On Sat, 12 Oct 2024 at 12:49, Nicolin Chen nicolinc@nvidia.com wrote:
On Sat, Oct 12, 2024 at 11:23:07AM +0800, Zhangfei Gao wrote:
diff --git a/drivers/iommu/iommufd/viommu_api.c b/drivers/iommu/iommufd/viommu_api.c new file mode 100644 index 000000000000..c1731f080d6b --- /dev/null +++ b/drivers/iommu/iommufd/viommu_api.c @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Copyright (c) 2024, NVIDIA CORPORATION & AFFILIATES
- */
+#include "iommufd_private.h"
+struct iommufd_object *iommufd_object_alloc_elm(struct iommufd_ctx *ictx,
size_t size,
enum iommufd_object_type type)
+{
struct iommufd_object *obj;
int rc;
obj = kzalloc(size, GFP_KERNEL_ACCOUNT);
if (!obj)
return ERR_PTR(-ENOMEM);
obj->type = type;
/* Starts out bias'd by 1 until it is removed from the xarray */
refcount_set(&obj->shortterm_users, 1);
refcount_set(&obj->users, 1);
here set refcont 1
iommufd_device_bind -> iommufd_object_alloc(ictx, idev, IOMMUFD_OBJ_DEVICE): refcont -> 1 refcount_inc(&idev->obj.users); refcount -> 2 will cause iommufd_device_unbind fail.
May remove refcount_inc(&idev->obj.users) in iommufd_device_bind
Hmm, why would it fail? Or is it failing on your system?
Not sure, still in check, it may only be on my platform.
it hit iommufd_object_remove: if (WARN_ON(obj != to_destroy))
iommufd_device_bind refcount=2 iommufd_device_attach refcount=3 //still not sure which operation inc the count? iommufd_device_detach refcount=4
Thanks
This patch doesn't change the function but only moved it..
Thanks Nicolin