Re: [PATCH v4 10/12] iommu: Prepare IOMMU domain for IOPF

[Jean-Philippe Brucker]

Hi Baolu,

On Thu, Apr 21, 2022 at 01:21:19PM +0800, Lu Baolu wrote:
> +/*
> + * Get the attached domain for asynchronous usage, for example the I/O
> + * page fault handling framework. The caller get a reference counter
> + * of the domain automatically on a successful return and should put
> + * it with iommu_domain_put() after usage.
> + */
> +struct iommu_domain *
> +iommu_get_domain_for_dev_pasid_async(struct device *dev, ioasid_t pasid)
> +{
> +	struct iommu_domain *domain;
> +	struct iommu_group *group;
> +
> +	if (!pasid_valid(pasid))
> +		return NULL;
> +
> +	group = iommu_group_get(dev);
> +	if (!group)
> +		return NULL;
> +
> +	mutex_lock(&group->mutex);

There is a possible deadlock between unbind() and the fault handler:

 unbind()                            iopf_handle_group()
  mutex_lock(&group->mutex)
  iommu_detach_device_pasid()
   iopf_queue_flush_dev()             iommu_get_domain_for_dev_pasid_async()
    ... waits for IOPF work            mutex_lock(&group->mutex)

I was wrong in my previous review: we do have a guarantee that the SVA
domain does not go away during IOPF handling, because unbind() waits for
pending faults with iopf_queue_flush_dev() before freeing the domain (or
for Arm stall, knows that there are no pending faults). So we can just get
rid of domain->async_users and the group->mutex in IOPF, I think?

Thanks,
Jean

> +	domain = xa_load(&group->pasid_array, pasid);
> +	if (domain)
> +		refcount_inc(&domain->async_users);
> +	mutex_unlock(&group->mutex);
> +	iommu_group_put(group);
> +
> +	return domain;
> +}
> -- 
> 2.25.1
>