* [PATCH 1/2] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device
@ 2014-12-17 10:43 Joerg Roedel
2014-12-17 10:43 ` [PATCH 2/2] iommu/vt-d: Remove dead code in device_notifier Joerg Roedel
2014-12-17 21:37 ` [PATCH 1/2] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device Jerry Hoemann
0 siblings, 2 replies; 5+ messages in thread
From: Joerg Roedel @ 2014-12-17 10:43 UTC (permalink / raw)
To: iommu
Cc: Alex Williamson, David Woodhouse, Jerry Hoemann, linux-kernel,
Joerg Roedel, stable
From: Joerg Roedel <jroedel@suse.de>
Since commit 1196c2f a domain is only destroyed in the
notifier path if it is hot-unplugged. This caused a
domain leakage in iommu_attach_device when a driver was
unbound from the device and bound to VFIO. In this case the
device is attached to a new domain and unlinked from the old
domain. At this point nothing points to the old domain
anymore and its memory is leaked.
Fix this by explicitly freeing the old domain in
iommu_attach_domain.
Fixes: 1196c2f (iommu/vt-d: Fix dmar_domain leak in iommu_attach_device)
Cc: <stable@vger.kernel.org> # v3.18
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
drivers/iommu/intel-iommu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 1232336..7610121 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -4428,6 +4428,10 @@ static int intel_iommu_attach_device(struct iommu_domain *domain,
domain_remove_one_dev_info(old_domain, dev);
else
domain_remove_dev_info(old_domain);
+
+ if (!domain_type_is_vm_or_si(old_domain) &&
+ list_empty(&old_domain->devices))
+ domain_exit(old_domain);
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] iommu/vt-d: Remove dead code in device_notifier
2014-12-17 10:43 [PATCH 1/2] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device Joerg Roedel
@ 2014-12-17 10:43 ` Joerg Roedel
2014-12-17 21:41 ` Jerry Hoemann
2014-12-17 21:37 ` [PATCH 1/2] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device Jerry Hoemann
1 sibling, 1 reply; 5+ messages in thread
From: Joerg Roedel @ 2014-12-17 10:43 UTC (permalink / raw)
To: iommu
Cc: Alex Williamson, David Woodhouse, Jerry Hoemann, linux-kernel,
Joerg Roedel
From: Joerg Roedel <jroedel@suse.de>
This code only runs when action == BUS_NOTIFY_REMOVED_DEVICE,
so it can't be BUS_NOTIFY_DEL_DEVICE.
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
drivers/iommu/intel-iommu.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 7610121..40dfbc0 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -4029,14 +4029,6 @@ static int device_notifier(struct notifier_block *nb,
if (action != BUS_NOTIFY_REMOVED_DEVICE)
return 0;
- /*
- * If the device is still attached to a device driver we can't
- * tear down the domain yet as DMA mappings may still be in use.
- * Wait for the BUS_NOTIFY_UNBOUND_DRIVER event to do that.
- */
- if (action == BUS_NOTIFY_DEL_DEVICE && dev->driver != NULL)
- return 0;
-
domain = find_domain(dev);
if (!domain)
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device
2014-12-17 10:43 [PATCH 1/2] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device Joerg Roedel
2014-12-17 10:43 ` [PATCH 2/2] iommu/vt-d: Remove dead code in device_notifier Joerg Roedel
@ 2014-12-17 21:37 ` Jerry Hoemann
2015-01-05 10:59 ` Joerg Roedel
1 sibling, 1 reply; 5+ messages in thread
From: Jerry Hoemann @ 2014-12-17 21:37 UTC (permalink / raw)
To: Joerg Roedel
Cc: iommu, Alex Williamson, David Woodhouse, linux-kernel,
Joerg Roedel, stable, Myron Stowe
On Wed, Dec 17, 2014 at 11:43:36AM +0100, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@suse.de>
>
> Since commit 1196c2f a domain is only destroyed in the
> notifier path if it is hot-unplugged. This caused a
> domain leakage in iommu_attach_device when a driver was
> unbound from the device and bound to VFIO. In this case the
> device is attached to a new domain and unlinked from the old
> domain. At this point nothing points to the old domain
> anymore and its memory is leaked.
> Fix this by explicitly freeing the old domain in
> iommu_attach_domain.
>
> Fixes: 1196c2f (iommu/vt-d: Fix dmar_domain leak in iommu_attach_device)
> Cc: <stable@vger.kernel.org> # v3.18
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> ---
> drivers/iommu/intel-iommu.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
> index 1232336..7610121 100644
> --- a/drivers/iommu/intel-iommu.c
> +++ b/drivers/iommu/intel-iommu.c
> @@ -4428,6 +4428,10 @@ static int intel_iommu_attach_device(struct iommu_domain *domain,
> domain_remove_one_dev_info(old_domain, dev);
> else
> domain_remove_dev_info(old_domain);
> +
> + if (!domain_type_is_vm_or_si(old_domain) &&
> + list_empty(&old_domain->devices))
> + domain_exit(old_domain);
> }
> }
>
> --
> 1.9.1
Joerg,
Before applying this change on a 3.18-rc7 kernel layered on a
RHEL 7.0 root disk, I was able to reproduce the memory
leak that Alex reported when powering on/off a VM w/ a PCI
device assigned to it.
