qemu/backends-iommufd-Remove-mutex.patch

From 1e6734af14b3223a7d7e304262c96051ddf8637f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
Date: Thu, 21 Dec 2023 16:58:41 +0100
Subject: [PATCH] backends/iommufd: Remove mutex
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Coverity reports a concurrent data access violation because be->users
is being accessed in iommufd_backend_can_be_deleted() without holding
the mutex.

However, these routines are called from the QEMU main thread when a
device is created. In this case, the code paths should be protected by
the BQL lock and it should be safe to drop the IOMMUFD backend mutex.
Simply remove it.

Fixes: CID 1531550
Fixes: CID 1531549
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 backends/iommufd.c       | 7 -------
 include/sysemu/iommufd.h | 2 --
 2 files changed, 9 deletions(-)

diff --git a/backends/iommufd.c b/backends/iommufd.c
index f17a846aab..3cbf11fc8b 100644
--- a/backends/iommufd.c
+++ b/backends/iommufd.c
@@ -30,7 +30,6 @@ static void iommufd_backend_init(Object *obj)
     be->fd = -1;
     be->users = 0;
     be->owned = true;
-    qemu_mutex_init(&be->lock);
 }
 
 static void iommufd_backend_finalize(Object *obj)
@@ -53,10 +52,8 @@ static void iommufd_backend_set_fd(Object *obj, const char *str, Error **errp)
         error_prepend(errp, "Could not parse remote object fd %s:", str);
         return;
     }
-    qemu_mutex_lock(&be->lock);
     be->fd = fd;
     be->owned = false;
-    qemu_mutex_unlock(&be->lock);
     trace_iommu_backend_set_fd(be->fd);
 }
 
@@ -80,7 +77,6 @@ int iommufd_backend_connect(IOMMUFDBackend *be, Error **errp)
 {
     int fd, ret = 0;
 
-    qemu_mutex_lock(&be->lock);
     if (be->owned && !be->users) {
         fd = qemu_open_old("/dev/iommu", O_RDWR);
         if (fd < 0) {
@@ -94,13 +90,11 @@ int iommufd_backend_connect(IOMMUFDBackend *be, Error **errp)
 out:
     trace_iommufd_backend_connect(be->fd, be->owned,
                                   be->users, ret);
-    qemu_mutex_unlock(&be->lock);
     return ret;
 }
 
 void iommufd_backend_disconnect(IOMMUFDBackend *be)
 {
-    qemu_mutex_lock(&be->lock);
     if (!be->users) {
         goto out;
     }
@@ -111,7 +105,6 @@ void iommufd_backend_disconnect(IOMMUFDBackend *be)
     }
 out:
     trace_iommufd_backend_disconnect(be->fd, be->users);
-    qemu_mutex_unlock(&be->lock);
 }
 
 int iommufd_backend_alloc_ioas(IOMMUFDBackend *be, uint32_t *ioas_id,
diff --git a/include/sysemu/iommufd.h b/include/sysemu/iommufd.h
index 29afaa429d..908c94d811 100644
--- a/include/sysemu/iommufd.h
+++ b/include/sysemu/iommufd.h
@@ -15,7 +15,6 @@
 #define SYSEMU_IOMMUFD_H
 
 #include "qom/object.h"
-#include "qemu/thread.h"
 #include "exec/hwaddr.h"
 #include "exec/cpu-common.h"
 #include "sysemu/host_iommu_device.h"
@@ -33,7 +32,6 @@ struct IOMMUFDBackend {
     /*< protected >*/
     int fd;            /* /dev/iommu file descriptor */
     bool owned;        /* is the /dev/iommu opened internally */
-    QemuMutex lock;
     uint32_t users;
 
     /*< public >*/
-- 
2.41.0.windows.1
QEMU update to version 8.2.0-32: - target/i386: csv: Release CSV3 shared pages after unmapping DMA - target/i386: Add new CPU model ClearwaterForest - target/i386: add sha512, sm3, sm4 feature bits - docs: Add GNR, SRF and CWF CPU models - target/i386: Export BHI_NO bit to guests - target/i386: Introduce SierraForest-v2 model - vdpa/iommufd:Implement DMA mapping through the iommufd interface - vdpa/iommufd:Introduce vdpa-iommufd module - vdpa/iommufd:support associating iommufd backend for vDPA devices - Kconfig/iommufd/VDPA: Update IOMMUFD module configuration dependencies The vDPA module can also use IOMMUFD like the VFIO module. - backends/iommufd: Get rid of qemu_open_old() - backends/iommufd: Make iommufd_backend_*() return bool - backends/iommufd: Fix missing ERRP_GUARD() for error_prepend() - backends/iommufd: Remove mutex - backends/iommufd: Remove check on number of backend users - hw/intc: Add extioi ability of 256 vcpu interrupt routing - hw/rtc: Fixed loongson rtc emulation errors - hw/loongarch/boot: Adjust the loading position of the initrd - target/loongarch: Fix the cpu unplug resource leak - target/loongarch: fix vcpu reset command word issue - vdpa:Fix dirty page bitmap synchronization not done after suspend for vdpa devices Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit a5212066e7516ff2a316e1b2feaa75dd5ee4d17a) 2025-05-15 15:38:13 +08:00			`From 1e6734af14b3223a7d7e304262c96051ddf8637f Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>`
			`Date: Thu, 21 Dec 2023 16:58:41 +0100`
			`Subject: [PATCH] backends/iommufd: Remove mutex`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`Coverity reports a concurrent data access violation because be->users`
			`is being accessed in iommufd_backend_can_be_deleted() without holding`
			`the mutex.`

