This is a note to let you know that I've just added the patch titled scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: scsi-storvsc-fix-swiotlb-bounce-buffer-leak-in-confi.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 4332ec1394ed16170d756433aa7867f97709eb08 Author: Michael Kelley <mikelley@xxxxxxxxxxxxx> Date: Sun Dec 4 11:52:44 2022 -0800 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM [ Upstream commit 67ff3d0a49f3d445c3922e30a54e03c161da561e ] storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(), which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in storvsc_do_io(), the I/O is typically retried by higher level code, but the bounce buffer memory is never freed. The mostly like cause of I/O submission failure is a full VMBus channel ring buffer, which is not uncommon under high I/O loads. Eventually enough bounce buffer memory leaks that the confidential VM can't do any I/O. The same problem can arise in a non-confidential VM with kernel boot parameter swiotlb=force. Fix this by doing scsi_dma_unmap() in the case of an I/O submission error, which frees the bounce buffer memory. Fixes: 743b237c3a7b ("scsi: storvsc: Add Isolation VM support for storvsc driver") Signed-off-by: Michael Kelley <mikelley@xxxxxxxxxxxxx> Link: https://lore.kernel.org/r/1670183564-76254-1-git-send-email-mikelley@xxxxxxxxxxxxx Tested-by: Dexuan Cui <decui@xxxxxxxxxxxxx> Reviewed-by: Dexuan Cui <decui@xxxxxxxxxxxxx> Reviewed-by: Tianyu Lan <Tianyu.Lan@xxxxxxxxxxxxx> Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c index 3c5b7e4227b2..55d6fb452680 100644 --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -1823,6 +1823,9 @@ static int storvsc_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *scmnd) ret = storvsc_do_io(dev, cmd_request, get_cpu()); put_cpu(); + if (ret) + scsi_dma_unmap(scmnd); + if (ret == -EAGAIN) { /* no more space */ ret = SCSI_MLQUEUE_DEVICE_BUSY;