Re: [PATCH v6 3/6] vfio/pci: Add PCIe TPH interface with capability query

All of lore.kernel.org
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: "Chengwen Feng" <fengchengwen@huawei.com>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH v6 3/6] vfio/pci: Add PCIe TPH interface with capability query
Date: Wed, 06 May 2026 18:48:40 +0000	[thread overview]
Message-ID: <20260506184841.34EE6C2BCB0@smtp.kernel.org> (raw)
In-Reply-To: <20260506094623.29327-4-fengchengwen@huawei.com>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] The VFIO_DEVICE_PCI_TPH IOCTL reads PCI configuration space without ensuring the device is runtime resumed, potentially reporting bogus capabilities and causing hardware errors.
--

commit c1b7fcc4c0c41ea45b0bcdd16ef1d416fcc244c3
Author: Chengwen Feng <fengchengwen@huawei.com>

vfio/pci: Add PCIe TPH interface with capability query

This commit adds the VFIO_DEVICE_PCI_TPH IOCTL to allow userspace to query
device TPH capabilities. It also introduces a module parameter to restrict
unsafe device-specific TPH mode to trusted userspace.

> diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
> index 3f8d093aacf8a..d98d04bad4a39 100644
> --- a/drivers/vfio/pci/vfio_pci_core.c
> +++ b/drivers/vfio/pci/vfio_pci_core.c
[ ... ]
> @@ -1461,6 +1463,53 @@ static int vfio_pci_ioctl_ioeventfd(struct vfio_pci_core_device *vdev,
>  				  ioeventfd.fd);
>  }
>  
> +static int vfio_pci_tph_get_cap(struct vfio_pci_core_device *vdev,
> +				struct vfio_device_pci_tph_op *op,
> +				void __user *uarg)
> +{
> +	struct pci_dev *pdev = vdev->pdev;
> +	u8 mode = pcie_tph_get_st_modes(pdev);

Does this ioctl need to ensure the device is runtime resumed before reading
its configuration space?

If the device is in a low-power state (like D3cold), won't the configuration
reads in pcie_tph_get_st_modes() return 0xFFFFFFFF?

This could cause the kernel to falsely report that all TPH modes are
supported and advertise an incorrect ST table size.

Should this handler (or vfio_pci_ioctl_tph) call
pm_runtime_resume_and_get() before invoking hardware-touching operations,
and pm_runtime_put() afterward?

> +	struct vfio_pci_tph_cap cap = {0};
> +
> +	if (op->argsz < offsetof(struct vfio_device_pci_tph_op, cap) +
> +			sizeof(struct vfio_pci_tph_cap))
> +		return -EINVAL;
> +
> +	if (mode == 0 || mode == PCI_TPH_CAP_ST_NS)
> +		return -EOPNOTSUPP;
[ ... ]

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260506094623.29327-1-fengchengwen@huawei.com?part=3

next prev parent reply	other threads:[~2026-05-06 18:48 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-06  9:46 [PATCH v6 0/6] vfio/pci: Add PCIe TPH support Chengwen Feng
2026-05-06  9:46 ` [PATCH v6 1/6] PCI/TPH: Fix pcie_tph_get_st_table_loc() field extraction Chengwen Feng
2026-05-06 15:54   ` Bjorn Helgaas
2026-05-13  7:01     ` Leon Romanovsky
2026-05-06  9:46 ` [PATCH v6 2/6] PCI/TPH: Export pcie_tph_get_st_modes() for external use Chengwen Feng
2026-05-06 12:39   ` sashiko-bot
2026-05-06  9:46 ` [PATCH v6 3/6] vfio/pci: Add PCIe TPH interface with capability query Chengwen Feng
2026-05-06 18:48   ` sashiko-bot [this message]
2026-05-06  9:46 ` [PATCH v6 4/6] vfio/pci: Add PCIe TPH enable/disable support Chengwen Feng
2026-05-06 19:21   ` sashiko-bot
2026-05-06  9:46 ` [PATCH v6 5/6] vfio/pci: Add PCIe TPH GET_ST interface Chengwen Feng
2026-05-06 19:57   ` sashiko-bot
2026-05-06  9:46 ` [PATCH v6 6/6] vfio/pci: Add PCIe TPH SET_ST interface Chengwen Feng
2026-05-06 20:22   ` sashiko-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260506184841.34EE6C2BCB0@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=fengchengwen@huawei.com \
    --cc=linux-pci@vger.kernel.org \
    --cc=sashiko@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.