在 2021/7/5 上午4:52, gautam.dawar@xxxxxxxxxx 写道:
vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
@@ -1091,11 +1122,13 @@ static void vhost_vdpa_remove(struct vdpa_device *vdpa)
opened = atomic_cmpxchg(&v->opened, 0, 1);
if (!opened)
break;
- wait_for_completion_timeout(&v->completion,
- msecs_to_jiffies(1000));
- dev_warn_once(&v->dev,
- "%s waiting for/dev/%s to be closed\n",
- __func__, dev_name(&v->dev));
+ if (!wait_for_completion_timeout(&v->completion,
+ msecs_to_jiffies(1000))) {
+ dev_warn(&v->dev,
+ "%s/dev/%s in use, continue..\n",
+ __func__, dev_name(&v->dev));
+ break;
+ }
} while (1);
put_device(&v->dev);
+ v->dev_invalid = true;
Besides the mapping handling mentioned by Michael. I think this can lead
use-after-free. put_device may release the memory.
Another fundamental issue, vDPA is the parent of vhost-vDPA device. I'm
not sure the device core can allow the parent to go away first.
Thanks
