Re: [PATCH v4 10/12] iommu: Prepare IOMMU domain for IOPF

[Baolu Lu]

Hi Jean,

On 2022/4/28 22:47, Jean-Philippe Brucker wrote:
> Hi Baolu,
>
> On Thu, Apr 21, 2022 at 01:21:19PM +0800, Lu Baolu wrote:
> > +/*
> > + * Get the attached domain for asynchronous usage, for example the I/O
> > + * page fault handling framework. The caller get a reference counter
> > + * of the domain automatically on a successful return and should put
> > + * it with iommu_domain_put() after usage.
> > + */
> > +struct iommu_domain *
> > +iommu_get_domain_for_dev_pasid_async(struct device *dev, ioasid_t pasid)
> > +{
> > +	struct iommu_domain *domain;
> > +	struct iommu_group *group;
> > +
> > +	if (!pasid_valid(pasid))
> > +		return NULL;
> > +
> > +	group = iommu_group_get(dev);
> > +	if (!group)
> > +		return NULL;
> > +
> > +	mutex_lock(&group->mutex);
>
> There is a possible deadlock between unbind() and the fault handler:
>
>   unbind()                            iopf_handle_group()
>    mutex_lock(&group->mutex)
>    iommu_detach_device_pasid()
>     iopf_queue_flush_dev()             iommu_get_domain_for_dev_pasid_async()
>      ... waits for IOPF work            mutex_lock(&group->mutex)

Yes, really.

> I was wrong in my previous review: we do have a guarantee that the SVA
> domain does not go away during IOPF handling, because unbind() waits for
> pending faults with iopf_queue_flush_dev() before freeing the domain (or
> for Arm stall, knows that there are no pending faults). So we can just get
> rid of domain->async_users and the group->mutex in IOPF, I think?

Agreed with you. The Intel code does the same thing in its unbind().

Thus, the sva domain's life cycle has already synchronized with IOPF
handling, there's no need for domain->async.

I will drop it in the next version. Thanks you!

Best regards,
baolu