* [PATCH AUTOSEL 4.19 340/671] vfio/mdev: Avoid release parent reference during error path
[not found] <20200116170509.12787-1-sashal@kernel.org>
@ 2020-01-16 16:59 ` Sasha Levin
2020-01-16 16:59 ` [PATCH AUTOSEL 4.19 341/671] vfio/mdev: Follow correct remove sequence Sasha Levin
` (2 subsequent siblings)
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-01-16 16:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Parav Pandit, Cornelia Huck, Kirti Wankhede, Maxim Levitsky,
Alex Williamson, Sasha Levin, kvm
From: Parav Pandit <parav@mellanox.com>
[ Upstream commit 60e7f2c3fe9919cee9534b422865eed49f4efb15 ]
During mdev parent registration in mdev_register_device(),
if parent device is duplicate, it releases the reference of existing
parent device.
This is incorrect. Existing parent device should not be touched.
Fixes: 7b96953bc640 ("vfio: Mediated device Core driver")
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/mdev/mdev_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/vfio/mdev/mdev_core.c b/drivers/vfio/mdev/mdev_core.c
index 0212f0ee8aea..8cfa71230877 100644
--- a/drivers/vfio/mdev/mdev_core.c
+++ b/drivers/vfio/mdev/mdev_core.c
@@ -182,6 +182,7 @@ int mdev_register_device(struct device *dev, const struct mdev_parent_ops *ops)
/* Check for duplicate */
parent = __find_parent_device(dev);
if (parent) {
+ parent = NULL;
ret = -EEXIST;
goto add_dev_err;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 4.19 341/671] vfio/mdev: Follow correct remove sequence
[not found] <20200116170509.12787-1-sashal@kernel.org>
2020-01-16 16:59 ` [PATCH AUTOSEL 4.19 340/671] vfio/mdev: Avoid release parent reference during error path Sasha Levin
@ 2020-01-16 16:59 ` Sasha Levin
2020-01-16 16:59 ` [PATCH AUTOSEL 4.19 342/671] vfio/mdev: Fix aborting mdev child device removal if one fails Sasha Levin
2020-01-16 17:03 ` [PATCH AUTOSEL 4.19 596/671] vhost/test: stop device before reset Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-01-16 16:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Parav Pandit, Cornelia Huck, Maxim Levitsky, Alex Williamson,
Sasha Levin, kvm
From: Parav Pandit <parav@mellanox.com>
[ Upstream commit a6d6f4f160f76d840e59affe664b8d3159e23056 ]
mdev_remove_sysfs_files() should follow exact mirror sequence of a
create, similar to what is followed in error unwinding path of
mdev_create_sysfs_files().
Fixes: 6a62c1dfb5c7 ("vfio/mdev: Re-order sysfs attribute creation")
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/mdev/mdev_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vfio/mdev/mdev_sysfs.c b/drivers/vfio/mdev/mdev_sysfs.c
index 249472f05509..e7770b511d03 100644
--- a/drivers/vfio/mdev/mdev_sysfs.c
+++ b/drivers/vfio/mdev/mdev_sysfs.c
@@ -280,7 +280,7 @@ int mdev_create_sysfs_files(struct device *dev, struct mdev_type *type)
void mdev_remove_sysfs_files(struct device *dev, struct mdev_type *type)
{
+ sysfs_remove_files(&dev->kobj, mdev_device_attrs);
sysfs_remove_link(&dev->kobj, "mdev_type");
sysfs_remove_link(type->devices_kobj, dev_name(dev));
- sysfs_remove_files(&dev->kobj, mdev_device_attrs);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 4.19 342/671] vfio/mdev: Fix aborting mdev child device removal if one fails
[not found] <20200116170509.12787-1-sashal@kernel.org>
2020-01-16 16:59 ` [PATCH AUTOSEL 4.19 340/671] vfio/mdev: Avoid release parent reference during error path Sasha Levin
2020-01-16 16:59 ` [PATCH AUTOSEL 4.19 341/671] vfio/mdev: Follow correct remove sequence Sasha Levin
@ 2020-01-16 16:59 ` Sasha Levin
2020-01-16 17:03 ` [PATCH AUTOSEL 4.19 596/671] vhost/test: stop device before reset Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-01-16 16:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Parav Pandit, Maxim Levitsky, Alex Williamson, Sasha Levin, kvm
From: Parav Pandit <parav@mellanox.com>
[ Upstream commit 6093e348a5e2475c5bb2e571346460f939998670 ]
device_for_each_child() stops executing callback function for remaining
child devices, if callback hits an error.
