On Fri, Aug 11, 2023 at 10:21:20AM +0800, Baolu Lu wrote: > > This also has lifetime problems on the mm. > > > > The domain should flow into the iommu_sva_handle_iopf() instead of the > > void *data. > > Okay, but I still want to keep void *data as a private pointer of the > iopf consumer. For SVA, it's probably NULL. I'd rather give the iommu_domain some 'private' void * than pass around weird pointers all over the place... That might be broadly useful, eg iommufd could store the hwpt in there. > > We need to document/figure out some how to ensure that the faults are > > all done processing before a fault enabled domain can be freed. > > This has been documented in drivers/iommu/io-pgfault.c: > > [...] > * Any valid page fault will be eventually routed to an iommu domain and the > * page fault handler installed there will get called. The users of this > * handling framework should guarantee that the iommu domain could only be > * freed after the device has stopped generating page faults (or the iommu > * hardware has been set to block the page faults) and the pending page > faults > * have been flushed. > * > * Return: 0 on success and <0 on error. > */ > int iommu_queue_iopf(struct iommu_fault *fault, void *cookie) > [...] > > > This patch would be better ordered before the prior patch. > > Let me try this in the next version. Okay.. but can we have some debugging to enforce this maybe? Also add a comment when we obtain the domain on this path to see the above about the lifetime Jason