[PATCH 3.13 022/103] iommu/amd: Fix cleanup_domain for mass device removal

Kamal Mostafa kamal at canonical.com
Tue Sep 30 21:30:27 UTC 2014 -stable review patch.  If anyone has any objections, please let me know.


From: Joerg Roedel <jroedel at suse.de>

commit 9b29d3c6510407d91786c1cf9183ff4debb3473a upstream.

When multiple devices are detached in __detach_device, they
are also removed from the domains dev_list. This makes it
unsafe to use list_for_each_entry_safe, as the next pointer
might also not be in the list anymore after __detach_device
returns. So just repeatedly remove the first element of the
list until it is empty.

Tested-by: Marti Raudsepp <marti at juffo.org>
Signed-off-by: Joerg Roedel <jroedel at suse.de>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
 drivers/iommu/amd_iommu.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 76e579a..1d3e371 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -3227,14 +3227,16 @@ free_domains:
 static void cleanup_domain(struct protection_domain *domain)
-	struct iommu_dev_data *dev_data, *next;
+	struct iommu_dev_data *entry;
 	unsigned long flags;
 	write_lock_irqsave(&amd_iommu_devtable_lock, flags);
-	list_for_each_entry_safe(dev_data, next, &domain->dev_list, list) {
-		__detach_device(dev_data);
-		atomic_set(&dev_data->bind, 0);
+	while (!list_empty(&domain->dev_list)) {
+		entry = list_first_entry(&domain->dev_list,
+					 struct iommu_dev_data, list);
+		__detach_device(entry);
+		atomic_set(&entry->bind, 0);
 	write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);

More information about the kernel-team mailing list