| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f8d1619917f105ec805b212af9e940aa73925b70.camel@linux.ibm.com>
Date: Tue, 21 Oct 2025 14:49:27 +0200
From: Niklas Schnelle <schnelle@...ux.ibm.com>
To: Farhan Ali <alifm@...ux.ibm.com>, linux-s390@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org
Cc: helgaas@...nel.org, stable@...r.kernel.org, mjrosato@...ux.ibm.com,
Benjamin Block <bblock@...ux.ibm.com>
Subject: Re: [PATCH v1 1/3] PCI: Allow per function PCI slots
On Mon, 2025-10-20 at 12:01 -0700, Farhan Ali wrote:
> On s390 systems, which use a machine level hypervisor, PCI devices are
> always accessed through a form of PCI pass-through which fundamentally
> operates on a per PCI function granularity. This is also reflected in the
> s390 PCI hotplug driver which creates hotplug slots for individual PCI
> functions. Its reset_slot() function, which is a wrapper for
> zpci_hot_reset_device(), thus also resets individual functions.
>
> Currently, the kernel's PCI_SLOT() macro assigns the same pci_slot object
> to multifunction devices. This approach worked fine on s390 systems that
> only exposed virtual functions as individual PCI domains to the operating
> system. Since commit 44510d6fa0c0 ("s390/pci: Handling multifunctions")
> s390 supports exposing the topology of multifunction PCI devices by
> grouping them in a shared PCI domain. When attempting to reset a function
> through the hotplug driver, the shared slot assignment causes the wrong
> function to be reset instead of the intended one. It also leaks memory as
> we do create a pci_slot object for the function, but don't correctly free
> it in pci_slot_release().
>
> Add a flag for struct pci_slot to allow per function PCI slots for
> functions managed through a hypervisor, which exposes individual PCI
> functions while retaining the topology.
>
> Fixes: 44510d6fa0c0 ("s390/pci: Handling multifunctions")
> Cc: stable@...r.kernel.org
> Suggested-by: Niklas Schnelle <schnelle@...ux.ibm.com>
> Reviewed-by: Benjamin Block <bblock@...ux.ibm.com>
> Signed-off-by: Farhan Ali <alifm@...ux.ibm.com>
> ---
> drivers/pci/hotplug/s390_pci_hpc.c | 10 ++++++++--
> drivers/pci/pci.c | 5 +++--
> drivers/pci/slot.c | 14 +++++++++++---
> include/linux/pci.h | 1 +
> 4 files changed, 23 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c
> index d9996516f49e..8b547de464bf 100644
> --- a/drivers/pci/hotplug/s390_pci_hpc.c
> +++ b/drivers/pci/hotplug/s390_pci_hpc.c
> @@ -126,14 +126,20 @@ static const struct hotplug_slot_ops s390_hotplug_slot_ops = {
>
> int zpci_init_slot(struct zpci_dev *zdev)
> {
> + int ret;
> char name[SLOT_NAME_SIZE];
> struct zpci_bus *zbus = zdev->zbus;
>
> zdev->hotplug_slot.ops = &s390_hotplug_slot_ops;
>
> snprintf(name, SLOT_NAME_SIZE, "%08x", zdev->fid);
> - return pci_hp_register(&zdev->hotplug_slot, zbus->bus,
> - zdev->devfn, name);
> + ret = pci_hp_register(&zdev->hotplug_slot, zbus->bus,
> + zdev->devfn, name);
> + if (ret)
> + return ret;
> +
> + zdev->hotplug_slot.pci_slot->per_func_slot = 1;
I think the way this works is a bit odd. Due to the order of setting
the flag pci_create_slot() in pci_hp_register() tries to match using
the wrong per_func_slot == 0. This doesn't really cause mismatches
though because the slot->number won't match the PCI_SLOT(dev->devfn)
except for the slot->number 0 where it is fine.
One way to improve(?) on this is to have a per_func_slot flag also in
the struct hotplug_slot and then copy it over into the newly created
struct pci_slot. But then we have this flag twice. Or maybe this really
should be an argument to pci_create_slot()?
Powered by blists - more mailing lists