From: Jerry Hoemann <jerry.hoemann@hp.com>
To: Joerg Roedel <joro@8bytes.org>
Cc: Alex Williamson <alex.williamson@redhat.com>,
Joerg Roedel <jroedel@suse.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org,
Myron Stowe <mstowe@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Jiang Liu <jiang.liu@linux.intel.com>
Subject: Re: [PATCH 2/2] iommu/vt-d: Only remove domain when device is removed
Date: Thu, 11 Dec 2014 09:35:34 -0700 [thread overview]
Message-ID: <20141211163534.GA4765@anatevka.fc.hp.com> (raw)
In-Reply-To: <20141209121525.GM3762@8bytes.org>
On Tue, Dec 09, 2014 at 01:15:25PM +0100, Joerg Roedel wrote:
> On Thu, Nov 06, 2014 at 09:16:05AM -0700, Alex Williamson wrote:
> > But the domains are unlinked from device_domain_list using
> > unlink_domain_info() which is called from both domain_remove_dev_info()
> > and domain_remove_one_dev_info() which are both part of that more
> > likely, unlikely branch in intel_iommu_attach_device(). So it seems
> > like any time we switch a device from the DMA-API to the IOMMU-API, we
> > lose the reference to the domain. Is that incorrect? I'll try to test.
>
> Okay, I thought a while about that and it looks like a real fix needs a
> rewrite of the domain handling code in the VT-d driver to better handle
> domain lifetime. We'll get this for free when we add default domains and
> more domain handling logic to the iommu core, so I think we don't need
> to start rewriting the VT-d driver for this.
> But for the time being, here is a simple fix for the leak in
> iommu_attach_domain:
Joerg,
This patch doesn't seem to be fixing the memory leak.
I am testing with a 3.18.0-rc7 kernel applied to a RHEL 7.0 system.
I added printk in free_domain_mem and alloc_domain to first reproduce
Alex's observation. I created a VM and assigned a PCI NIC w/ no associated
RMRR to the VM.
The pattern I see is when starting the VM is:
alloc_domain -> X
When powering off the VM:
free_domain_mem(X)
alloc_domain -> Y
I then applied the patch below and I still see the same pattern of two
alloc_domain and one free_domain_mem when powering on/off the VM.
I added some additional instrumentation and I do not see the new call
to domain_exit being executed. (See inline comments below.)
Jerry
>
> >From d65b236d0f27fe3ef7ac4d12cceb0da67aec86ce Mon Sep 17 00:00:00 2001
> From: Joerg Roedel <jroedel@suse.de>
> Date: Tue, 9 Dec 2014 12:56:45 +0100
> Subject: [PATCH] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device
>
> Since commit 1196c2f a domain is only destroyed in the
> notifier path if it is hot-unplugged. This caused a
> domain leakage in iommu_attach_device when a driver was
> unbound from the device and bound to VFIO. In this case the
> device is attached to a new domain and unlinked from the old
> domain. At this point nothing points to the old domain
> anymore and its memory is leaked.
> Fix this by explicitly freeing the old domain in
> iommu_attach_domain.
>
> Fixes: 1196c2f 'iommu/vt-d: Only remove domain when device is removed'
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> ---
> drivers/iommu/intel-iommu.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
> index 1232336..9ef8e89 100644
> --- a/drivers/iommu/intel-iommu.c
> +++ b/drivers/iommu/intel-iommu.c
> @@ -4424,10 +4424,13 @@ static int intel_iommu_attach_device(struct iommu_domain *domain,
>
> old_domain = find_domain(dev);
> if (old_domain) {
> - if (domain_type_is_vm_or_si(dmar_domain))
> + if (domain_type_is_vm_or_si(dmar_domain)) {
JAH> This path is executed when starting the VM.
> domain_remove_one_dev_info(old_domain, dev);
> - else
> + } else {
JAH> I don't see this path being executed.
> domain_remove_dev_info(old_domain);
> + if (list_empty(&old_domain->devices))
> + domain_exit(old_domain);
> + }
> }
> }
>
> --
> 1.8.4.5
>
> _______________________________________________
> iommu mailing list
> iommu@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/iommu
--
----------------------------------------------------------------------------
Jerry Hoemann Software Engineer Hewlett-Packard
3404 E Harmony Rd. MS 36 phone: (970) 898-1022
Ft. Collins, CO 80528 FAX: (970) 898-0707
email: jerry.hoemann@hp.com
----------------------------------------------------------------------------
WARNING: multiple messages have this Message-ID (diff)
From: Jerry Hoemann <jerry.hoemann-VXdhtT5mjnY@public.gmane.org>
To: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
Cc: Joerg Roedel <jroedel-l3A5Bk7waGM@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
Myron Stowe <mstowe-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
David Woodhouse <dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
Jiang Liu <jiang.liu-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
Subject: Re: [PATCH 2/2] iommu/vt-d: Only remove domain when device is removed
Date: Thu, 11 Dec 2014 09:35:34 -0700 [thread overview]
Message-ID: <20141211163534.GA4765@anatevka.fc.hp.com> (raw)
In-Reply-To: <20141209121525.GM3762-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
On Tue, Dec 09, 2014 at 01:15:25PM +0100, Joerg Roedel wrote:
> On Thu, Nov 06, 2014 at 09:16:05AM -0700, Alex Williamson wrote:
> > But the domains are unlinked from device_domain_list using
> > unlink_domain_info() which is called from both domain_remove_dev_info()
> > and domain_remove_one_dev_info() which are both part of that more
> > likely, unlikely branch in intel_iommu_attach_device(). So it seems
> > like any time we switch a device from the DMA-API to the IOMMU-API, we
> > lose the reference to the domain. Is that incorrect? I'll try to test.
