[PATCH v5 01/13] iommufd/viommu: Add IOMMUFD_OBJ_VDEVICE and IOMMU_VDEVICE_ALLOC ioctl

Jason Gunthorpe jgg at nvidia.com
Tue Oct 29 17:08:25 PDT 2024


On Tue, Oct 29, 2024 at 12:30:00PM -0700, Nicolin Chen wrote:

> > iommufd_device_unbind() can't fail, and if the object can't be
> > destroyed because it has an elevated long term refcount it WARN's:
> > 
> > 
> > 	ret = iommufd_object_remove(ictx, obj, obj->id, REMOVE_WAIT_SHORTTERM);
> > 
> > 	/*
> > 	 * If there is a bug and we couldn't destroy the object then we did put
> > 	 * back the caller's users refcount and will eventually try to free it
> > 	 * again during close.
> > 	 */
> > 	WARN_ON(ret);
> > 
> > So you cannot take long term references on kernel owned objects. Only
> > userspace owned objects.
> 
> OK. I think I had got this part. Gao ran into this WARN_ON at v3,
> so I added iommufd_object_remove(vdev_id) in unbind() prior to
> this iommufd_object_destroy_user(idev->ictx, &idev->obj).

Oh I see, so the fix to that is to not take a longterm reference, not
to try to destroy a vdev.

The alternative ould be to try to unlink the idev from the vdev and
leave a zombie vdev, but that didn't look so nice to implement. If we
need it we can do it later

Jason



More information about the linux-arm-kernel mailing list