Re: [PATCH v3 3/4] drivers/iommu-debug-pagealloc: Track IOMMU pages
From: Baolu Lu
Date: Tue Nov 25 2025 - 02:59:30 EST
On 11/25/25 04:08, Mostafa Saleh wrote:
void __iommu_debug_unmap_end(struct iommu_domain *domain,
unsigned long iova, size_t size,
size_t unmapped)
{
+ if (unmapped == size)
+ return;
+
+ /*
+ * If unmap failed, re-increment the refcount, but if it unmapped
+ * larger size, decrement the extra part.
+ */
+ if (unmapped < size)
+ __iommu_debug_update_iova(domain, iova + unmapped,
+ size - unmapped, true);
+ else
+ __iommu_debug_update_iova(domain, iova + size,
+ unmapped - size, false);
In any case, could the 'else' branch become a real operation?
In the __iommu_unmap():
/*
* Keep iterating until we either unmap 'size' bytes (or more)
* or we hit an area that isn't mapped.
*/
while (unmapped < size) {
size_t pgsize, count;
pgsize = iommu_pgsize(domain, iova, iova, size -
unmapped, &count);
unmapped_page = ops->unmap_pages(domain, iova, pgsize,
count, iotlb_gather);
if (!unmapped_page)
break;
pr_debug("unmapped: iova 0x%lx size 0x%zx\n",
iova, unmapped_page);
iova += unmapped_page;
unmapped += unmapped_page;
}
The comments say that it is possible to unmap more bytes than 'size',
but isn't it a bug if this helper unmaps more than the caller desired?
Thanks,
baolu