[RFC 0/3] iommu/iova: Unsafe locking in find_iova()

From: Dmitry Safonov
Date: Thu Jun 21 2018 - 14:08:30 EST

Next message: Dmitry Safonov: "[RFC 1/3] iommu/iova: Find and split iova under rbtree's lock"
Previous message: Paul Burton: "Re: [PATCH] mm/memblock: add missing include <linux/bootmem.h>"
Next in thread: Dmitry Safonov: "[RFC 1/3] iommu/iova: Find and split iova under rbtree's lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

find_iova() looks to be using a bad locking practice: it locks the
returned iova only for the search time.
And looking in code, the element can be removed from the tree and freed
under rbtree lock. That happens during memory hot-unplug and cleanup on
module removal.
Here I cleanup users of the function and delete it.

Dmitry Safonov (3):
iommu/iova: Find and split iova under rbtree's lock
iommu/iova: Make free_iova() atomic
iommu/iova: Remove find_iova()

drivers/iommu/intel-iommu.c | 14 +++----------
drivers/iommu/iova.c | 48 +++++++++++++++++----------------------------
include/linux/iova.h | 17 ++++------------
3 files changed, 25 insertions(+), 54 deletions(-)

--
2.13.6

Next message: Dmitry Safonov: "[RFC 1/3] iommu/iova: Find and split iova under rbtree's lock"
Previous message: Paul Burton: "Re: [PATCH] mm/memblock: add missing include <linux/bootmem.h>"
Next in thread: Dmitry Safonov: "[RFC 1/3] iommu/iova: Find and split iova under rbtree's lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]