s390/zcrypt: fix zcard and zqueue hot-unplug memleak

Tests with kvm and a kmemdebug kernel showed, that on hot unplug the
zcard and zqueue structs for the unplugged card or queue are not
properly freed because of a mismatch with get/put for the embedded
kref counter.

This fix now adjusts the handling of the kref counters. With init the
kref counter starts with 1. This initial value needs to drop to zero
with the unregister of the card or queue to trigger the release and
free the object.

Fixes: 29c2680fd2bf ("s390/ap: fix ap devices reference counting")
Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Cc: stable@vger.kernel.org
Reviewed-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>

diff --git a/drivers/s390/crypto/zcrypt_card.c b/drivers/s390/crypto/zcrypt_card.c
index 33b23884b133fc1d12ebc7f46b33f3bb01277f47..09fe6bb8880bcb5f3d69918b61372d8b666baf23 100644 (file)
--- a/drivers/s390/crypto/zcrypt_card.c
+++ b/drivers/s390/crypto/zcrypt_card.c
@@ -192,5 +192,6 @@ void zcrypt_card_unregister(struct zcrypt_card *zc)
        spin_unlock(&zcrypt_list_lock);
        sysfs_remove_group(&zc->card->ap_dev.device.kobj,
                           &zcrypt_card_attr_group);
+       zcrypt_card_put(zc);
 }
 EXPORT_SYMBOL(zcrypt_card_unregister);

diff --git a/drivers/s390/crypto/zcrypt_queue.c b/drivers/s390/crypto/zcrypt_queue.c
index 5062eae73d4aa6747451dd9b6a6ea6c24b8b166f..c3ffbd26b73ff6667dc9b27a00df03db9f48b4d1 100644 (file)
--- a/drivers/s390/crypto/zcrypt_queue.c
+++ b/drivers/s390/crypto/zcrypt_queue.c
@@ -223,5 +223,6 @@ void zcrypt_queue_unregister(struct zcrypt_queue *zq)
        sysfs_remove_group(&zq->queue->ap_dev.device.kobj,
                           &zcrypt_queue_attr_group);
        zcrypt_card_put(zc);
+       zcrypt_queue_put(zq);
 }
 EXPORT_SYMBOL(zcrypt_queue_unregister);