RE: [PATCH v3 2/5] iommufd: Destroy vdevice on idevice destroy
From: Tian, Kevin
Date: Mon Jun 30 2025 - 02:28:55 EST
> From: Xu Yilun <yilun.xu@xxxxxxxxxxxxxxx>
> Sent: Friday, June 27, 2025 11:38 AM
>
> +static void iommufd_device_remove_vdev(struct iommufd_device *idev)
> +{
> + struct iommufd_vdevice *vdev;
> +
> + mutex_lock(&idev->igroup->lock);
> + /* vdev has been completely destroyed by userspace */
> + if (!idev->vdev)
> + goto out_unlock;
> +
> + vdev = iommufd_get_vdevice(idev->ictx, idev->vdev->obj.id);
> + if (IS_ERR(vdev)) {
> + /*
> + * vdev is removed from xarray by userspace, but is not
> + * destroyed/freed. Since iommufd_vdevice_abort() is
> reentrant,
> + * safe to destroy vdev here.
> + */
> + iommufd_vdevice_abort(&idev->vdev->obj);
> + goto out_unlock;
> + }
let's add a comment that vdev is still freed in iommufd_destroy()
in this situation.
> -void iommufd_vdevice_destroy(struct iommufd_object *obj)
> +void iommufd_vdevice_abort(struct iommufd_object *obj)
> {
> struct iommufd_vdevice *vdev =
> container_of(obj, struct iommufd_vdevice, obj);
> struct iommufd_viommu *viommu = vdev->viommu;
> + struct iommufd_device *idev = vdev->idev;
> +
> + lockdep_assert_held(&idev->igroup->lock);
> +
> + /*
> + * iommufd_vdevice_abort() could be reentrant, by
> + * iommufd_device_unbind() or by iommufd_destroy(). Cleanup only
> once.
> + */
> + if (!viommu)
> + return;
Just check idev->vdev, to be consistent with the other path.