On 5/15/24 4:37 PM, Tian, Kevin wrote:
+ iopf_free_group(group);
+ done += response_size;
+
+ iommufd_put_object(fault->ictx, &idev->obj);
get/put is unpaired:
if (!idev || idev->obj.id != response.dev_id)
idev = iommufd_get_object();
...
iommufd_put_object(idev);
The intention might be reusing idev if multiple fault responses are
for a same idev. But idev is always put in each iteration then following
messages will access the idev w/o holding the reference.
Good catch. Let me fix it by putting the response queue in the fault
object.
Best regards,
baolu
