Commit 534103bc authored Jun 09, 2023 by Daniel Marcovitch Committed by Joerg Roedel Jul 14, 2023

iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind



When unbinding pasid - a race condition exists vs outstanding page faults.

To prevent this, the pasid_state object contains a refcount.
    * set to 1 on pasid bind
    * incremented on each ppr notification start
    * decremented on each ppr notification done
    * decremented on pasid unbind

Since refcount_dec assumes that refcount will never reach 0:
  the current implementation causes the following to be invoked on
  pasid unbind:
        REFCOUNT_WARN("decrement hit 0; leaking memory")

Fix this issue by changing refcount_dec to refcount_dec_and_test
to explicitly handle refcount=1.

Fixes: 8bc54824 ("iommu/amd: Convert from atomic_t to refcount_t on pasid_state->count")
Signed-off-by: Daniel Marcovitch <dmarcovitch@nvidia.com>
Signed-off-by: Vasant Hegde <vasant.hegde@amd.com>
Link: https://lore.kernel.org/r/20230609105146.7773-2-vasant.hegde@amd.com


Signed-off-by: Joerg Roedel <jroedel@suse.de>

parent 06c2afb8

drivers/iommu/amd/iommu_v2.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -262,7 +262,7 @@ static void put_pasid_state(struct pasid_state *pasid_state)

		static void put_pasid_state_wait(struct pasid_state *pasid_state)
		{
		refcount_dec(&pasid_state->count);
		if (!refcount_dec_and_test(&pasid_state->count))
		wait_event(pasid_state->wq, !refcount_read(&pasid_state->count));
		free_pasid_state(pasid_state);
		}