[3.13.y.z extended stable] Patch "iommu/amd: Fix cleanup_domain for mass device removal" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Tue Sep 30 21:29:26 UTC 2014

    iommu/amd: Fix cleanup_domain for mass device removal

>From 1ded23e654cb0b333068ebfc95cda46e90e16934 Mon Sep 17 00:00:00 2001
From: Joerg Roedel <jroedel at suse.de>
Date: Tue, 5 Aug 2014 17:50:15 +0200
Subject: iommu/amd: Fix cleanup_domain for mass device removal

commit 9b29d3c6510407d91786c1cf9183ff4debb3473a upstream.

When multiple devices are detached in __detach_device, they
are also removed from the domains dev_list. This makes it
unsafe to use list_for_each_entry_safe, as the next pointer
might also not be in the list anymore after __detach_device
returns. So just repeatedly remove the first element of the
list until it is empty.

Tested-by: Marti Raudsepp <marti at juffo.org>
Signed-off-by: Joerg Roedel <jroedel at suse.de>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
 drivers/iommu/amd_iommu.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 76e579a..1d3e371 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -3227,14 +3227,16 @@ free_domains:

 static void cleanup_domain(struct protection_domain *domain)
-	struct iommu_dev_data *dev_data, *next;
+	struct iommu_dev_data *entry;
 	unsigned long flags;

 	write_lock_irqsave(&amd_iommu_devtable_lock, flags);

-	list_for_each_entry_safe(dev_data, next, &domain->dev_list, list) {
-		__detach_device(dev_data);
-		atomic_set(&dev_data->bind, 0);
+	while (!list_empty(&domain->dev_list)) {
+		entry = list_first_entry(&domain->dev_list,
+					 struct iommu_dev_data, list);
+		__detach_device(entry);
+		atomic_set(&entry->bind, 0);

 	write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);

