RE: [PATCH 2/2] iommu/vt-d: Fix NULL domain on device release
From: Tian, Kevin
Date: Tue Feb 27 2024 - 22:08:38 EST
> From: Baolu Lu <baolu.lu@xxxxxxxxxxxxxxx>
> Sent: Wednesday, February 28, 2024 9:23 AM
>
> On 2/27/24 3:40 PM, Tian, Kevin wrote:
> >> From: Lu Baolu<baolu.lu@xxxxxxxxxxxxxxx>
> >> Sent: Friday, February 23, 2024 1:13 PM
> >>
> >> -static void dmar_remove_one_dev_info(struct device *dev)
> >> -{
> >> - struct device_domain_info *info = dev_iommu_priv_get(dev);
> >> - struct dmar_domain *domain = info->domain;
> >> - struct intel_iommu *iommu = info->iommu;
> >> - unsigned long flags;
> >> -
> >> - if (!dev_is_real_dma_subdevice(info->dev)) {
> >> - if (dev_is_pci(info->dev) && sm_supported(iommu))
> >> - intel_pasid_tear_down_entry(iommu, info->dev,
> >> - IOMMU_NO_PASID, false);
> >> -
> >> - iommu_disable_pci_caps(info);
> >> - domain_context_clear(info);
> >> - }
> >> -
> >> - spin_lock_irqsave(&domain->lock, flags);
> >> - list_del(&info->link);
> >> - spin_unlock_irqrestore(&domain->lock, flags);
> >> -
> >> - domain_detach_iommu(domain, iommu);
> >> - info->domain = NULL;
> >> -}
> >> -
> > what's required here is slightly different from device_block_translation()
> > which leaves context entry uncleared in scalable mode (implying the
> > pasid table must be valid). but in the release path the pasid table will
> > be freed right after then leading to a use-after-free case.
> >
> > let's add an explicit domain_context_clear() in
> intel_iommu_release_device().
>
> Nice catch!
>
> How about moving the scalable mode context entry management to probe
> and
> release path? Currently, it's part of domain switch, that's really
> irrelevant.
>
sounds good.