| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aPvspDh6VJYjCjyS@lizhi-Precision-Tower-5810>
Date: Fri, 24 Oct 2025 17:16:20 -0400
From: Frank Li <Frank.li@....com>
To: Koichiro Den <den@...inux.co.jp>
Cc: ntb@...ts.linux.dev, linux-pci@...r.kernel.org,
linux-kernel@...r.kernel.org, jdmason@...zu.us,
dave.jiang@...el.com, allenbh@...il.com, mani@...nel.org,
kwilczynski@...nel.org, kishon@...nel.org, bhelgaas@...gle.com,
jbrunet@...libre.com, lpieralisi@...nel.org, yebin10@...wei.com,
geert+renesas@...der.be, arnd@...db.de
Subject: Re: [PATCH 3/6] PCI: endpoint: pci-epf-vntb: Remove duplicate
resource teardown
On Thu, Oct 23, 2025 at 04:17:54PM +0900, Koichiro Den wrote:
> epf_ntb_epc_destroy() duplicates the teardown that the caller is
> supposed to perform later. This leads to an oops when .allow_link fails
> or when .drop_link is performed. The following is an example oops of the
> former case:
>
> Unable to handle kernel paging request at virtual address dead000000000108
> [...]
> [dead000000000108] address between user and kernel address ranges
> Internal error: Oops: 0000000096000044 [#1] SMP
> [...]
> Call trace:
> pci_epc_remove_epf+0x78/0xe0 (P)
> pci_primary_epc_epf_link+0x88/0xa8
> configfs_symlink+0x1f4/0x5a0
> vfs_symlink+0x134/0x1d8
> do_symlinkat+0x88/0x138
> __arm64_sys_symlinkat+0x74/0xe0
> [...]
>
> Remove the helper, and drop pci_epc_put(). EPC device refcounting is
> tied to the configfs EPC group lifetime, and pci_epc_put() in the
> .drop_link path is sufficient.
>
> Cc: <stable@...r.kernel.org>
> Fixes: e35f56bb0330 ("PCI: endpoint: Support NTB transfer between RC and EP")
> Signed-off-by: Koichiro Den <den@...inux.co.jp>
Reviewed-by: Frank Li <Frank.Li@....com>
> ---
> drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 +------------------
> 1 file changed, 1 insertion(+), 18 deletions(-)
>
> diff --git a/drivers/pci/endpoint/functions/pci-epf-vntb.c b/drivers/pci/endpoint/functions/pci-epf-vntb.c
> index 83e9ab10f9c4..49ce5d4b0ee5 100644
> --- a/drivers/pci/endpoint/functions/pci-epf-vntb.c
> +++ b/drivers/pci/endpoint/functions/pci-epf-vntb.c
> @@ -644,19 +644,6 @@ static void epf_ntb_mw_bar_clear(struct epf_ntb *ntb, int num_mws)
> }
> }
>
> -/**
> - * epf_ntb_epc_destroy() - Cleanup NTB EPC interface
> - * @ntb: NTB device that facilitates communication between HOST and VHOST
> - *
> - * Wrapper for epf_ntb_epc_destroy_interface() to cleanup all the NTB interfaces
> - */
> -static void epf_ntb_epc_destroy(struct epf_ntb *ntb)
> -{
> - pci_epc_remove_epf(ntb->epf->epc, ntb->epf, 0);
> - pci_epc_put(ntb->epf->epc);
> -}
> -
> -
> /**
> * epf_ntb_is_bar_used() - Check if a bar is used in the ntb configuration
> * @ntb: NTB device that facilitates communication between HOST and VHOST
> @@ -1406,7 +1393,7 @@ static int epf_ntb_bind(struct pci_epf *epf)
> ret = epf_ntb_init_epc_bar(ntb);
> if (ret) {
> dev_err(dev, "Failed to create NTB EPC\n");
> - goto err_bar_init;
> + return ret;
> }
>
> ret = epf_ntb_config_spad_bar_alloc(ntb);
> @@ -1446,9 +1433,6 @@ static int epf_ntb_bind(struct pci_epf *epf)
> err_bar_alloc:
> epf_ntb_config_spad_bar_free(ntb);
>
> -err_bar_init:
> - epf_ntb_epc_destroy(ntb);
> -
> return ret;
> }
>
> @@ -1464,7 +1448,6 @@ static void epf_ntb_unbind(struct pci_epf *epf)
>
> epf_ntb_epc_cleanup(ntb);
> epf_ntb_config_spad_bar_free(ntb);
> - epf_ntb_epc_destroy(ntb);
>
> pci_unregister_driver(&vntb_pci_driver);
> }
> --
> 2.48.1
>
Powered by blists - more mailing lists