[PATCH 01/10] iommu: Remove useless group refcounting
Baolu Lu
baolu.lu at linux.intel.com
Wed Jul 19 23:11:32 PDT 2023
On 2023/7/19 3:05, Jason Gunthorpe wrote:
> Several functions obtain the group reference and then release it before
> returning. This gives the impression that the refcount is protecting
> something for the duration of the function.
>
> In truth all of these functions are called in places that know a device
> driver is probed to the device and our locking rules already require
> that dev->iommu_group cannot change while a driver is attached to the
> struct device.
>
> If this was not the case then this code is already at risk of triggering
> UAF as it is racy if the dev->iommu_group is concurrently going to
> NULL/free. refcount debugging will throw a WARN if kobject_get() is
> called on a 0 refcount object to highlight the bug.
>
> Remove the confusing refcounting and leave behind a comment about the
> restriction.
>
> Signed-off-by: Jason Gunthorpe<jgg at nvidia.com>
Reviewed-by: Lu Baolu <baolu.lu at linux.intel.com>
Best regards,
baolu
More information about the linux-arm-kernel
mailing list