On Tue, Jun 03, 2025 at 02:20:51PM +0800, Xu Yilun wrote: > > Wouldn’t it be simpler to skip the reference count increment altogether > > and just call tsm_unbind in the virtual device’s destroy callback? > > (iommufd_vdevice_destroy()) > > The vdevice refcount is the main concern, there is also an IOMMU_DESTROY > ioctl. User could just free the vdevice instance if no refcount, while VFIO > is still in bound state. That seems not the correct free order.
Freeing the vdevice should automatically unbind it.. Jason
