On 2024/6/29 5:06, Jason Gunthorpe wrote:
On Sun, Jun 16, 2024 at 02:11:49PM +0800, Lu Baolu wrote:+int iommu_replace_group_handle(struct iommu_group *group, + struct iommu_domain *new_domain, + struct iommu_attach_handle *handle) +{ + struct iommu_domain *old_domain = group->domain; + void *curr; + int ret; + + if (!new_domain) + return -EINVAL; + + mutex_lock(&group->mutex); + ret = __iommu_group_set_domain(group, new_domain); + if (ret) + goto err_unlock; + xa_erase(&group->pasid_array, IOMMU_NO_PASID); + if (handle) { + curr = xa_store(&group->pasid_array, IOMMU_NO_PASID, handle, GFP_KERNEL); + if (xa_err(curr)) { + ret = xa_err(curr); + goto err_restore;But this error unwind doesn't work because the xa_erase() already happened and there may have been a handle there that we don't put back.
Yes, you are right.
Something like this - store to a reserved entry cannot fail:
This code looks good to me. Thanks! Best regards, baolu
