On Fri, Jan 17, 2025 at 01:58:00PM +0800, Lu Baolu wrote:
> The iopf_queue_remove_device() helper removes a device from the per-iommu
> iopf queue when PRI is disabled on the device. It responds to all
> outstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the
> device from the queue.
>
> However, it fails to release the group structure that represents a group
> of iopf's awaiting for a response after responding to the hardware. This
> can cause a memory leak if iopf_queue_remove_device() is called with
> pending iopf's.
>
> Fix it by calling iopf_free_group() after the iopf group is responded.
>
> Fixes: 199112327135 ("iommu: Track iopf group instead of last fault")
> Cc: stable@xxxxxxxxxxxxxxx
> Suggested-by: Kevin Tian <kevin.tian@xxxxxxxxx>
> Signed-off-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> ---
> drivers/iommu/io-pgfault.c | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
Jason
