From: Alex Williamson <alex.williamson@redhat.com>
To: Paul Mackerras <paulus@ozlabs.org>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>,
linuxppc-dev@lists.ozlabs.org,
David Gibson <david@gibson.dropbear.id.au>,
kvm-ppc@vger.kernel.org, kvm@vger.kernel.org,
Jose Ricardo Ziviani <joserz@linux.ibm.com>
Subject: Re: [PATCH kernel] vfio/spapr_tce: Fix incorrect tce_iommu_group memory free
Date: Fri, 23 Aug 2019 08:40:12 -0600 [thread overview]
Message-ID: <20190823084012.202ba70f@x1.home> (raw)
In-Reply-To: <20190823053241.hogc44em2ccwdwq4@oak.ozlabs.ibm.com>
On Fri, 23 Aug 2019 15:32:41 +1000
Paul Mackerras <paulus@ozlabs.org> wrote:
> On Mon, Aug 19, 2019 at 11:51:17AM +1000, Alexey Kardashevskiy wrote:
> > The @tcegrp variable is used in 1) a loop over attached groups
> > 2) it stores a pointer to a newly allocated tce_iommu_group if 1) found
> > nothing. However the error handler does not distinguish how we got there
> > and incorrectly releases memory for a found+incompatible group.
> >
> > This fixes it by adding another error handling case.
> >
> > Fixes: 0bd971676e68 ("powerpc/powernv/npu: Add compound IOMMU groups")
> > Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
>
> Good catch. This is potentially nasty since it is a double free.
> Alex, are you going to take this, or would you prefer it goes via
> Michael Ellerman's tree?
>
> Reviewed-by: Paul Mackerras <paulus@ozlabs.org>
I can take it, I've got it queued, but was hoping for an ack/review by
you or David. I'll add the R-b and push it out to my next branch.
Thanks,
Alex
WARNING: multiple messages have this Message-ID (diff)
From: Alex Williamson <alex.williamson@redhat.com>
To: Paul Mackerras <paulus@ozlabs.org>
Cc: kvm@vger.kernel.org, Jose Ricardo Ziviani <joserz@linux.ibm.com>,
Alexey Kardashevskiy <aik@ozlabs.ru>,
kvm-ppc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH kernel] vfio/spapr_tce: Fix incorrect tce_iommu_group memory free
Date: Fri, 23 Aug 2019 08:40:12 -0600 [thread overview]
Message-ID: <20190823084012.202ba70f@x1.home> (raw)
In-Reply-To: <20190823053241.hogc44em2ccwdwq4@oak.ozlabs.ibm.com>
On Fri, 23 Aug 2019 15:32:41 +1000
Paul Mackerras <paulus@ozlabs.org> wrote:
> On Mon, Aug 19, 2019 at 11:51:17AM +1000, Alexey Kardashevskiy wrote:
> > The @tcegrp variable is used in 1) a loop over attached groups
> > 2) it stores a pointer to a newly allocated tce_iommu_group if 1) found
> > nothing. However the error handler does not distinguish how we got there
> > and incorrectly releases memory for a found+incompatible group.
> >
> > This fixes it by adding another error handling case.
> >
> > Fixes: 0bd971676e68 ("powerpc/powernv/npu: Add compound IOMMU groups")
> > Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
>
> Good catch. This is potentially nasty since it is a double free.
> Alex, are you going to take this, or would you prefer it goes via
> Michael Ellerman's tree?
>
> Reviewed-by: Paul Mackerras <paulus@ozlabs.org>
I can take it, I've got it queued, but was hoping for an ack/review by
you or David. I'll add the R-b and push it out to my next branch.
Thanks,
Alex
WARNING: multiple messages have this Message-ID (diff)
From: Alex Williamson <alex.williamson@redhat.com>
To: Paul Mackerras <paulus@ozlabs.org>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>,
linuxppc-dev@lists.ozlabs.org,
David Gibson <david@gibson.dropbear.id.au>,
kvm-ppc@vger.kernel.org, kvm@vger.kernel.org,
Jose Ricardo Ziviani <joserz@linux.ibm.com>
Subject: Re: [PATCH kernel] vfio/spapr_tce: Fix incorrect tce_iommu_group memory free
Date: Fri, 23 Aug 2019 14:40:12 +0000 [thread overview]
Message-ID: <20190823084012.202ba70f@x1.home> (raw)
In-Reply-To: <20190823053241.hogc44em2ccwdwq4@oak.ozlabs.ibm.com>
On Fri, 23 Aug 2019 15:32:41 +1000
Paul Mackerras <paulus@ozlabs.org> wrote:
> On Mon, Aug 19, 2019 at 11:51:17AM +1000, Alexey Kardashevskiy wrote:
> > The @tcegrp variable is used in 1) a loop over attached groups
> > 2) it stores a pointer to a newly allocated tce_iommu_group if 1) found
> > nothing. However the error handler does not distinguish how we got there
> > and incorrectly releases memory for a found+incompatible group.
> >
> > This fixes it by adding another error handling case.
> >
> > Fixes: 0bd971676e68 ("powerpc/powernv/npu: Add compound IOMMU groups")
> > Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
>
> Good catch. This is potentially nasty since it is a double free.
> Alex, are you going to take this, or would you prefer it goes via
> Michael Ellerman's tree?
>
> Reviewed-by: Paul Mackerras <paulus@ozlabs.org>
I can take it, I've got it queued, but was hoping for an ack/review by
you or David. I'll add the R-b and push it out to my next branch.
Thanks,
Alex
next prev parent reply other threads:[~2019-08-23 14:40 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-19 1:51 [PATCH kernel] vfio/spapr_tce: Fix incorrect tce_iommu_group memory free Alexey Kardashevskiy
2019-08-19 1:51 ` Alexey Kardashevskiy
2019-08-19 1:51 ` Alexey Kardashevskiy
2019-08-23 5:32 ` Paul Mackerras
2019-08-23 5:32 ` Paul Mackerras
2019-08-23 5:32 ` Paul Mackerras
2019-08-23 14:40 ` Alex Williamson [this message]
2019-08-23 14:40 ` Alex Williamson
2019-08-23 14:40 ` Alex Williamson
2019-08-23 20:44 ` Alex Williamson
2019-08-23 20:44 ` Alex Williamson
2019-08-23 20:44 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190823084012.202ba70f@x1.home \
--to=alex.williamson@redhat.com \
--cc=aik@ozlabs.ru \
--cc=david@gibson.dropbear.id.au \
--cc=joserz@linux.ibm.com \
--cc=kvm-ppc@vger.kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paulus@ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.