> + down_read(&ioas->iopt.iova_rwsem);
> + info.flags = VFIO_IOMMU_INFO_PGSIZES;
> + info.iova_pgsizes = iommufd_get_pagesizes(ioas);
> + info.cap_offset = 0;
The iommufd_get_pagesizes() obtains the domains_rwsem and cannot be
called under the iova_rwsem due to lock odering.
The test suite already covers this, but it turns out my test
environment had lockdep disabled since it hits a Intel iommu lockdep
splat on boot starting in v6.1-rc1 :\ Syzkaller found it because it
runs the VM with different options and avoids the boot splat.
@@ -371,11 +371,11 @@ static int iommufd_vfio_iommu_get_info(struct iommufd_ctx *ictx,
if (IS_ERR(ioas))
return PTR_ERR(ioas);
- down_read(&ioas->iopt.iova_rwsem);
info.flags = VFIO_IOMMU_INFO_PGSIZES;
info.iova_pgsizes = iommufd_get_pagesizes(ioas);
info.cap_offset = 0;
+ down_read(&ioas->iopt.iova_rwsem);
total_cap_size = sizeof(info);
for (i = 0; i != ARRAY_SIZE(fill_fns); i++) {
int cap_size;
Jason
