On Thu, 2022-10-06 at 17:02 -0400, Matthew Rosato wrote:
> On 10/6/22 10:46 AM, Niklas Schnelle wrote:
> > Since commit fa7e9ecc5e1c ("iommu/s390: Tolerate repeat attach_dev
> > calls") we can end up with duplicates in the list of devices attached to
> > a domain. This is inefficient and confusing since only one domain can
> > actually be in control of the IOMMU translations for a device. Fix this
> > by detaching the device from the previous domain, if any, on attach.
> > Add a WARN_ON() in case we still have attached devices on freeing the
> > domain. While here remove the re-attach on failure dance as it was
> > determined to be unlikely to help and may confuse debug and recovery.
> >
> > Fixes: fa7e9ecc5e1c ("iommu/s390: Tolerate repeat attach_dev calls")
> > Signed-off-by: Niklas Schnelle <schnelle@xxxxxxxxxxxxx>
> > ---
> > v4->v5:
> > - Unregister IOAT and set zdev->dma_table on error (Matt)
> >
> ...
>
> > static int s390_iommu_attach_device(struct iommu_domain *domain,
> > struct device *dev)
> > {
> > @@ -90,7 +116,7 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
> > struct zpci_dev *zdev = to_zpci_dev(dev);
> > struct s390_domain_device *domain_device;
> > unsigned long flags;
> > - int cc, rc;
> > + int cc, rc = 0;
> >
> > if (!zdev)
> > return -ENODEV;
> > @@ -99,23 +125,17 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
> > if (!domain_device)
> > return -ENOMEM;
> >
> > - if (zdev->dma_table && !zdev->s390_domain) {
> > - cc = zpci_dma_exit_device(zdev);
> > - if (cc) {
> > - rc = -EIO;
> > - goto out_free;
> > - }
> > - }
> > -
> > if (zdev->s390_domain)
> > - zpci_unregister_ioat(zdev, 0);
> > + __s390_iommu_detach_device(zdev);
> > + else if (zdev->dma_table)
> > + zpci_dma_exit_device(zdev);
> >
> > zdev->dma_table = s390_domain->dma_table;
> > cc = zpci_register_ioat(zdev, 0, zdev->start_dma, zdev->end_dma,
> > virt_to_phys(zdev->dma_table));
> > if (cc) {
> > rc = -EIO;
> > - goto out_restore;
> > + goto out_free;
> > }
>
> Hmm, with this we will leave attach_dev with a zdev->dma_table associated with this domain (not one generated via zpci_dma_init_device) and zdev->s390_domain == 0. Won't this cause both s390_domain_free and zpci_dma_exit_device() to try and free the same dma table?
>
> I think we also have to leave with a NULL zdev->dma_table in this case too (you technically could skip the zpci_unregister_ioat)
Argh you're right. This is I think a a bad rebase, in v4 I had the
zpci_register_ioat() use s390_domain->dma_table and only set zdev-
>dma_table after that succeeded. I seem to have lost that part
somewhere along the way. With that we zdev->dma_table would be NULL and
all would be good.
>
> >
> > spin_lock_irqsave(&s390_domain->list_lock, flags);
> > @@ -127,9 +147,9 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
> > /* Allow only devices with identical DMA range limits */
> > } else if (domain->geometry.aperture_start != zdev->start_dma ||
> > domain->geometry.aperture_end != zdev->end_dma) {
> > - rc = -EINVAL;
> > spin_unlock_irqrestore(&s390_domain->list_lock, flags);
> > - goto out_restore;
> > + rc = -EINVAL;
> > + goto out_unregister;
> > }
> > domain_device->zdev = zdev;
> > zdev->s390_domain = s390_domain;
> > @@ -138,14 +158,9 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
> >
> > return 0;
> >
> > -out_restore:
> > - if (!zdev->s390_domain) {
> > - zpci_dma_init_device(zdev);
> > - } else {
> > - zdev->dma_table = zdev->s390_domain->dma_table;
> > - zpci_register_ioat(zdev, 0, zdev->start_dma, zdev->end_dma,
> > - virt_to_phys(zdev->dma_table));
> > - }
> > +out_unregister:
> > + zpci_unregister_ioat(zdev, 0);
> > + zdev->dma_table = NULL;
> > out_free:
> > kfree(domain_device);
> >
