From: sashiko-bot@kernel.org
To: "Chengwen Feng" <fengchengwen@huawei.com>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH v10 3/5] PCI/TPH: Add pcie_tph_enabled_mode() helper
Date: Fri, 15 May 2026 10:49:39 +0000 [thread overview]
Message-ID: <20260515104940.79D6BC2BCB0@smtp.kernel.org> (raw)
In-Reply-To: <20260515094040.38496-4-fengchengwen@huawei.com>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [Medium] The pcie_tph_enabled_mode() helper returns 0 both when TPH is disabled and when it is actively enabled in No ST Mode, causing an unresolvable API ambiguity.
- [Medium] Lockless multi-variable read of TPH state without memory barriers leads to inconsistent state and TOCTOU vulnerabilities.
--
commit 1855ec2d0c286906dabaf853860c8045f63a2d5f
Author: Chengwen Feng <fengchengwen@huawei.com>
PCI/TPH: Add pcie_tph_enabled_mode() helper
Add a helper to query enabled TPH mode on a PCI device. This is useful for
drivers like VFIO-PCI that need to validate TPH state before allowing
access to steering tag tables.
> diff --git a/drivers/pci/tph.c b/drivers/pci/tph.c
> index ba31b010f67ad..91c1e83410a3e 100644
> --- a/drivers/pci/tph.c
> +++ b/drivers/pci/tph.c
[ ... ]
> @@ -451,6 +451,18 @@ int pcie_enable_tph(struct pci_dev *pdev, int mode)
> }
> EXPORT_SYMBOL(pcie_enable_tph);
>
> +/**
> + * pcie_tph_enabled_mode - Get current enabled TPH mode
> + * @pdev: PCI device
> + *
> + * Return the enabled TPH mode (IV/DS) or 0 if disabled.
> + */
> +int pcie_tph_enabled_mode(struct pci_dev *pdev)
> +{
> + return pdev->tph_enabled ? pdev->tph_mode : 0;
Will this return value be ambiguous when TPH is enabled in No ST Mode?
Since No ST Mode (PCI_TPH_ST_NS_MODE) is defined as 0x0, returning 0 when
disabled makes it impossible for a caller to distinguish between TPH being
completely disabled and TPH being actively enabled in No ST Mode.
Could this return a negative error code (such as -ENODATA or -EINVAL) when
TPH is disabled, to avoid collisions with valid mode values?
Also, can this lockless read of pdev->tph_enabled and pdev->tph_mode see
an inconsistent state if pcie_enable_tph() runs concurrently?
For example, if VFIO allows userspace to trigger pcie_enable_tph()
concurrently with querying the enabled mode, could the CPU or compiler
reorder the load of pdev->tph_mode before pdev->tph_enabled?
This might result in seeing tph_enabled == 1 but an old or uninitialized
value for tph_mode.
> +}
> +EXPORT_SYMBOL(pcie_tph_enabled_mode);
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260515094040.38496-1-fengchengwen@huawei.com?part=3
next prev parent reply other threads:[~2026-05-15 10:49 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-15 9:40 [PATCH v10 0/5] vfio/pci: Add PCIe TPH support Chengwen Feng
2026-05-15 9:40 ` [PATCH v10 1/5] PCI/TPH: Fix pcie_tph_get_st_table_loc() field extraction Chengwen Feng
2026-05-15 10:01 ` sashiko-bot
2026-05-15 9:40 ` [PATCH v10 2/5] PCI/TPH: Export pcie_tph_get_st_modes() for external use Chengwen Feng
2026-05-15 9:40 ` [PATCH v10 3/5] PCI/TPH: Add pcie_tph_enabled_mode() helper Chengwen Feng
2026-05-15 10:49 ` sashiko-bot [this message]
2026-05-15 9:40 ` [PATCH v10 4/5] vfio/pci: Add PCIe TPH configuration space virtualization Chengwen Feng
2026-05-15 11:26 ` sashiko-bot
2026-05-15 9:40 ` [PATCH v10 5/5] vfio/pci: Add VFIO_DEVICE_FEATURE_TPH_ST for TPH ST entry management Chengwen Feng
2026-05-15 11:45 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260515104940.79D6BC2BCB0@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=fengchengwen@huawei.com \
--cc=linux-pci@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.