From: John Garry <john.garry@huawei.com>
To: Robin Murphy <robin.murphy@arm.com>, <joro@8bytes.org>,
<will@kernel.org>
Cc: <iommu@lists.linux-foundation.org>,
<suravee.suthikulpanit@amd.com>, <baolu.lu@linux.intel.com>,
<willy@infradead.org>, <linux-kernel@vger.kernel.org>,
<linux-mm@kvack.org>, Xiongfeng Wang <wangxiongfeng2@huawei.com>
Subject: Re: [PATCH v2 01/11] iommu/iova: Fix race between FQ timeout and teardown
Date: Fri, 10 Dec 2021 18:04:53 +0000 [thread overview]
Message-ID: <03cbd9c4-0f11-895b-8eb5-1b75bb74d37c@huawei.com> (raw)
In-Reply-To: <ecea6835baca75b945bd8ecfaa636ff01dabcc1d.1639157090.git.robin.murphy@arm.com>
On 10/12/2021 17:54, Robin Murphy wrote:
> From: Xiongfeng Wang<wangxiongfeng2@huawei.com>
>
> It turns out to be possible for hotplugging out a device to reach the
> stage of tearing down the device's group and default domain before the
> domain's flush queue has drained naturally. At this point, it is then
> possible for the timeout to expire just*before* the del_timer() call
super nit: "just*before* the" - needs a whitespace before "before" :)
> from free_iova_flush_queue(), such that we then proceed to free the FQ
> resources while fq_flush_timeout() is still accessing them on another
> CPU. Crashes due to this have been observed in the wild while removing
> NVMe devices.
>
> Close the race window by using del_timer_sync() to safely wait for any
> active timeout handler to finish before we start to free things. We
> already avoid any locking in free_iova_flush_queue() since the FQ is
> supposed to be inactive anyway, so the potential deadlock scenario does
> not apply.
>
> Fixes: 9a005a800ae8 ("iommu/iova: Add flush timer")
> Signed-off-by: Xiongfeng Wang<wangxiongfeng2@huawei.com>
> [ rm: rewrite commit message ]
> Signed-off-by: Robin Murphy<robin.murphy@arm.com>
FWIW,
Reviewed-by: John Garry <john.garry@huawei.com>
next prev parent reply other threads:[~2021-12-10 18:05 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-10 17:54 [PATCH v2 00/11] iommu: refactor flush queues into iommu-dma Robin Murphy
2021-12-10 17:54 ` [PATCH v2 01/11] iommu/iova: Fix race between FQ timeout and teardown Robin Murphy
2021-12-10 18:04 ` John Garry [this message]
2021-12-10 18:13 ` Robin Murphy
2021-12-10 19:19 ` John Garry
2021-12-10 17:54 ` [PATCH v2 02/11] gpu: host1x: Add missing DMA API include Robin Murphy
2021-12-16 8:53 ` Thierry Reding
2021-12-10 17:54 ` [PATCH v2 03/11] drm/tegra: vic: Fix DMA API misuse Robin Murphy
2021-12-16 8:01 ` Christoph Hellwig
2021-12-16 8:55 ` Thierry Reding
2021-12-10 17:54 ` [PATCH v2 04/11] iommu/iova: Squash entry_dtor abstraction Robin Murphy
2021-12-14 16:39 ` John Garry
2021-12-16 8:02 ` Christoph Hellwig
2021-12-10 17:54 ` [PATCH v2 05/11] iommu/iova: Squash flush_cb abstraction Robin Murphy
2021-12-14 16:39 ` John Garry
2021-12-16 8:02 ` Christoph Hellwig
2021-12-17 12:08 ` Robin Murphy
2021-12-10 17:54 ` [PATCH v2 06/11] iommu/amd: Simplify pagetable freeing Robin Murphy
2021-12-10 17:54 ` [PATCH v2 07/11] iommu/amd: Use put_pages_list Robin Murphy
2021-12-10 17:54 ` [PATCH v2 08/11] iommu/vt-d: " Robin Murphy
2021-12-10 17:54 ` [PATCH v2 09/11] iommu/iova: Consolidate flush queue code Robin Murphy
2021-12-14 16:39 ` John Garry
2021-12-10 17:54 ` [PATCH v2 10/11] iommu/iova: Move flush queue code to iommu-dma Robin Murphy
2021-12-14 16:40 ` John Garry
2021-12-14 17:18 ` John Garry
2021-12-14 17:50 ` Robin Murphy
2021-12-10 17:54 ` [PATCH v2 11/11] iommu: Move flush queue data into iommu_dma_cookie Robin Murphy
2021-12-10 23:30 ` kernel test robot
2021-12-10 23:50 ` kernel test robot
2021-12-14 17:16 ` John Garry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=03cbd9c4-0f11-895b-8eb5-1b75bb74d37c@huawei.com \
--to=john.garry@huawei.com \
--cc=baolu.lu@linux.intel.com \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=robin.murphy@arm.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=wangxiongfeng2@huawei.com \
--cc=will@kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).