Re: [PATCH v4 05/11] iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit

[Jacob Pan]

Hi zhangfei.gao@xxxxxxxxxxx,

On Fri, 15 Apr 2022 19:52:03 +0800, "zhangfei.gao@xxxxxxxxxxx"
<zhangfei.gao@xxxxxxxxxxx> wrote:

> >>> A PASID might be still used even though it is freed on mm exit.
> >>>
> >>> process A:
> >>> 	sva_bind();
> >>> 	ioasid_alloc() = N; // Get PASID N for the mm
> >>> 	fork(): // spawn process B
> >>> 	exit();
> >>> 	ioasid_free(N);
> >>>
> >>> process B:
> >>> 	device uses PASID N -> failure
> >>> 	sva_unbind();
> >>>
> >>> Dave Hansen suggests to take a refcount on the mm whenever binding the
> >>> PASID to a device and drop the refcount on unbinding. The mm won't be
> >>> dropped if the PASID is still bound to it.
> >>>
> >>> Fixes: 701fac40384f ("iommu/sva: Assign a PASID to mm on PASID
> >>> allocation and free it on mm exit")
> >>>
Is process A's mm intended to be used by process B? Or you really should
use PASID N on process B's mm? If the latter, it may work for a while until
B changes mapping.

It seems you are just extending the life of a defunct mm?

Thanks,

Jacob