Patch "powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach" has been added to the 6.7-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 19 Feb 2024 07:57:37 -0500

This is a note to let you know that I've just added the patch titled

    powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     powerpc-iommu-fix-the-missing-iommu_group_put-during.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit f0384c476b942abab7a9ac30fd3bc80c9dae832f
Author: Shivaprasad G Bhat <sbhat@xxxxxxxxxxxxx>
Date:   Tue Feb 13 10:05:22 2024 -0600

    powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach
    
    [ Upstream commit 0846dd77c8349ec92ca0079c9c71d130f34cb192 ]
    
    The function spapr_tce_platform_iommu_attach_dev() is missing to call
    iommu_group_put() when the domain is already set. This refcount leak
    shows up with BUG_ON() during DLPAR remove operation as:
    
      KernelBug: Kernel bug in state 'None': kernel BUG at arch/powerpc/platforms/pseries/iommu.c:100!
      Oops: Exception in kernel mode, sig: 5 [#1]
      LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=8192 NUMA pSeries
      <snip>
      Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_016) hv:phyp pSeries
      NIP:  c0000000000ff4d4 LR: c0000000000ff4cc CTR: 0000000000000000
      REGS: c0000013aed5f840 TRAP: 0700   Tainted: G          I         (6.8.0-rc3-autotest-g99bd3cb0d12e)
      MSR:  8000000000029033 <SF,EE,ME,IR,DR,RI,LE>  CR: 44002402  XER: 20040000
      CFAR: c000000000a0d170 IRQMASK: 0
      ...
      NIP iommu_reconfig_notifier+0x94/0x200
      LR  iommu_reconfig_notifier+0x8c/0x200
      Call Trace:
        iommu_reconfig_notifier+0x8c/0x200 (unreliable)
        notifier_call_chain+0xb8/0x19c
        blocking_notifier_call_chain+0x64/0x98
        of_reconfig_notify+0x44/0xdc
        of_detach_node+0x78/0xb0
        ofdt_write.part.0+0x86c/0xbb8
        proc_reg_write+0xf4/0x150
        vfs_write+0xf8/0x488
        ksys_write+0x84/0x140
        system_call_exception+0x138/0x330
        system_call_vectored_common+0x15c/0x2ec
    
    The patch adds the missing iommu_group_put() call.
    
    Fixes: a8ca9fc9134c ("powerpc/iommu: Do not do platform domain attach atctions after probe")
    Reported-by: Venkat Rao Bagalkote <venkat88@xxxxxxxxxxxxxxxxxx>
    Closes: https://lore.kernel.org/all/274e0d2b-b5cc-475e-94e6-8427e88e271d@xxxxxxxxxxxxxxxxxx/
    Signed-off-by: Shivaprasad G Bhat <sbhat@xxxxxxxxxxxxx>
    Tested-by: Venkat Rao Bagalkote <venkat88@xxxxxxxxxxxxxxxxxx>
    Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
    Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
    Link: https://msgid.link/170784021983.6249.10039296655906636112.stgit@xxxxxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/powerpc/kernel/iommu.c b/arch/powerpc/kernel/iommu.c
index c6f62e130d55..4393d447cb56 100644
--- a/arch/powerpc/kernel/iommu.c
+++ b/arch/powerpc/kernel/iommu.c
@@ -1290,8 +1290,10 @@ spapr_tce_platform_iommu_attach_dev(struct iommu_domain *platform_domain,
 	int ret = -EINVAL;
 
 	/* At first attach the ownership is already set */
-	if (!domain)
+	if (!domain) {
+		iommu_group_put(grp);
 		return 0;
+	}
 
 	if (!grp)
 		return -ENODEV;







