>> @@ -854,15 +857,29 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
>> if (dma->task->mm != current->mm)
>> break;
>> unmapped += dma->size;
>> +
>> + mutex_unlock(&iommu->lock);
>> + if (iommu->external_domain && !RB_EMPTY_ROOT(&dma->pfn_list)) {
>> + struct vfio_iommu_type1_dma_unmap nb_unmap;
>> +
>> + nb_unmap.iova = dma->iova;
>> + nb_unmap.size = dma->size;
>> + blocking_notifier_call_chain(&iommu->notifier,
>> + VFIO_IOMMU_NOTIFY_DMA_UNMAP,
>> + &nb_unmap);
>> +
>> + if (WARN_ON(!RB_EMPTY_ROOT(&dma->pfn_list)))
>> + goto unmap_exit;
>> + }
>> + mutex_lock(&iommu->lock);
>
> Why are the mutexes pushed out so far, we are referencing way too much
> stuff outside of the mutex here. The notifier head has its own
> semaphore, so we should be able to squeeze the mutex opening to just
> around the notifier call, in which case we only worry about the iommu
> itself going way.
>
Right. Updating.
Thanks,
Kirti
