[PATCH 2/2] vdpa_sim: hold iommu_lock across dma_unmap passthrough transition

Next message: Xiong Weimin: "[PATCH 1/2] vdpa_sim: clear pending_kick on device reset"
Previous message: Hui Zhu: "[PATCH v6] mm: assert exclusive nid/zonenum bits at the page/folio access sites"
In reply to: Xiong Weimin: "[PATCH 0/2] vdpa_sim: fix suspend/reset and dma_unmap locking"
Next in thread: Xiong Weimin: "[PATCH 1/2] vdpa_sim: clear pending_kick on device reset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xiong Weimin

Date: Thu Jun 25 2026 - 22:07:42 EST

From: Xiong Weimin <xiongweimin@xxxxxxxxxx>

vdpasim_dma_map() updates the IOTLB and the passthrough (iommu_pt)
state under iommu_lock. vdpasim_dma_unmap() clears iommu_pt and
resets the IOTLB before taking iommu_lock, then deletes the mapping
while holding the lock.

A concurrent dma_map(), dma_unmap(), or reset path that also touches
the same address space can therefore observe or modify the IOTLB and
iommu_pt state without consistent locking.

Perform the passthrough transition and range deletion under the same
iommu_lock scope, matching dma_map().

Tested-on: openEuler VM (6.16.8, /usr/src/linux-6.16.8)
Tested-by: Xiong Weimin <xiongweimin@xxxxxxxxxx>

Signed-off-by: Xiong Weimin <xiongweimin@xxxxxxxxxx>
---
drivers/vdpa/vdpa_sim/vdpa_sim.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/vdpa/vdpa_sim/vdpa_sim.c
+++ b/drivers/vdpa/vdpa_sim/vdpa_sim.c
@@ -736,12 +736,11 @@ static int vdpasim_dma_unmap(struct vdpa_device *vdpa, unsigned int asid,
if (asid >= vdpasim->dev_attr.nas)
return -EINVAL;

+ spin_lock(&vdpasim->iommu_lock);
if (vdpasim->iommu_pt[asid]) {
vhost_iotlb_reset(&vdpasim->iommu[asid]);
vdpasim->iommu_pt[asid] = false;
}
-
- spin_lock(&vdpasim->iommu_lock);
vhost_iotlb_del_range(&vdpasim->iommu[asid], iova, iova + size - 1);
spin_unlock(&vdpasim->iommu_lock);

--
2.43.0