On Wed, Mar 05, 2025 at 07:48:42PM -0800, Yi Liu wrote:
> The current implementation of iommufd_device_do_replace() implicitly
> assumes that the input device has already been attached. However, there
> is no explicit check to verify this assumption. If another device within
> the same group has been attached, the replace operation might succeed,
> but the input device itself may not have been attached yet.
>
> As a result, the input device might not be tracked in the
> igroup->device_list, and its reserved IOVA might not be added. Despite
> this, the caller might incorrectly assume that the device has been
> successfully replaced, which could lead to unexpected behavior or errors.
>
> To address this issue, add a check to ensure that the input device has
> been attached before proceeding with the replace operation. This check
> will help maintain the integrity of the device tracking system and prevent
> potential issues arising from incorrect assumptions about the device's
> attachment status.
>
> Fixes: e88d4ec154a8 ("iommufd: Add iommufd_device_replace()")
> Cc: stable@xxxxxxxxxxxxxxx
> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>
> Signed-off-by: Yi Liu <yi.l.liu@xxxxxxxxx>
> ---
> Change log:
> v2:
> - Add r-b tag (Kevin)
> - Minor tweaks. I swarpped the order of is_attach check with the
> if (igroup->hwpt == NULL) check, hence no need to add WARN_ON.
>
> v1: https://lore.kernel.org/linux-iommu/20250304120754.12450-1-yi.l.liu@xxxxxxxxx/
> ---
> drivers/iommu/iommufd/device.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
Applied, I don't think I will do a -rc pull this cycle just for this
one patch, it does not seem critical but if you think otherwise let
me know
Jason
