virtio_pci_common.c | 9 --------- drivers/virtio/virtio_pci_legacy.c | 12 +++++++++++- 3 files changed, 11 insertions(+), 11 deletions(-) -- MST
Michael S. Tsirkin
2015-Jan-04 16:02 UTC
[PATCH 1/3] virtio_pci: device-specific release callback
It turns out we need to add device-specific code
in release callback.
In particular, we need to free memory allocated in probe.
Move it to virtio_pci_legacy.c.
Signed-off-by: Michael S. Tsirkin <mst at redhat.com>
---
drivers/virtio/virtio_pci_common.h | 1 -
drivers/virtio/virtio_pci_common.c | 9 ---------
drivers/virtio/virtio_pci_legacy.c | 9 +++++++++
3 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/virtio/virtio_pci_common.h
b/drivers/virtio/virtio_pci_common.h
index 1584833..24956c5 100644
--- a/drivers/virtio/virtio_pci_common.h
+++ b/drivers/virtio/virtio_pci_common.h
@@ -146,7 +146,6 @@ const char *vp_bus_name(struct virtio_device *vdev);
* - ignore the affinity request if we're using INTX
*/
int vp_set_vq_affinity(struct virtqueue *vq, int cpu);
-void virtio_pci_release_dev(struct device *);
int virtio_pci_legacy_probe(struct pci_dev *pci_dev,
const struct pci_device_id *id);
diff --git a/drivers/virtio/virtio_pci_common.c
b/drivers/virtio/virtio_pci_common.c
index cb08a68..557cbcb 100644
--- a/drivers/virtio/virtio_pci_common.c
+++ b/drivers/virtio/virtio_pci_common.c
@@ -422,15 +422,6 @@ int vp_set_vq_affinity(struct virtqueue *vq, int cpu)
return 0;
}
-void virtio_pci_release_dev(struct device *_d)
-{
- /*
- * No need for a release method as we allocate/free
- * all devices together with the pci devices.
- * Provide an empty one to avoid getting a warning from core.
- */
-}
-
#ifdef CONFIG_PM_SLEEP
static int virtio_pci_freeze(struct device *dev)
{
diff --git a/drivers/virtio/virtio_pci_legacy.c
b/drivers/virtio/virtio_pci_legacy.c
index 6c76f0f..08d1915 100644
--- a/drivers/virtio/virtio_pci_legacy.c
+++ b/drivers/virtio/virtio_pci_legacy.c
@@ -211,6 +211,15 @@ static const struct virtio_config_ops virtio_pci_config_ops
= {
.set_vq_affinity = vp_set_vq_affinity,
};
+static void virtio_pci_release_dev(struct device *_d)
+{
+ /*
+ * No need for a release method as we allocate/free
+ * all devices together with the pci devices.
+ * Provide an empty one to avoid getting a warning from core.
+ */
+}
+
/* the PCI probing function */
int virtio_pci_legacy_probe(struct pci_dev *pci_dev,
const struct pci_device_id *id)
--
MST
Michael S. Tsirkin
2015-Jan-04 16:02 UTC
[PATCH 2/3] virtio_pci: defer kfree until release callback
From: Sasha Levin <sasha.levin at oracle.com>
A struct device which has just been unregistered can live on past the
point at which a driver decides to drop it's initial reference to the
kobject gained on allocation.
This implies that when releasing a virtio device, we can't free a struct
virtio_device until the underlying struct device has been released,
which might not happen immediately on device_unregister().
Unfortunately, this is exactly what virtio pci does:
it has an empty release callback, and frees memory immediately
after unregistering the device.
This causes an easy to reproduce crash if CONFIG_DEBUG_KOBJECT_RELEASE
it enabled.
To fix, free the memory only once we know the device is gone in the release
callback.
Cc: stable at vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
Signed-off-by: Michael S. Tsirkin <mst at redhat.com>
---
drivers/virtio/virtio_pci_legacy.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/virtio/virtio_pci_legacy.c
b/drivers/virtio/virtio_pci_legacy.c
index 08d1915..4beaee3 100644
--- a/drivers/virtio/virtio_pci_legacy.c
+++ b/drivers/virtio/virtio_pci_legacy.c
@@ -213,11 +213,10 @@ static const struct virtio_config_ops
virtio_pci_config_ops = {
static void virtio_pci_release_dev(struct device *_d)
{
- /*
- * No need for a release method as we allocate/free
- * all devices together with the pci devices.