			`However, these routines are called from the QEMU main thread when a`
			`device is created. In this case, the code paths should be protected by`
			`the BQL lock and it should be safe to drop the IOMMUFD backend mutex.`
			`Simply remove it.`

			`Fixes: CID 1531550`
			`Fixes: CID 1531549`
			`Reviewed-by: Eric Auger <eric.auger@redhat.com>`
			`Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>`
			`Signed-off-by: Cédric Le Goater <clg@redhat.com>`
			`---`
			`backends/iommufd.c \| 7 -------`
			`include/sysemu/iommufd.h \| 2 --`
			`2 files changed, 9 deletions(-)`

			`diff --git a/backends/iommufd.c b/backends/iommufd.c`
			`index f17a846aab..3cbf11fc8b 100644`
			`--- a/backends/iommufd.c`
			`+++ b/backends/iommufd.c`
			`@@ -30,7 +30,6 @@ static void iommufd_backend_init(Object *obj)`
			`be->fd = -1;`
			`be->users = 0;`
			`be->owned = true;`
			`- qemu_mutex_init(&be->lock);`
			`}`

			`static void iommufd_backend_finalize(Object *obj)`
			`@@ -53,10 +52,8 @@ static void iommufd_backend_set_fd(Object obj, const char str, Error **errp)`
			`error_prepend(errp, "Could not parse remote object fd %s:", str);`
			`return;`
			`}`
			`- qemu_mutex_lock(&be->lock);`
			`be->fd = fd;`
			`be->owned = false;`
			`- qemu_mutex_unlock(&be->lock);`
			`trace_iommu_backend_set_fd(be->fd);`
			`}`

			`@@ -80,7 +77,6 @@ int iommufd_backend_connect(IOMMUFDBackend be, Error *errp)`
			`{`
			`int fd, ret = 0;`

			`- qemu_mutex_lock(&be->lock);`
			`if (be->owned && !be->users) {`
			`fd = qemu_open_old("/dev/iommu", O_RDWR);`
			`if (fd < 0) {`
			`@@ -94,13 +90,11 @@ int iommufd_backend_connect(IOMMUFDBackend be, Error *errp)`
			`out:`
			`trace_iommufd_backend_connect(be->fd, be->owned,`
			`be->users, ret);`
			`- qemu_mutex_unlock(&be->lock);`
			`return ret;`
			`}`

			`void iommufd_backend_disconnect(IOMMUFDBackend *be)`
			`{`
			`- qemu_mutex_lock(&be->lock);`
			`if (!be->users) {`
			`goto out;`
			`}`
			`@@ -111,7 +105,6 @@ void iommufd_backend_disconnect(IOMMUFDBackend *be)`
			`}`
			`out:`
			`trace_iommufd_backend_disconnect(be->fd, be->users);`
			`- qemu_mutex_unlock(&be->lock);`
			`}`

			`int iommufd_backend_alloc_ioas(IOMMUFDBackend be, uint32_t ioas_id,`
			`diff --git a/include/sysemu/iommufd.h b/include/sysemu/iommufd.h`
			`index 29afaa429d..908c94d811 100644`
			`--- a/include/sysemu/iommufd.h`
			`+++ b/include/sysemu/iommufd.h`
			`@@ -15,7 +15,6 @@`
			`#define SYSEMU_IOMMUFD_H`

			`#include "qom/object.h"`
			`-#include "qemu/thread.h"`
			`#include "exec/hwaddr.h"`
			`#include "exec/cpu-common.h"`
			`#include "sysemu/host_iommu_device.h"`
			`@@ -33,7 +32,6 @@ struct IOMMUFDBackend {`
			`/< protected >/`
			`int fd; /* /dev/iommu file descriptor */`
			`bool owned; /* is the /dev/iommu opened internally */`
			`- QemuMutex lock;`
			`uint32_t users;`

			`/< public >/`
			`--`
			`2.41.0.windows.1`