From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A71F9C433EF for ; Fri, 10 Dec 2021 18:13:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 368076B0072; Fri, 10 Dec 2021 13:13:27 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 316BB6B0073; Fri, 10 Dec 2021 13:13:27 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 204F06B0074; Fri, 10 Dec 2021 13:13:27 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0095.hostedemail.com [216.40.44.95]) by kanga.kvack.org (Postfix) with ESMTP id 12A0A6B0072 for ; Fri, 10 Dec 2021 13:13:27 -0500 (EST) Received: from smtpin09.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id D1060180EB715 for ; Fri, 10 Dec 2021 18:13:16 +0000 (UTC) X-FDA: 78902681592.09.6CF2695 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by imf06.hostedemail.com (Postfix) with ESMTP id 72A3A180009 for ; Fri, 10 Dec 2021 18:13:15 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 70F0212FC; Fri, 10 Dec 2021 10:13:15 -0800 (PST) Received: from [10.57.34.58] (unknown [10.57.34.58]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3668E3F73D; Fri, 10 Dec 2021 10:13:14 -0800 (PST) Message-ID: <80145652-b9ca-57b5-ad95-ca12d6a25eea@arm.com> Date: Fri, 10 Dec 2021 18:13:09 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Thunderbird/91.3.2 Subject: Re: [PATCH v2 01/11] iommu/iova: Fix race between FQ timeout and teardown Content-Language: en-GB To: John Garry , joro@8bytes.org, will@kernel.org Cc: linux-kernel@vger.kernel.org, willy@infradead.org, linux-mm@kvack.org, iommu@lists.linux-foundation.org, Xiongfeng Wang References: <03cbd9c4-0f11-895b-8eb5-1b75bb74d37c@huawei.com> From: Robin Murphy In-Reply-To: <03cbd9c4-0f11-895b-8eb5-1b75bb74d37c@huawei.com> Content-Type: text/plain; charset=UTF-8; format=flowed X-Stat-Signature: aatup1fmz55ocokhf5bqnbg11swittew Authentication-Results: imf06.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=arm.com; spf=pass (imf06.hostedemail.com: domain of robin.murphy@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=robin.murphy@arm.com X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 72A3A180009 X-HE-Tag: 1639159995-426036 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2021-12-10 18:04, John Garry via iommu wrote: > On 10/12/2021 17:54, Robin Murphy wrote: >> From: Xiongfeng Wang >> >> It turns out to be possible for hotplugging out a device to reach the >> stage of tearing down the device's group and default domain before the >> domain's flush queue has drained naturally. At this point, it is then >> possible for the timeout to expire just*before*=C2=A0 the del_timer() = call >=20 > super nit: "just*before*=C2=A0 the" - needs a whitespace before "before= " :) Weird... the original patch file here and the copy received by lore via=20 linux-iommu look fine, gremlins in your MUA or delivery path perhaps? >> from free_iova_flush_queue(), such that we then proceed to free the FQ >> resources while fq_flush_timeout() is still accessing them on another >> CPU. Crashes due to this have been observed in the wild while removing >> NVMe devices. >> >> Close the race window by using del_timer_sync() to safely wait for any >> active timeout handler to finish before we start to free things. We >> already avoid any locking in free_iova_flush_queue() since the FQ is >> supposed to be inactive anyway, so the potential deadlock scenario doe= s >> not apply. >> >> Fixes: 9a005a800ae8 ("iommu/iova: Add flush timer") >> Signed-off-by: Xiongfeng Wang >> [ rm: rewrite commit message ] >> Signed-off-by: Robin Murphy >=20 > FWIW, >=20 > Reviewed-by: John Garry Thanks John! Robin.