On Wed, Feb 26, 2020 at 11:39:59AM -0800, Jacob Pan wrote: > > @@ -442,11 +444,20 @@ static void iommu_sva_unbind_locked(struct > > iommu_bond *bond) > > void iommu_sva_unbind_generic(struct iommu_sva *handle) > > { > > + int pasid; > > struct iommu_param *param = handle->dev->iommu_param; > > > > if (WARN_ON(!param)) > > return; > > > > + /* > > + * Caller stopped the device from issuing PASIDs, now make > > sure they are > > + * out of the fault queue. > > + */ > > + pasid = iommu_sva_get_pasid_generic(handle); > > + if (pasid != IOMMU_PASID_INVALID) > > + iopf_queue_flush_dev(handle->dev, pasid); > > + > I have an ordering concern. > The caller can only stop the device issuing page request but there will > be in-flight request inside the IOMMU. If we flush here before clearing > the PASID context, there might be new request coming in before the > detach. The goal of this flush is also to clear the IOMMU PRI queue. It calls the IOMMU's flush() callback before flushing the workqueue. So when this returns, there shouldn't be any more pending fault. Thanks, Jean > How about detach first then flush? Then anything come after the detach > would be faults. Flush will be clean. > > > mutex_lock(¶m->sva_lock); > > mutex_lock(&iommu_sva_lock); > > iommu_sva_unbind_locked(to_iommu_bond(handle)); > > @@ -484,6 +495,10 @@ int iommu_sva_enable(struct device *dev, struct > > iommu_sva_param *sva_param) goto err_unlock; > > } > > > > + ret = iommu_register_device_fault_handler(dev, > > iommu_queue_iopf, dev); > > + if (ret) > > + goto err_unlock; > > + > > dev->iommu_param->sva_param = new_param; > > mutex_unlock(¶m->sva_lock); > > return 0; > > @@ -521,6 +536,7 @@ int iommu_sva_disable(struct device *dev) > > goto out_unlock; > > } > > > > + iommu_unregister_device_fault_handler(dev); > > kfree(param->sva_param); > > param->sva_param = NULL; > > out_unlock: > > [Jacob Pan]