>
> Okay, I thought a while about that and it looks like a real fix needs a
> rewrite of the domain handling code in the VT-d driver to better handle
> domain lifetime. We'll get this for free when we add default domains and
> more domain handling logic to the iommu core, so I think we don't need
> to start rewriting the VT-d driver for this.
> But for the time being, here is a simple fix for the leak in
> iommu_attach_domain:
Joerg,
This patch doesn't seem to be fixing the memory leak.
I am testing with a 3.18.0-rc7 kernel applied to a RHEL 7.0 system.
I added printk in free_domain_mem and alloc_domain to first reproduce
Alex's observation. I created a VM and assigned a PCI NIC w/ no associated
RMRR to the VM.
The pattern I see is when starting the VM is:
alloc_domain -> X
When powering off the VM:
free_domain_mem(X)
alloc_domain -> Y
I then applied the patch below and I still see the same pattern of two
alloc_domain and one free_domain_mem when powering on/off the VM.
I added some additional instrumentation and I do not see the new call
to domain_exit being executed. (See inline comments below.)
Jerry
>
> >From d65b236d0f27fe3ef7ac4d12cceb0da67aec86ce Mon Sep 17 00:00:00 2001
> From: Joerg Roedel <jroedel-l3A5Bk7waGM@public.gmane.org>
> Date: Tue, 9 Dec 2014 12:56:45 +0100
> Subject: [PATCH] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device
>
> Since commit 1196c2f a domain is only destroyed in the
> notifier path if it is hot-unplugged. This caused a
> domain leakage in iommu_attach_device when a driver was
> unbound from the device and bound to VFIO. In this case the
> device is attached to a new domain and unlinked from the old
> domain. At this point nothing points to the old domain
> anymore and its memory is leaked.
> Fix this by explicitly freeing the old domain in
> iommu_attach_domain.
>
> Fixes: 1196c2f 'iommu/vt-d: Only remove domain when device is removed'
> Signed-off-by: Joerg Roedel <jroedel-l3A5Bk7waGM@public.gmane.org>
> ---
> drivers/iommu/intel-iommu.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
> index 1232336..9ef8e89 100644
> --- a/drivers/iommu/intel-iommu.c
> +++ b/drivers/iommu/intel-iommu.c
> @@ -4424,10 +4424,13 @@ static int intel_iommu_attach_device(struct iommu_domain *domain,
>
> old_domain = find_domain(dev);
> if (old_domain) {
> - if (domain_type_is_vm_or_si(dmar_domain))
> + if (domain_type_is_vm_or_si(dmar_domain)) {
JAH> This path is executed when starting the VM.
> domain_remove_one_dev_info(old_domain, dev);
> - else
> + } else {
JAH> I don't see this path being executed.
> domain_remove_dev_info(old_domain);
> + if (list_empty(&old_domain->devices))
> + domain_exit(old_domain);
> + }
> }
> }
>
> --
> 1.8.4.5
>
> _______________________________________________
> iommu mailing list
> iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
> https://lists.linuxfoundation.org/mailman/listinfo/iommu
--
----------------------------------------------------------------------------
Jerry Hoemann Software Engineer Hewlett-Packard
3404 E Harmony Rd. MS 36 phone: (970) 898-1022
Ft. Collins, CO 80528 FAX: (970) 898-0707
email: jerry.hoemann-VXdhtT5mjnY@public.gmane.org
----------------------------------------------------------------------------
next prev parent reply other threads:[~2014-12-11 16:35 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-30 11:02 [PATCH 0/2] iommu/vt-d: Keep RMRR mappings around on driver unbind Joerg Roedel
2014-09-30 11:02 ` Joerg Roedel
2014-09-30 11:02 ` [PATCH 1/2] driver core: Add BUS_NOTIFY_REMOVED_DEVICE event Joerg Roedel
2014-09-30 11:02 ` Joerg Roedel
2014-09-30 11:02 ` [PATCH 2/2] iommu/vt-d: Only remove domain when device is removed Joerg Roedel
2014-09-30 11:02 ` Joerg Roedel
2014-11-04 16:12 ` Alex Williamson
2014-11-04 16:12 ` Alex Williamson
2014-11-06 12:54 ` Joerg Roedel
2014-11-06 12:54 ` Joerg Roedel
2014-11-06 16:16 ` Alex Williamson
2014-11-06 16:16 ` Alex Williamson
2014-11-06 16:43 ` Alex Williamson
2014-11-06 16:43 ` Alex Williamson
2014-12-09 12:15 ` Joerg Roedel
2014-12-09 12:15 ` Joerg Roedel
2014-12-11 16:35 ` Jerry Hoemann [this message]
2014-12-11 16:35 ` Jerry Hoemann
2014-12-12 15:56 ` Joerg Roedel
2014-12-12 15:56 ` Joerg Roedel
2014-10-01 22:35 ` [PATCH 0/2] iommu/vt-d: Keep RMRR mappings around on driver unbind Greg Kroah-Hartman
2014-10-01 22:35 ` Greg Kroah-Hartman
2014-10-02 9:20 ` Joerg Roedel
2014-10-02 9:20 ` Joerg Roedel
2014-10-02 0:30 ` Jerry Hoemann
2014-10-02 0:30 ` Jerry Hoemann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141211163534.GA4765@anatevka.fc.hp.com \
--to=jerry.hoemann@hp.com \
--cc=alex.williamson@redhat.com \
--cc=dwmw2@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jiang.liu@linux.intel.com \
--cc=joro@8bytes.org \
--cc=jroedel@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mstowe@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.