- * Provide an empty one to avoid getting a warning from core.
- */
+ struct virtio_device *vdev = dev_to_virtio(_d);
+ struct virtio_pci_device *vp_dev = to_vp_device(vdev);
+
+ kfree(vp_dev);
}
/* the PCI probing function */
@@ -311,5 +310,4 @@ void virtio_pci_legacy_remove(struct pci_dev *pci_dev)
pci_iounmap(pci_dev, vp_dev->ioaddr);
pci_release_regions(pci_dev);
pci_disable_device(pci_dev);
- kfree(vp_dev);
}
--
MST
Michael S. Tsirkin
2015-Jan-04 16:02 UTC
[PATCH 3/3] virtio_pci: document why we defer kfree
The reason we defer kfree until release function is because it's a general rule for kobjects: kfree of the reference counter itself is only legal in the release function. Previous patch didn't make this clear, document this in code. Cc: stable at vger.kernel.org Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- drivers/virtio/virtio_pci_legacy.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/virtio/virtio_pci_legacy.c b/drivers/virtio/virtio_pci_legacy.c index 4beaee3..a5486e6 100644 --- a/drivers/virtio/virtio_pci_legacy.c +++ b/drivers/virtio/virtio_pci_legacy.c @@ -216,6 +216,9 @@ static void virtio_pci_release_dev(struct device *_d) struct virtio_device *vdev = dev_to_virtio(_d); struct virtio_pci_device *vp_dev = to_vp_device(vdev); + /* As struct device is a kobject, it's not safe to + * free the memory (including the reference counter itself) + * until it's release callback. */ kfree(vp_dev); } -- MST
Michael S. Tsirkin
2015-Jan-04 16:21 UTC
[PATCH 0/3] virtio_pci: fix DEBUG_KOBJECT_RELEASE
On Sun, Jan 04, 2015 at 06:02:13PM +0200, Michael S. Tsirkin wrote:> This is based on Sasha's patch, with some tweaks. >Sasha, I would appreciate it if you can send a Tested-by tag to confirm this + the del_vqs idempotent patches are sufficient to address all issues you have with 3.19.> Michael S. Tsirkin (2): > virtio_pci: device-specific release callback > virtio_pci: document why we defer kfree > > Sasha Levin (1): > virtio_pci: defer kfree until release callback > > drivers/virtio/virtio_pci_common.h | 1 - > drivers/virtio/virtio_pci_common.c | 9 --------- > drivers/virtio/virtio_pci_legacy.c | 12 +++++++++++- > 3 files changed, 11 insertions(+), 11 deletions(-) > > -- > MST > > _______________________________________________ > Virtualization mailing list > Virtualization at lists.linux-foundation.org > https://lists.linuxfoundation.org/mailman/listinfo/virtualization
On 01/04/2015 11:21 AM, Michael S. Tsirkin wrote:> On Sun, Jan 04, 2015 at 06:02:13PM +0200, Michael S. Tsirkin wrote: >> > This is based on Sasha's patch, with some tweaks. >> > > > Sasha, I would appreciate it if you can send > a Tested-by tag to confirm this + the del_vqs > idempotent patches are sufficient to address > all issues you have with 3.19.I've tested the series, which fixed the issues I've reported: Tested-by: Sasha Levin <sasha.levin at oracle.com> Thanks, Sasha
Maybe Matching Threads
- [PATCH 0/3] virtio_pci: fix DEBUG_KOBJECT_RELEASE
- [PATCH 1/2] virtio_pci: double free and invalid memory access of device vqs
- [PATCH 1/2] virtio_pci: double free and invalid memory access of device vqs
- [PATCH post-squash 0/9] virtio 1.0: virtio-pci fixup
- [PATCH post-squash 0/9] virtio 1.0: virtio-pci fixup