> From: Baolu Lu <baolu.lu@xxxxxxxxxxxxxxx>
> Sent: Thursday, August 31, 2023 7:25 PM
>
> On 2023/8/30 15:55, Tian, Kevin wrote:
> >> From: Baolu Lu <baolu.lu@xxxxxxxxxxxxxxx>
> >> Sent: Saturday, August 26, 2023 4:04 PM
> >>
> >> On 8/25/23 4:17 PM, Tian, Kevin wrote:
> >>>> +static void assert_no_pending_iopf(struct device *dev, ioasid_t pasid)
> >>>> +{
> >>>> + struct iommu_fault_param *iopf_param = dev->iommu-
> >>>>> fault_param;
> >>>> + struct iopf_fault *iopf;
> >>>> +
> >>>> + if (!iopf_param)
> >>>> + return;
> >>>> +
> >>>> + mutex_lock(&iopf_param->lock);
> >>>> + list_for_each_entry(iopf, &iopf_param->partial, list) {
> >>>> + if (WARN_ON(iopf->fault.prm.pasid == pasid))
> >>>> + break;
> >>>> + }
> >>> partial list is protected by dev_iommu lock.
> >>>
> >>
> >> Ah, do you mind elaborating a bit more? In my mind, partial list is
> >> protected by dev_iommu->fault_param->lock.
> >>
> >
> > well, it's not how the code is currently written. iommu_queue_iopf()
> > doesn't hold dev_iommu->fault_param->lock to update the partial
> > list.
> >
> > while at it looks there is also a mislocking in iopf_queue_discard_partial()
> > which only acquires queue->lock.
> >
> > So we have three places touching the partial list all with different locks:
> >
> > - iommu_queue_iopf() relies on dev_iommu->lock
> > - iopf_queue_discard_partial() relies on queue->lock
> > - this new assert function uses dev_iommu->fault_param->lock
>
> Yeah, I see your point now. Thanks for the explanation.
>
> So, my understanding is that dev_iommu->lock protects the whole
> pointer of dev_iommu->fault_param, while dev_iommu->fault_param->lock
> protects the lists inside it.
>
yes. let's use fault_param->lock consistently for those lists in all paths.
