On Thu, Mar 02, 2023 at 08:12:28AM +0000, Tian, Kevin wrote: > > From: Jason Gunthorpe <jgg@xxxxxxxxxx> > > Sent: Saturday, February 25, 2023 8:28 AM > > > > @@ -481,11 +481,7 @@ void iommufd_device_detach(struct > > iommufd_device *idev) > > hwpt = iommufd_hw_pagetable_detach(idev); > > mutex_unlock(&idev->igroup->lock); > > > > - if (hwpt->auto_domain) > > - iommufd_object_destroy_user(idev->ictx, &hwpt->obj); > > - else > > - refcount_dec(&hwpt->obj.users); > > - > > + iommufd_hw_pagetable_put(idev->ictx, hwpt); > > refcount_dec(&idev->obj.users); > > } > > As commented in patch3 this should be called in > iommufd_hw_pagetable_detach() when idev->igroup->hwpt is cleared. Same answer, has to be called after we unlock everything. The issue is not device_detach which has simple locking but iommufd_device_change_pt() in a later patch. Jason
