From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 73167C433FE
	for <linux-mm@archiver.kernel.org>; Fri, 10 Dec 2021 18:05:44 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id EBADB6B0073; Fri, 10 Dec 2021 13:05:33 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id E69BD6B0074; Fri, 10 Dec 2021 13:05:33 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D59126B0075; Fri, 10 Dec 2021 13:05:33 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (relay026.a.hostedemail.com [64.99.140.26])
	by kanga.kvack.org (Postfix) with ESMTP id C83CD6B0073
	for <linux-mm@kvack.org>; Fri, 10 Dec 2021 13:05:33 -0500 (EST)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 89B1221E87
	for <linux-mm@kvack.org>; Fri, 10 Dec 2021 18:05:23 +0000 (UTC)
X-FDA: 78902661726.03.8E04956
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56])
	by imf09.hostedemail.com (Postfix) with ESMTP id 3011A140010
	for <linux-mm@kvack.org>; Fri, 10 Dec 2021 18:05:21 +0000 (UTC)
Received: from fraeml713-chm.china.huawei.com (unknown [172.18.147.206])
	by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4J9f0G3hr0z67mFG;
	Sat, 11 Dec 2021 02:03:26 +0800 (CST)
Received: from lhreml724-chm.china.huawei.com (10.201.108.75) by
 fraeml713-chm.china.huawei.com (10.206.15.32) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.20; Fri, 10 Dec 2021 19:05:20 +0100
Received: from [10.47.93.58] (10.47.93.58) by lhreml724-chm.china.huawei.com
 (10.201.108.75) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Fri, 10 Dec
 2021 18:05:19 +0000
Subject: Re: [PATCH v2 01/11] iommu/iova: Fix race between FQ timeout and
 teardown
To: Robin Murphy <robin.murphy@arm.com>, <joro@8bytes.org>, <will@kernel.org>
CC: <iommu@lists.linux-foundation.org>, <suravee.suthikulpanit@amd.com>,
	<baolu.lu@linux.intel.com>, <willy@infradead.org>,
	<linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>, Xiongfeng Wang
	<wangxiongfeng2@huawei.com>
References: <cover.1639157090.git.robin.murphy@arm.com>
 <ecea6835baca75b945bd8ecfaa636ff01dabcc1d.1639157090.git.robin.murphy@arm.com>
From: John Garry <john.garry@huawei.com>
Message-ID: <03cbd9c4-0f11-895b-8eb5-1b75bb74d37c@huawei.com>
Date: Fri, 10 Dec 2021 18:04:53 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <ecea6835baca75b945bd8ecfaa636ff01dabcc1d.1639157090.git.robin.murphy@arm.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.47.93.58]
X-ClientProxiedBy: lhreml723-chm.china.huawei.com (10.201.108.74) To
 lhreml724-chm.china.huawei.com (10.201.108.75)
X-CFilter-Loop: Reflected
X-Rspamd-Queue-Id: 3011A140010
Authentication-Results: imf09.hostedemail.com;
	dkim=none;
	spf=pass (imf09.hostedemail.com: domain of john.garry@huawei.com designates 185.176.79.56 as permitted sender) smtp.mailfrom=john.garry@huawei.com;
	dmarc=pass (policy=quarantine) header.from=huawei.com
X-Rspamd-Server: rspam04
X-Stat-Signature: ud7ftbk9yrqt15mjzd7gqzi7wopgswcn
X-HE-Tag: 1639159521-249473
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 10/12/2021 17:54, Robin Murphy wrote:
> From: Xiongfeng Wang<wangxiongfeng2@huawei.com>
> 
> It turns out to be possible for hotplugging out a device to reach the
> stage of tearing down the device's group and default domain before the
> domain's flush queue has drained naturally. At this point, it is then
> possible for the timeout to expire just*before*  the del_timer() call

super nit: "just*before*  the" - needs a whitespace before "before" :)

> from free_iova_flush_queue(), such that we then proceed to free the FQ
> resources while fq_flush_timeout() is still accessing them on another
> CPU. Crashes due to this have been observed in the wild while removing
> NVMe devices.
> 
> Close the race window by using del_timer_sync() to safely wait for any
> active timeout handler to finish before we start to free things. We
> already avoid any locking in free_iova_flush_queue() since the FQ is
> supposed to be inactive anyway, so the potential deadlock scenario does
> not apply.
> 
> Fixes: 9a005a800ae8 ("iommu/iova: Add flush timer")
> Signed-off-by: Xiongfeng Wang<wangxiongfeng2@huawei.com>
> [ rm: rewrite commit message ]
> Signed-off-by: Robin Murphy<robin.murphy@arm.com>

FWIW,

Reviewed-by: John Garry <john.garry@huawei.com>