Re: [PATCH v2 08/13] vfio/pci: protect cap/ecap_perm bits alloc/free with atomic op

From: Alex Williamson
Date: Wed Sep 25 2019 - 22:36:24 EST


On Thu, 5 Sep 2019 15:59:25 +0800
Liu Yi L <yi.l.liu@xxxxxxxxx> wrote:

> There is a case in which cap_perms and ecap_perms can be reallocated
> by different modules. e.g. the vfio-mdev-pci sample driver. To secure
> the initialization of cap_perms and ecap_perms, this patch adds an
> atomic variable to track the user of cap/ecap_perms bits. First caller
> of vfio_pci_init_perm_bits() will initialize the bits. While the last
> caller of vfio_pci_uninit_perm_bits() will free the bits.

Yes, but it still allows races; we're not really protecting the data.
If driver A begins freeing the shared data in the uninit path, driver B
could start allocating shared data in the init path and we're left with
either use after free issues or memory leaks. Probably better to hold
a semaphore around the allocation/free and a non-atomic for reference
counting. Thanks,

Alex

> Cc: Kevin Tian <kevin.tian@xxxxxxxxx>
> Cc: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> Suggested-by: Alex Williamson <alex.williamson@xxxxxxxxxx>
> Signed-off-by: Liu Yi L <yi.l.liu@xxxxxxxxx>
> ---
> drivers/vfio/pci/vfio_pci_config.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/drivers/vfio/pci/vfio_pci_config.c b/drivers/vfio/pci/vfio_pci_config.c
> index f0891bd..1b3e6e5 100644
> --- a/drivers/vfio/pci/vfio_pci_config.c
> +++ b/drivers/vfio/pci/vfio_pci_config.c
> @@ -992,11 +992,17 @@ static int __init init_pci_ext_cap_pwr_perm(struct perm_bits *perm)
> return 0;
> }
>
> +/* Track the user number of the cap/ecap perm_bits */
> +atomic_t vfio_pci_perm_bits_users = ATOMIC_INIT(0);
> +
> /*
> * Initialize the shared permission tables
> */
> void vfio_pci_uninit_perm_bits(void)
> {
> + if (atomic_dec_return(&vfio_pci_perm_bits_users))
> + return;
> +
> free_perm_bits(&cap_perms[PCI_CAP_ID_BASIC]);
>
> free_perm_bits(&cap_perms[PCI_CAP_ID_PM]);
> @@ -1013,6 +1019,9 @@ int __init vfio_pci_init_perm_bits(void)
> {
> int ret;
>
> + if (atomic_inc_return(&vfio_pci_perm_bits_users) != 1)
> + return 0;
> +
> /* Basic config space */
> ret = init_pci_cap_basic_perm(&cap_perms[PCI_CAP_ID_BASIC]);
>