[v1] iommu/arm-smmu-v3: Revert vmaster in the error path

[PATCH rc] iommu/arm-smmu-v3: Revert vmaster in the error path

Posted by Nicolin Chen 2 months, 4 weeks ago

The error path in the arm_smmu_attach_prepare() was introduced with the
arm_smmu_enable_iopf(). Due to a rebase issue, it forgot to include the
revert of the vmaster.

Move kfree(state->vmaster) to the error path, to prevent memory leak.

Fixes: cfea71aea921 ("iommu/arm-smmu-v3: Put iopf enablement in the domain attach path")
Cc: stable@vger.kernel.org
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
---
 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
index 181d07bc1a9d..3c79cdbbd9e7 100644
--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
@@ -2906,8 +2906,8 @@ int arm_smmu_attach_prepare(struct arm_smmu_attach_state *state,
 
 		master_domain = kzalloc(sizeof(*master_domain), GFP_KERNEL);
 		if (!master_domain) {
-			kfree(state->vmaster);
-			return -ENOMEM;
+			ret = -ENOMEM;
+			goto err_free_vmaster;
 		}
 		master_domain->domain = new_domain;
 		master_domain->master = master;
@@ -2941,7 +2941,6 @@ int arm_smmu_attach_prepare(struct arm_smmu_attach_state *state,
 		    !arm_smmu_master_canwbs(master)) {
 			spin_unlock_irqrestore(&smmu_domain->devices_lock,
 					       flags);
-			kfree(state->vmaster);
 			ret = -EINVAL;
 			goto err_iopf;
 		}
@@ -2967,6 +2966,8 @@ int arm_smmu_attach_prepare(struct arm_smmu_attach_state *state,
 	arm_smmu_disable_iopf(master, master_domain);
 err_free_master_domain:
 	kfree(master_domain);
+err_free_vmaster:
+	kfree(state->vmaster);
 	return ret;
 }
 
-- 
2.43.0

Re: [PATCH rc] iommu/arm-smmu-v3: Revert vmaster in the error path

Posted by Jason Gunthorpe 2 months, 3 weeks ago

On Thu, Jul 10, 2025 at 04:30:03PM -0700, Nicolin Chen wrote:
> The error path in the arm_smmu_attach_prepare() was introduced with the
> arm_smmu_enable_iopf(). Due to a rebase issue, it forgot to include the
> revert of the vmaster.
> 
> Move kfree(state->vmaster) to the error path, to prevent memory leak.
> 
> Fixes: cfea71aea921 ("iommu/arm-smmu-v3: Put iopf enablement in the domain attach path")
> Cc: stable@vger.kernel.org
> Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
> ---
>  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)

The patch is fine but the commit message is a bit confusing

The error path for err_free_master_domain leaks the vmaster. Move all
the kfrees for vmaster into the goto error section..

Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>

Jason

Re: [PATCH rc] iommu/arm-smmu-v3: Revert vmaster in the error path

Posted by Nicolin Chen 2 months, 3 weeks ago

On Fri, Jul 11, 2025 at 01:42:26PM -0300, Jason Gunthorpe wrote:
> On Thu, Jul 10, 2025 at 04:30:03PM -0700, Nicolin Chen wrote:
> > The error path in the arm_smmu_attach_prepare() was introduced with the
> > arm_smmu_enable_iopf(). Due to a rebase issue, it forgot to include the
> > revert of the vmaster.
> > 
> > Move kfree(state->vmaster) to the error path, to prevent memory leak.
> > 
> > Fixes: cfea71aea921 ("iommu/arm-smmu-v3: Put iopf enablement in the domain attach path")
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
> > ---
> >  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> The patch is fine but the commit message is a bit confusing
> 
> The error path for err_free_master_domain leaks the vmaster. Move all
> the kfrees for vmaster into the goto error section..
> 
> Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>

OK. I will respin one fixing that.

Thanks!
Nicolin

Re: [PATCH rc] iommu/arm-smmu-v3: Revert vmaster in the error path

Posted by Pranjal Shrivastava 2 months, 3 weeks ago

On Thu, Jul 10, 2025 at 04:30:03PM -0700, Nicolin Chen wrote:
> The error path in the arm_smmu_attach_prepare() was introduced with the
> arm_smmu_enable_iopf(). Due to a rebase issue, it forgot to include the
> revert of the vmaster.
> 
> Move kfree(state->vmaster) to the error path, to prevent memory leak.
> 
> Fixes: cfea71aea921 ("iommu/arm-smmu-v3: Put iopf enablement in the domain attach path")
> Cc: stable@vger.kernel.org
> Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>

Reviewed-by: Pranjal Shrivastava <praan@google.com>

Thanks!
Praan

> ---
>  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> index 181d07bc1a9d..3c79cdbbd9e7 100644
> --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> @@ -2906,8 +2906,8 @@ int arm_smmu_attach_prepare(struct arm_smmu_attach_state *state,
>  
>  		master_domain = kzalloc(sizeof(*master_domain), GFP_KERNEL);
>  		if (!master_domain) {
> -			kfree(state->vmaster);
> -			return -ENOMEM;
> +			ret = -ENOMEM;
> +			goto err_free_vmaster;
>  		}
>  		master_domain->domain = new_domain;
>  		master_domain->master = master;
> @@ -2941,7 +2941,6 @@ int arm_smmu_attach_prepare(struct arm_smmu_attach_state *state,
>  		    !arm_smmu_master_canwbs(master)) {
>  			spin_unlock_irqrestore(&smmu_domain->devices_lock,
>  					       flags);
> -			kfree(state->vmaster);
>  			ret = -EINVAL;
>  			goto err_iopf;
>  		}
> @@ -2967,6 +2966,8 @@ int arm_smmu_attach_prepare(struct arm_smmu_attach_state *state,
>  	arm_smmu_disable_iopf(master, master_domain);
>  err_free_master_domain:
>  	kfree(master_domain);
> +err_free_vmaster:
> +	kfree(state->vmaster);
>  	return ret;
>  }
>  
> -- 
> 2.43.0
> 
>