Re: [PATCH v3 3/3] iova: defer maple tree erase on GFP_ATOMIC failure
From: Jason Gunthorpe
Date: Fri Jun 12 2026 - 12:49:05 EST
On Fri, Jun 12, 2026 at 12:02:55PM -0400, Rik van Riel wrote:
> On Tue, 2026-06-09 at 10:04 -0300, Jason Gunthorpe wrote:
> > On Tue, Jun 02, 2026 at 11:35:48PM -0400, Rik van Riel wrote:
> > > +/*
> > > + * Remove an IOVA entry from the maple tree. Returns true on
> > > success.
> > > + * On failure (maple tree node allocation under GFP_ATOMIC
> > > failed),
> > > + * returns false — the entry remains in the tree and the caller
> > > must
> > > + * not free the struct iova.
> > > + */
> > > +static bool remove_iova(struct iova_domain *iovad, struct iova
> > > *iova)
> > > {
> > > MA_STATE(mas, &iovad->mtree, iova->pfn_lo, iova->pfn_hi);
> > >
> > > @@ -165,7 +175,36 @@ static void remove_iova(struct iova_domain
> > > *iovad, struct iova *iova)
> > > if (iova->pfn_lo < iovad->dma_32bit_pfn)
> > > iovad->max32_alloc_size = iovad->dma_32bit_pfn;
> > >
> > > - mas_store_gfp(&mas, NULL, GFP_ATOMIC);
> > > + if (mas_store_gfp(&mas, NULL, GFP_ATOMIC))
> > > + return false;
> >
> > But why does it use mas_store(NULL) instead of mas_erase()? I thought
> > the iova alloc/free has to be pair wise, we don't split allocations?
> >
> I just looked into this some more, and I was
> confused earlier this week.
>
> The mas_erase() function calls mas_nomem(mas, GFP_KERNEL),
> which is not safe to call while holding a spinlock.
Oh, the kdoc doesn't say that, it doesn't return any error code if it
can't allocate memory, and not a single caller checks for erase
failures.
I assumed internally it "somehow worked out" even though there are
allocations in the callchains..
This is probably a better question for Liam? Can mtree_erase actually
fail ENOMEM? Is it safe to call it in an atomic context?
Jason