LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH 0/2] intel-iommu: Fix domain_ids exhaustion
@ 2011-02-11 21:24 Alex Williamson
  2011-02-11 21:24 ` [PATCH 1/2] intel-iommu: Unlink domain from iommu Alex Williamson
  2011-02-11 21:24 ` [PATCH 2/2] intel-iommu: Fix get_domain_for_dev() error path Alex Williamson
  0 siblings, 2 replies; 3+ messages in thread
From: Alex Williamson @ 2011-02-11 21:24 UTC (permalink / raw)
  To: dwmw2, iommu; +Cc: alex.williamson, linux-kernel, linux-pci, ddutile, chrisw

When we unbind a device from a driver, we don't properly unlink
the domain from the iommu, so we never free the domain id it
was using.  We're typically limited to something like 256 domain
ids, so a loop of unbinding and rebinding a device can exhaust
this pretty quickly.  If we're assigning the device to a KVM
guest, libvirt does exactly this each time the device is removed
from the host driver or added back.  When we do run out, we oops
the kernel.  Fix these.  Thanks,

Alex

---

Alex Williamson (2):
      intel-iommu: Fix get_domain_for_dev() error path
      intel-iommu: Unlink domain from iommu


 drivers/pci/intel-iommu.c |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH 1/2] intel-iommu: Unlink domain from iommu
  2011-02-11 21:24 [PATCH 0/2] intel-iommu: Fix domain_ids exhaustion Alex Williamson
@ 2011-02-11 21:24 ` Alex Williamson
  2011-02-11 21:24 ` [PATCH 2/2] intel-iommu: Fix get_domain_for_dev() error path Alex Williamson
  1 sibling, 0 replies; 3+ messages in thread
From: Alex Williamson @ 2011-02-11 21:24 UTC (permalink / raw)
  To: dwmw2, iommu; +Cc: alex.williamson, linux-kernel, linux-pci, ddutile, chrisw

When we remove a device, we unlink the iommu from the domain, but
we never do the reverse unlinking of the domain from the iommu.
This means that we never clear iommu->domain_ids, eventually leading
to resource exhaustion if we repeatedly bind and unbind a device
to a driver.  Also free empty domains to avoid a resource leak.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
---

 drivers/pci/intel-iommu.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
index 4789f8e..8bc56c1 100644
--- a/drivers/pci/intel-iommu.c
+++ b/drivers/pci/intel-iommu.c
@@ -3260,8 +3260,11 @@ static int device_notifier(struct notifier_block *nb,
 	if (!domain)
 		return 0;
 
-	if (action == BUS_NOTIFY_UNBOUND_DRIVER && !iommu_pass_through)
+	if (action == BUS_NOTIFY_UNBOUND_DRIVER && !iommu_pass_through) {
 		domain_remove_one_dev_info(domain, pdev);
+		if (list_empty(&domain->devices))
+			domain_exit(domain);
+	}
 
 	return 0;
 }
@@ -3411,6 +3414,11 @@ static void domain_remove_one_dev_info(struct dmar_domain *domain,
 		domain->iommu_count--;
 		domain_update_iommu_cap(domain);
 		spin_unlock_irqrestore(&domain->iommu_lock, tmp_flags);
+
+		spin_lock_irqsave(&iommu->lock, tmp_flags);
+		clear_bit(domain->id, iommu->domain_ids);
+		iommu->domains[domain->id] = NULL;
+		spin_unlock_irqrestore(&iommu->lock, tmp_flags);
 	}
 
 	spin_unlock_irqrestore(&device_domain_lock, flags);


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH 2/2] intel-iommu: Fix get_domain_for_dev() error path
  2011-02-11 21:24 [PATCH 0/2] intel-iommu: Fix domain_ids exhaustion Alex Williamson
  2011-02-11 21:24 ` [PATCH 1/2] intel-iommu: Unlink domain from iommu Alex Williamson
@ 2011-02-11 21:24 ` Alex Williamson
  1 sibling, 0 replies; 3+ messages in thread
From: Alex Williamson @ 2011-02-11 21:24 UTC (permalink / raw)
  To: dwmw2, iommu; +Cc: alex.williamson, linux-kernel, linux-pci, ddutile, chrisw

If we run out of domain_ids and fail iommu_attach_domain(), we
fall into domain_exit() without having setup enough of the
domain structure for this to do anything useful.  In fact, it
typically runs off into the weeds walking the bogus domain->devices
list.  Just free the domain.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
---

 drivers/pci/intel-iommu.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
index 8bc56c1..21690a5 100644
--- a/drivers/pci/intel-iommu.c
+++ b/drivers/pci/intel-iommu.c
@@ -1835,7 +1835,7 @@ static struct dmar_domain *get_domain_for_dev(struct pci_dev *pdev, int gaw)
 
 	ret = iommu_attach_domain(domain, iommu);
 	if (ret) {
-		domain_exit(domain);
+		free_domain_mem(domain);
 		goto error;
 	}
 


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-02-11 21:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-02-11 21:24 [PATCH 0/2] intel-iommu: Fix domain_ids exhaustion Alex Williamson
2011-02-11 21:24 ` [PATCH 1/2] intel-iommu: Unlink domain from iommu Alex Williamson
2011-02-11 21:24 ` [PATCH 2/2] intel-iommu: Fix get_domain_for_dev() error path Alex Williamson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).