RE: [PATCH v3 1/5] iommu: Lock group->mutex in iommu_deferred_attach
From: Tian, Kevin
Date: Fri Aug 15 2025 - 04:25:26 EST
> From: Nicolin Chen <nicolinc@xxxxxxxxxx>
> Sent: Tuesday, August 12, 2025 6:59 AM
>
> The iommu_deferred_attach() is a runtime asynchronous function called by
> iommu-dma function, which could race against other attach functions if it
> accesses something in the dev->iommu_group.
Is there a real racing scenario being observed or more theoretical?
If the former may need a Fix tag.
>
> So, grab the mutex to guard __iommu_attach_device() like other callers.
>
> Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Signed-off-by: Nicolin Chen <nicolinc@xxxxxxxxxx>
> ---
> drivers/iommu/iommu.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index 060ebe330ee16..1e0116bce0762 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -2144,10 +2144,17 @@ EXPORT_SYMBOL_GPL(iommu_attach_device);
>
> int iommu_deferred_attach(struct device *dev, struct iommu_domain
> *domain)
> {
> - if (dev->iommu && dev->iommu->attach_deferred)
> - return __iommu_attach_device(domain, dev);
> + /*
> + * This is called on the dma mapping fast path so avoid locking. This is
> + * racy, but we have an expectation that the driver will setup its
> DMAs
> + * inside probe while being single threaded to avoid racing.
> + */
> + if (!dev->iommu || !dev->iommu->attach_deferred)
> + return 0;
Is there any way to detect a driver breaking the expectation?
>
> - return 0;
> + guard(mutex)(&dev->iommu_group->mutex);
> +
> + return __iommu_attach_device(domain, dev);
> }
>
> void iommu_detach_device(struct iommu_domain *domain, struct device
> *dev)
> --
> 2.43.0