On Sun, Mar 20, 2022 at 02:40:28PM +0800, Lu Baolu wrote:
> @@ -3098,7 +3101,16 @@ int iommu_attach_device_pasid(struct iommu_domain
> *domain,
> if (iommu_group_device_count(group) != 1)
> goto out_unlock;
>
> + xa_lock(&group->pasid_array);
> + curr = __xa_cmpxchg(&group->pasid_array, pasid, NULL,
> + domain, GFP_KERNEL);
> + xa_unlock(&group->pasid_array);
> + if (curr)
curr can be an xa_err that should be propogated.
> + goto out_unlock;
> +
> ret = domain->ops->attach_dev_pasid(domain, dev, pasid);
> + if (ret)
> + xa_erase(&group->pasid_array, pasid);
>
> out_unlock:
> mutex_unlock(&group->mutex);
> @@ -3118,6 +3130,25 @@ void iommu_detach_device_pasid(struct iommu_domain
> *domain,
>
> mutex_lock(&group->mutex);
> domain->ops->detach_dev_pasid(domain, dev, pasid);
> + xa_erase(&group->pasid_array, pasid);
> + mutex_unlock(&group->mutex);
> + iommu_group_put(group);
> +}
> +
> +struct iommu_domain *
> +iommu_get_domain_for_dev_pasid(struct device *dev, ioasid_t pasid)
> +{
> + struct iommu_domain *domain;
> + struct iommu_group *group;
> +
> + group = iommu_group_get(dev);
> + if (!group)
> + return NULL;
> +
> + mutex_lock(&group->mutex);
> + domain = xa_load(&group->pasid_array, pasid);
> mutex_unlock(&group->mutex);
> iommu_group_put(group);
This whole API seems sketchy - what is the lifecycle of the returned
iommu_domain and what prevents it from being concurrently freed after
unlocking?
Jason
_______________________________________________
iommu mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/iommu
