Re: [PATCH v3] dmaengine: idxd: fix fdev setup failure cleanup in idxd_cdev_open()

Next message: Jakub Kicinski: "Re: [PATCH] MAINTAINERS: Update Jason Wang's email address"
Previous message: Pasha Tatashin: "Re: [PATCH v5 2/3] kho: add KHOSER_COPY_PTR to allow phys copy of serialized ptr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Vinicius Costa Gomes

Date: Fri Jun 26 2026 - 21:00:42 EST

Hi,

Yuho Choi <dbgh9129@xxxxxxxxx> writes:

> The failed_dev_add and failed_dev_name paths drop the file-device
> reference while wq->wq_lock is still held. If put_device(fdev) drops the
> last reference, idxd_file_dev_release() runs synchronously and tries to
> take wq->wq_lock again, deadlocking.
>
> Those paths also fall through into the later ctx cleanup labels even
> though idxd_file_dev_release() owns that cleanup and frees ctx. This can
> make idxd_xa_pasid_remove(ctx) and kfree(ctx) operate on a freed context.
>
> Move idxd_wq_get() before file-device setup can fail, since the release
> callback always calls idxd_wq_put(). Then unlock wq->wq_lock before
> put_device(fdev) and return directly from the file-device setup failure
> path, leaving ctx cleanup to the release callback.
>
> Fixes: e6fd6d7e5f0fe ("dmaengine: idxd: add a device to represent the file opened")
> Signed-off-by: Yuho Choi <dbgh9129@xxxxxxxxx>
> ---

Acked-by: Vinicius Costa Gomes <vinicius.gomes@xxxxxxxxx>

Cheers,
--
Vinicius