After applying this change, I don't see the memory leak anymore.
Instrumentation shows the new code is being invoked during power on
of the VM.
Looks good.
Thanks!
Tested-by: Jerry Hoemann <jerry.hoemann@hp.com>
--
----------------------------------------------------------------------------
Jerry Hoemann Software Engineer Hewlett-Packard
3404 E Harmony Rd. MS 36 phone: (970) 898-1022
Ft. Collins, CO 80528 FAX: (970) 898-0707
email: jerry.hoemann@hp.com
----------------------------------------------------------------------------
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] iommu/vt-d: Remove dead code in device_notifier
2014-12-17 10:43 ` [PATCH 2/2] iommu/vt-d: Remove dead code in device_notifier Joerg Roedel
@ 2014-12-17 21:41 ` Jerry Hoemann
0 siblings, 0 replies; 5+ messages in thread
From: Jerry Hoemann @ 2014-12-17 21:41 UTC (permalink / raw)
To: Joerg Roedel
Cc: iommu, Alex Williamson, David Woodhouse, linux-kernel,
Joerg Roedel, Myron Stowe
On Wed, Dec 17, 2014 at 11:43:37AM +0100, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@suse.de>
>
> This code only runs when action == BUS_NOTIFY_REMOVED_DEVICE,
> so it can't be BUS_NOTIFY_DEL_DEVICE.
>
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> ---
> drivers/iommu/intel-iommu.c | 8 --------
> 1 file changed, 8 deletions(-)
>
> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
> index 7610121..40dfbc0 100644
> --- a/drivers/iommu/intel-iommu.c
> +++ b/drivers/iommu/intel-iommu.c
> @@ -4029,14 +4029,6 @@ static int device_notifier(struct notifier_block *nb,
> if (action != BUS_NOTIFY_REMOVED_DEVICE)
> return 0;
>
> - /*
> - * If the device is still attached to a device driver we can't
> - * tear down the domain yet as DMA mappings may still be in use.
> - * Wait for the BUS_NOTIFY_UNBOUND_DRIVER event to do that.
> - */
> - if (action == BUS_NOTIFY_DEL_DEVICE && dev->driver != NULL)
> - return 0;
> -
> domain = find_domain(dev);
> if (!domain)
> return 0;
> --
> 1.9.1
Joerg,
Tested this along w/ other patch of the set.
Instrumentation showed that the removed code wouldn't have been executed
during VM power on/power off.
Thanks!
Tested-by: Jerry Hoemann <jerry.hoemann@hp.com>
--
----------------------------------------------------------------------------
Jerry Hoemann Software Engineer Hewlett-Packard
3404 E Harmony Rd. MS 36 phone: (970) 898-1022
Ft. Collins, CO 80528 FAX: (970) 898-0707
email: jerry.hoemann@hp.com
----------------------------------------------------------------------------
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device
2014-12-17 21:37 ` [PATCH 1/2] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device Jerry Hoemann
@ 2015-01-05 10:59 ` Joerg Roedel
0 siblings, 0 replies; 5+ messages in thread
From: Joerg Roedel @ 2015-01-05 10:59 UTC (permalink / raw)
To: Jerry Hoemann
Cc: Joerg Roedel, iommu, Alex Williamson, David Woodhouse,
linux-kernel, stable, Myron Stowe
Hi Jerry,
On Wed, Dec 17, 2014 at 02:37:47PM -0700, Jerry Hoemann wrote:
> Before applying this change on a 3.18-rc7 kernel layered on a
> RHEL 7.0 root disk, I was able to reproduce the memory
> leak that Alex reported when powering on/off a VM w/ a PCI
> device assigned to it.
>
> After applying this change, I don't see the memory leak anymore.
> Instrumentation shows the new code is being invoked during power on
> of the VM.
>
> Looks good.
>
> Thanks!
>
> Tested-by: Jerry Hoemann <jerry.hoemann@hp.com>
Thanks for testing, I applied the patches to my iommu/fixes branch for
3.19.
Joerg
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-01-05 10:59 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-17 10:43 [PATCH 1/2] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device Joerg Roedel
2014-12-17 10:43 ` [PATCH 2/2] iommu/vt-d: Remove dead code in device_notifier Joerg Roedel
2014-12-17 21:41 ` Jerry Hoemann
2014-12-17 21:37 ` [PATCH 1/2] iommu/vt-d: Fix dmar_domain leak in iommu_attach_device Jerry Hoemann
2015-01-05 10:59 ` Joerg Roedel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).