From: Jason Gunthorpe <jgg@nvidia.com>
To: Vasant Hegde <vasant.hegde@amd.com>
Cc: iommu@lists.linux.dev, joro@8bytes.org,
suravee.suthikulpanit@amd.com,
Daniel Marcovitch <dmarcovitch@nvidia.com>
Subject: Re: [PATCH 3/3] iommu/amd/iommu_v2: Prevent scheduling new ppr notifier during unbind_pasid
Date: Tue, 24 Jan 2023 11:33:20 -0400 [thread overview]
Message-ID: <Y8/6QCuqK9UGJgi1@nvidia.com> (raw)
In-Reply-To: <20230124104355.119166-4-vasant.hegde@amd.com>
On Tue, Jan 24, 2023 at 10:43:55AM +0000, Vasant Hegde wrote:
> From: Daniel Marcovitch <dmarcovitch@nvidia.com>
>
> The pasid state wait_queue / ref_count mechanism allows unbind_pasid to
> wait for all outstanding ppr requests to be completed prior to freeing
> pasid_state.
>
> However, we are still missing a mechanism to prevent new ppr_notifier
> being invoked after refcount has been decremented to 0, and prior to
> pasid_state deallocation.
>
> This can cause unallocated memory access.
>
> Fixed by changing ref_count_inc to ref_count_inc_not_zero to ensure no
> new ppr_handler starts after pasid has been unbound and NULL (invalid)
> pasid_state is returned on zero.
It looks like this is prevented by clear_pasid_state() which will NULL
the pasid entry under the spinlock before an attempt is made to zero
the refcount?
Though maybe that is missed in the free_pasid_states() path?
Also this whole thing is just begging to be converted into an xarray..
Jason
next prev parent reply other threads:[~2023-01-24 15:33 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-24 10:43 [PATCH 0/3] iommu/amd/iommu_v2: Fix refcount related issues Vasant Hegde
2023-01-24 10:43 ` [PATCH 1/3] iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind Vasant Hegde
2023-01-24 15:23 ` Jason Gunthorpe
2023-01-27 4:44 ` Vasant Hegde
2023-01-27 12:58 ` Jason Gunthorpe
2023-01-24 10:43 ` [PATCH 2/3] iommu/amd/iommu_v2: Fix pasid_state->wq race Vasant Hegde
2023-01-24 15:30 ` Jason Gunthorpe
2023-01-24 10:43 ` [PATCH 3/3] iommu/amd/iommu_v2: Prevent scheduling new ppr notifier during unbind_pasid Vasant Hegde
2023-01-24 15:33 ` Jason Gunthorpe [this message]
2023-01-27 4:58 ` Vasant Hegde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y8/6QCuqK9UGJgi1@nvidia.com \
--to=jgg@nvidia.com \
--cc=dmarcovitch@nvidia.com \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=suravee.suthikulpanit@amd.com \
--cc=vasant.hegde@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.