On Sun, Mar 20, 2022 at 02:40:28PM +0800, Lu Baolu wrote:
@@ -3098,7 +3101,16 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
if (iommu_group_device_count(group) != 1)
goto out_unlock;
+ xa_lock(&group->pasid_array);
+ curr = __xa_cmpxchg(&group->pasid_array, pasid, NULL,
+ domain, GFP_KERNEL);
+ xa_unlock(&group->pasid_array);
+ if (curr)
curr can be an xa_err that should be propogated.
+ goto out_unlock;
+
ret = domain->ops->attach_dev_pasid(domain, dev, pasid);
+ if (ret)
+ xa_erase(&group->pasid_array, pasid);
out_unlock:
mutex_unlock(&group->mutex);
@@ -3118,6 +3130,25 @@ void iommu_detach_device_pasid(struct iommu_domain *domain,
mutex_lock(&group->mutex);
domain->ops->detach_dev_pasid(domain, dev, pasid);
+ xa_erase(&group->pasid_array, pasid);
+ mutex_unlock(&group->mutex);
+ iommu_group_put(group);
+}
+
+struct iommu_domain *
+iommu_get_domain_for_dev_pasid(struct device *dev, ioasid_t pasid)
+{
+ struct iommu_domain *domain;
+ struct iommu_group *group;
+
+ group = iommu_group_get(dev);
+ if (!group)
+ return NULL;
+
+ mutex_lock(&group->mutex);
+ domain = xa_load(&group->pasid_array, pasid);
mutex_unlock(&group->mutex);
iommu_group_put(group);
This whole API seems sketchy - what is the lifecycle of the returned
iommu_domain and what prevents it from being concurrently freed after
unlocking?