find_iova() looks to be using a bad locking practice: it locks the returned iova only for the search time. And looking in code, the element can be removed from the tree and freed under rbtree lock. That happens during memory hot-unplug and cleanup on module removal. Here I cleanup users of the function and delete it.
Dmitry Safonov (3): iommu/iova: Find and split iova under rbtree's lock iommu/iova: Make free_iova() atomic iommu/iova: Remove find_iova() drivers/iommu/intel-iommu.c | 14 +++---------- drivers/iommu/iova.c | 48 +++++++++++++++++---------------------------- include/linux/iova.h | 17 ++++------------ 3 files changed, 25 insertions(+), 54 deletions(-) -- 2.13.6 _______________________________________________ iommu mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/iommu
