iommufd: Fix locking around hwpt allocation

[ Upstream commit 31422dff187b243c58f3a97d16bbe9e9ada639fe ]

Due to the auto_domains mechanism the ioas->mutex must be held until
the hwpt is completely setup by iommufd_object_abort_and_destroy() or
iommufd_object_finalize().

This prevents a concurrent iommufd_device_auto_get_domain() from seeing
an incompletely initialized object through the ioas->hwpt_list.

To make this more consistent move the unlock until after finalize.

Fixes: e8d57210035b ("iommufd: Add kAPI toward external drivers for physical devices")
Link: https://lore.kernel.org/r/11-v8-6659224517ea+532-iommufd_alloc_jgg@nvidia.com
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Tested-by: Nicolin Chen <nicolinc@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c
index ed2937a4e196f6b2967d80b4901c5bc3d731e880..2e43ebf1a2b5c5236a707669e35780839d64524c 100644 (file)
--- a/drivers/iommu/iommufd/device.c
+++ b/drivers/iommu/iommufd/device.c
@@ -298,8 +298,8 @@ static int iommufd_device_auto_get_domain(struct iommufd_device *idev,
        }
        hwpt->auto_domain = true;
 
-       mutex_unlock(&ioas->mutex);
        iommufd_object_finalize(idev->ictx, &hwpt->obj);
+       mutex_unlock(&ioas->mutex);
        return 0;
 out_unlock:
        mutex_unlock(&ioas->mutex);