[PATCH 5/8] iommu/qcom: Publish pgtbl_ops before releasing init_mutex

Next message: Mukesh Ojha: "[PATCH 8/8] iommu/qcom: Document why sec_ptbl allocated flag needs no locking"
Previous message: Mukesh Ojha: "[PATCH 4/8] iommu/qcom: Fix pgtbl_ops leak in qcom_iommu_init_domain() error path"
In reply to: Konrad Dybcio: "Re: [PATCH 4/8] iommu/qcom: Fix pgtbl_ops leak in qcom_iommu_init_domain() error path"
Next in thread: Konrad Dybcio: "Re: [PATCH 5/8] iommu/qcom: Publish pgtbl_ops before releasing init_mutex"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mukesh Ojha

Date: Tue Jun 23 2026 - 08:22:07 EST

qcom_domain->pgtbl_ops was assigned after mutex_unlock(). Another thread
calling qcom_iommu_init_domain() would see qcom_domain->iommu already set
(domain fully initialized) and skip re-initialization under the mutex.
If it then called qcom_iommu_map() before the first thread set pgtbl_ops,
it would observe a NULL ops pointer and return -ENODEV for valid mappings.

Move the assignment to before mutex_unlock() so that once the mutex is
released the domain is fully visible to concurrent operations.

Signed-off-by: Mukesh Ojha <mukesh.ojha@xxxxxxxxxxxxxxxx>
---
drivers/iommu/arm/arm-smmu/qcom_iommu.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/iommu/arm/arm-smmu/qcom_iommu.c b/drivers/iommu/arm/arm-smmu/qcom_iommu.c
index b6ce85f7f923..40fb0408dc07 100644
--- a/drivers/iommu/arm/arm-smmu/qcom_iommu.c
+++ b/drivers/iommu/arm/arm-smmu/qcom_iommu.c
@@ -306,13 +306,12 @@ static int qcom_iommu_init_domain(struct iommu_domain *domain,
ctx->domain = domain;
}

- mutex_unlock(&qcom_domain->init_mutex);
-
/* Publish page table ops for map/unmap */
qcom_domain->pgtbl_ops = pgtbl_ops;

- return 0;
+ mutex_unlock(&qcom_domain->init_mutex);

+ return 0;
out_clear_iommu:
free_io_pgtable_ops(pgtbl_ops);
qcom_domain->iommu = NULL;
--
2.53.0