Each child mdev device is independent of each other.
While unregistering parent device, mdev core must remove all child mdev
devices.
Therefore, mdev_device_remove_cb() always returns success so that
device_for_each_child doesn't abort if one child removal hits error.
While at it, improve remove and unregister functions for below simplicity.
There isn't need to pass forced flag pointer during mdev parent
removal which invokes mdev_device_remove(). So simplify the flow.
mdev_device_remove() is called from two paths.
1. mdev_unregister_driver()
mdev_device_remove_cb()
mdev_device_remove()
2. remove_store()
mdev_device_remove()
Fixes: 7b96953bc640 ("vfio: Mediated device Core driver")
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/mdev/mdev_core.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/vfio/mdev/mdev_core.c b/drivers/vfio/mdev/mdev_core.c
index 8cfa71230877..e052f62fdea7 100644
--- a/drivers/vfio/mdev/mdev_core.c
+++ b/drivers/vfio/mdev/mdev_core.c
@@ -150,10 +150,10 @@ static int mdev_device_remove_ops(struct mdev_device *mdev, bool force_remove)
static int mdev_device_remove_cb(struct device *dev, void *data)
{
- if (!dev_is_mdev(dev))
- return 0;
+ if (dev_is_mdev(dev))
+ mdev_device_remove(dev, true);
- return mdev_device_remove(dev, data ? *(bool *)data : true);
+ return 0;
}
/*
@@ -241,7 +241,6 @@ EXPORT_SYMBOL(mdev_register_device);
void mdev_unregister_device(struct device *dev)
{
struct mdev_parent *parent;
- bool force_remove = true;
mutex_lock(&parent_list_lock);
parent = __find_parent_device(dev);
@@ -255,8 +254,7 @@ void mdev_unregister_device(struct device *dev)
list_del(&parent->next);
class_compat_remove_link(mdev_bus_compat_class, dev, NULL);
- device_for_each_child(dev, (void *)&force_remove,
- mdev_device_remove_cb);
+ device_for_each_child(dev, NULL, mdev_device_remove_cb);
parent_remove_sysfs_files(parent);
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 4.19 596/671] vhost/test: stop device before reset
[not found] <20200116170509.12787-1-sashal@kernel.org>
` (2 preceding siblings ...)
2020-01-16 16:59 ` [PATCH AUTOSEL 4.19 342/671] vfio/mdev: Fix aborting mdev child device removal if one fails Sasha Levin
@ 2020-01-16 17:03 ` Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-01-16 17:03 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Michael S. Tsirkin, Sasha Levin, kvm, virtualization, netdev
From: "Michael S. Tsirkin" <mst@redhat.com>
[ Upstream commit 245cdd9fbd396483d501db83047116e2530f245f ]
When device stop was moved out of reset, test device wasn't updated to
stop before reset, this resulted in a use after free. Fix by invoking
stop appropriately.
Fixes: b211616d7125 ("vhost: move -net specific code out")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vhost/test.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/vhost/test.c b/drivers/vhost/test.c
index a9be2d8e98df..55090d9f9de0 100644
--- a/drivers/vhost/test.c
+++ b/drivers/vhost/test.c
@@ -162,6 +162,7 @@ static int vhost_test_release(struct inode *inode, struct file *f)
vhost_test_stop(n, &private);
vhost_test_flush(n);
+ vhost_dev_stop(&n->dev);
vhost_dev_cleanup(&n->dev);
/* We do an extra flush before freeing memory,
* since jobs can re-queue themselves. */
@@ -238,6 +239,7 @@ static long vhost_test_reset_owner(struct vhost_test *n)
}
vhost_test_stop(n, &priv);
vhost_test_flush(n);
+ vhost_dev_stop(&n->dev);
vhost_dev_reset_owner(&n->dev, umem);
done:
mutex_unlock(&n->dev.mutex);
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-01-16 18:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20200116170509.12787-1-sashal@kernel.org>
2020-01-16 16:59 ` [PATCH AUTOSEL 4.19 340/671] vfio/mdev: Avoid release parent reference during error path Sasha Levin
2020-01-16 16:59 ` [PATCH AUTOSEL 4.19 341/671] vfio/mdev: Follow correct remove sequence Sasha Levin
2020-01-16 16:59 ` [PATCH AUTOSEL 4.19 342/671] vfio/mdev: Fix aborting mdev child device removal if one fails Sasha Levin
2020-01-16 17:03 ` [PATCH AUTOSEL 4.19 596/671] vhost/test: stop device before reset Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).