[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/6] VT-d: don't leak domid mapping on error path

  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 15 Nov 2021 10:32:08 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Job7ieNgwvUwTm0m7c1aETh397WehAUR0ctQs735lJ4=; b=l+vRE+FWlU5JYSaFpFlkJQuk939sVG+jAsDqKwgmfXvvn+YZ+OgE9l7pUMug4fTxB5A5DZ4oLdaevtAqUn5SiPnV5tbx67X7o1XECsR5AsFnIdCKv9/u2e6MJvRM/Y/piucZ1I1K+VAdSAJ9ehurn0n1S+gdQp8bzIjnj9PM2iPRuINTu/x8hiNGMWvdoiNrv0inxJWLWQoFG/QSxlkTKvUFl71Wx8rCA9mvh7exn7r9HrAWmgQQ58RQRhmNyuFPp6vv3LLEB6/xRENShRPg+YPvi1q+VwZ9wu9xRElXVgW/PEbcc44lUIcs/2M3zziTyBZ171ep9E9Y55ja89g5Lg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IQjEbW0lf4onZ93YvC/8TgxoHOpV9yFUrQ2BqgXP9uKX3RnHhURE6JRfqmKyDWSwXpx6ZhXJL0S4SIM8yg48Upm52w/toPvyJlDMrl2IPxtGvGsCIcWdrVQe2ww9vEzxL61aXkNi8n7TgEl6A6TBjZLI38Kvd9sseF2TmSV/JNShz44bHsvTj9s3nPLnpcoR6otEbvmwujbhAPg4N6h8a4EkEtqOzhssEkrfdc4FiC/QAJdnzANH/to+xKRb8N8GDU0JzMNr0MnIlnVZENWNWLnSP8yngmuQRy03esg8yWIZbYPJHzl7aqkjDG8Fem7oeMSSXQ7NDDiaIQ2C8EiDlQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>
  • Delivery-date: Mon, 15 Nov 2021 09:32:26 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 12.11.2021 15:35, Roger Pau Monné wrote:
> On Fri, Nov 12, 2021 at 02:45:14PM +0100, Jan Beulich wrote:
>> On 12.11.2021 14:42, Roger Pau Monné wrote:
>>> On Fri, Nov 12, 2021 at 10:48:43AM +0100, Jan Beulich wrote:
>>>> While domain_context_mapping() invokes domain_context_unmap() in a sub-
>>>> case of handling DEV_TYPE_PCI when encountering an error, thus avoiding
>>>> a leak, individual calls to domain_context_mapping_one() aren't
>>>> similarly covered. Such a leak might persist until domain destruction.
>>>> Leverage that these cases can be recognized by pdev being non-NULL.
>>>
>>> Would it help to place the domid cleanup in domain_context_unmap_one,
>>> as that would then cover calls from domain_context_unmap and the
>>> failure path in domain_context_mapping_one.
>>
>> I don't think that would work (without further convolution), because of
>> the up to 3 successive calls in DEV_TYPE_PCI handling. Cleanup may happen
>> only on the first map's error path or after the last unmap.
> 
> Hm, I see. And AFAICT that's because some devices that get assigned to
> a guest iommu context are not actually assigned to the guest (ie:
> pdev->domain doesn't get set, neither the device is added to the
> per-domain list), which makes them invisible to
> any_pdev_behind_iommu.
> 
> I dislike that the domid is added in domain_context_mapping_one, while
> the cleanup is not done in domain_context_unmap_one, and that some
> devices context could be using the domain id without being assigned to
> the domain.

This all isn't really pretty, is it? As Andrew has been saying (I think
more than once), ideally we'd rewrite IOMMU code from scratch. But I
don't see anyone having enough spare time to actually do so ...

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.