[PATCH v5 01/13] iommufd/viommu: Add IOMMUFD_OBJ_VDEVICE and IOMMU_VDEVICE_ALLOC ioctl
Jason Gunthorpe
jgg at nvidia.com
Tue Oct 29 17:08:25 PDT 2024
On Tue, Oct 29, 2024 at 12:30:00PM -0700, Nicolin Chen wrote:
> > iommufd_device_unbind() can't fail, and if the object can't be
> > destroyed because it has an elevated long term refcount it WARN's:
> >
> >
> > ret = iommufd_object_remove(ictx, obj, obj->id, REMOVE_WAIT_SHORTTERM);
> >
> > /*
> > * If there is a bug and we couldn't destroy the object then we did put
> > * back the caller's users refcount and will eventually try to free it
> > * again during close.
> > */
> > WARN_ON(ret);
> >
> > So you cannot take long term references on kernel owned objects. Only
> > userspace owned objects.
>
> OK. I think I had got this part. Gao ran into this WARN_ON at v3,
> so I added iommufd_object_remove(vdev_id) in unbind() prior to
> this iommufd_object_destroy_user(idev->ictx, &idev->obj).
Oh I see, so the fix to that is to not take a longterm reference, not
to try to destroy a vdev.
The alternative ould be to try to unlink the idev from the vdev and
leave a zombie vdev, but that didn't look so nice to implement. If we
need it we can do it later
Jason
More information about the linux-arm-kernel
mailing list