Re: [PATCH] iommu/vt-d: debugfs: Fix race with iommu unmap when traversing

From: Jason Gunthorpe
Date: Wed Sep 06 2023 - 09:44:30 EST

Next message: Steven Rostedt: "Re: [PATCH] selftests/ftrace: Correctly enable event in instance-event.tc"
Previous message: Laurent Pinchart: "Re: [PATCH v2] media: uvcvideo: Fix power line control for a Chicony camera"
In reply to: Jingqi Liu: "[PATCH] iommu/vt-d: debugfs: Fix race with iommu unmap when traversing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Sep 03, 2023 at 10:40:50PM +0800, Jingqi Liu wrote:
> When traversing page table, it may race with iommu unmap.
>
> For the page table page pointed to by a PDPE/PDE, there are three
> scenarios in the iommu unmap path.
>
> 1) The page has been freed.
>
> If the page has a refcount of zero, it has been freed. The
> debugfs should avoid to traverse it.
>
> In the debugfs, the refcount of a page table page is checked
> before traversing it. If its refcount is zero, the page will not
> be traversed. If the refcount is not zero, increment its refcount
> before traversal and decrement its refcount after traversal.

No, you can't do this - the page can have been reallocated already.

A sane design would be to RCU free the page table entries and have
this walker be RCU protected. I think I said that already once..

There is some infrastructure we should build to make this sensible,
but it is the right direction.

Jason

Next message: Steven Rostedt: "Re: [PATCH] selftests/ftrace: Correctly enable event in instance-event.tc"
Previous message: Laurent Pinchart: "Re: [PATCH v2] media: uvcvideo: Fix power line control for a Chicony camera"
In reply to: Jingqi Liu: "[PATCH] iommu/vt-d: debugfs: Fix race with iommu unmap when traversing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]