[PATCH OLK-5.10] iommu/amd: move wait_on_sem() out of spinlock
From: Ankit Soni <Ankit.Soni@amd.com> mainline inclusion from mainline-v7.0-rc1 commit d2a0cac10597068567d336e85fa3cbdbe8ca62bf category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14797 CVE: CVE-2026-43253 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- With iommu.strict=1, the existing completion wait path can cause soft lockups under stressed environment, as wait_on_sem() busy-waits under the spinlock with interrupts disabled. Move the completion wait in iommu_completion_wait() out of the spinlock. wait_on_sem() only polls the hardware-updated cmd_sem and does not require iommu->lock, so holding the lock during the busy wait unnecessarily increases contention and extends the time with interrupts disabled. Signed-off-by: Ankit Soni <Ankit.Soni@amd.com> Reviewed-by: Vasant Hegde <vasant.hegde@amd.com> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Conflicts: drivers/iommu/amd/iommu.c [commit 1ce018df87640 not merged] Signed-off-by: Zhang Yuwei <zhangyuwei20@huawei.com> --- drivers/iommu/amd/iommu.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c index ae63eb3fe3d0..c141f98465b7 100644 --- a/drivers/iommu/amd/iommu.c +++ b/drivers/iommu/amd/iommu.c @@ -882,7 +882,12 @@ static int wait_on_sem(struct amd_iommu *iommu, u64 data) { int i = 0; - while (*iommu->cmd_sem != data && i < LOOP_TIMEOUT) { + /* + * cmd_sem holds a monotonically non-decreasing completion sequence + * number. + */ + while ((__s64)(READ_ONCE(*iommu->cmd_sem) - data) < 0 && + i < LOOP_TIMEOUT) { udelay(1); i += 1; } @@ -1143,14 +1148,13 @@ static int iommu_completion_wait(struct amd_iommu *iommu) build_completion_wait(&cmd, iommu, data); ret = __iommu_queue_command_sync(iommu, &cmd, false); + raw_spin_unlock_irqrestore(&iommu->lock, flags); + if (ret) - goto out_unlock; + return ret; ret = wait_on_sem(iommu, data); -out_unlock: - raw_spin_unlock_irqrestore(&iommu->lock, flags); - return ret; } -- 2.22.0
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://atomgit.com/openeuler/kernel/merge_requests/23752 邮件列表地址:https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/7BG... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://atomgit.com/openeuler/kernel/merge_requests/23752 Mailing list address: https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/7BG...
participants (2)
-
patchwork bot -
Zhang Yuwei