Re: [PATCH] iommu/amd: Convert from atomic_t to refcount_t on device_state->count

___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu

[PATCH] iommu/amd: Convert from atomic_t to refcount_t on pasid_state->count

refcount_t type and corresponding API can protect refcounters from accidental underflow and overflow and further use-after-free situations. Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan --- drivers/iommu/amd/iommu_v2.c | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff

[PATCH] iommu/amd: Convert from atomic_t to refcount_t on device_state->count

refcount_t type and corresponding API can protect refcounters from accidental underflow and overflow and further use-after-free situations. Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan --- drivers/iommu/amd/iommu_v2.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --

Re: Re: [PATCH] iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails

Thanks for your advice, I'll send a v2 patch soon. > -Original Messages- > From: "Robin Murphy" > Sent Time: 2021-06-09 22:12:11 (Wednesday) > To: "Xiyu Yang" , "Will Deacon" , > "Joerg Roedel" , "Nicolin Chen" , > "Bjorn Andersson" , "Krishna Reddy" > , "Jordan Crouse" , "Sai Praka

[PATCH v2] iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails

arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less than 0. The reference counting issue happens in some error handling paths of arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get() fails, the caller funct

[PATCH v2] iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation

The reference counting issue happens in several exception handling paths of arm_smmu_iova_to_phys_hard(). When those error scenarios occur, the function forgets to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by jumping to "out" label whe

[PATCH] iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation

arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less than 0. The reference counting issue happens in several exception handling paths of arm_smmu_iova_to_phys_hard(). When those error scenarios occur, the function forgets

[PATCH] iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails

arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less than 0. The reference counting issue happens in some error handling paths of arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get() fails, the caller funct