From: sashiko-bot@kernel.org
To: "Krzysztof Wilczyński" <kwilczynski@kernel.org>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH v8 01/25] PCI/sysfs: Use PCI resource accessor macros
Date: Fri, 19 Jun 2026 09:09:02 +0000 [thread overview]
Message-ID: <20260619090903.302621F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260619085200.3729431-2-kwilczynski@kernel.org>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues:
- [High] Lockless access to the global `vga_default` pointer leads to a Use-After-Free.
--
commit be1111a7de2552597e9d80551a60eee90c47b957
Author: Krzysztof Wilczyński <kwilczynski@kernel.org>
PCI/sysfs: Use PCI resource accessor macros
Replace direct pdev->resource[] accesses with pci_resource_n(),
and pdev->resource[].flags accesses with pci_resource_flags().
No functional changes intended.
Tested-by: Shivaprasad G Bhat <sbhat@linux.ibm.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
> diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
> index d37860841260c..1fbc3daf87cc5 100644
> --- a/drivers/pci/pci-sysfs.c
> +++ b/drivers/pci/pci-sysfs.c
[ ... ]
> @@ -689,7 +689,7 @@ static ssize_t boot_vga_show(struct device *dev, struct device_attribute *attr,
> return sysfs_emit(buf, "%u\n", (pdev == vga_dev));
>
> return sysfs_emit(buf, "%u\n",
> - !!(pdev->resource[PCI_ROM_RESOURCE].flags &
> + !!(pci_resource_flags(pdev, PCI_ROM_RESOURCE) &
> IORESOURCE_ROM_SHADOW));
[Severity: High]
This isn't a bug introduced by this patch, but I noticed a lockless access
pattern here involving vga_default_device() that could lead to a Use-After-Free
elsewhere in the code.
For example, in drivers/pci/vgaarb.c:vga_arb_write():
if (!strncmp(curr_pos, "default", 7))
pdev = pci_dev_get(vga_default_device());
Could this race with device removal? If vga_arbiter_del_pci_device() takes
vga_lock, updates vga_default to NULL, and drops its reference with
pci_dev_put():
void vga_set_default_device(struct pci_dev *pdev)
{
if (vga_default == pdev)
return;
pci_dev_put(vga_default);
vga_default = pci_dev_get(pdev);
}
If the thread executing vga_arb_write() reads vga_default but is preempted
before incrementing the reference count in pci_dev_get(), couldn't the device
be entirely freed before pci_dev_get() executes, leading to a Use-After-Free?
> }
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260619085200.3729431-1-kwilczynski@kernel.org?part=1
next prev parent reply other threads:[~2026-06-19 9:09 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-19 8:51 [PATCH v8 00/25] PCI: Convert all dynamic sysfs attributes to static Krzysztof Wilczyński
2026-06-19 8:51 ` [PATCH v8 01/25] PCI/sysfs: Use PCI resource accessor macros Krzysztof Wilczyński
2026-06-19 9:09 ` sashiko-bot [this message]
2026-06-19 8:51 ` [PATCH v8 02/25] PCI: Add pci_resource_is_io() and pci_resource_is_mem() helpers Krzysztof Wilczyński
2026-06-19 8:59 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 03/25] PCI/sysfs: Only allow supported resource types in I/O and MMIO helpers Krzysztof Wilczyński
2026-06-19 9:01 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 04/25] PCI/sysfs: Split pci_llseek_resource() for device and legacy attributes Krzysztof Wilczyński
2026-06-19 9:03 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 05/25] PCI/sysfs: Add CAP_SYS_ADMIN check to __resource_resize_store() Krzysztof Wilczyński
2026-06-19 9:01 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 06/25] PCI/sysfs: Add static PCI resource attribute macros Krzysztof Wilczyński
2026-06-19 9:11 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 07/25] PCI/sysfs: Convert PCI resource files to static attributes Krzysztof Wilczyński
2026-06-19 9:08 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 08/25] PCI/sysfs: Warn about BAR resize failure in __resource_resize_store() Krzysztof Wilczyński
2026-06-19 9:03 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 09/25] PCI/sysfs: Add stubs for pci_{create,remove}_sysfs_dev_files() Krzysztof Wilczyński
2026-06-19 9:28 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 10/25] PCI/sysfs: Limit pci_sysfs_init() late_initcall compile scope Krzysztof Wilczyński
2026-06-19 9:35 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 11/25] alpha/PCI: Add security_locked_down() check to pci_mmap_resource() Krzysztof Wilczyński
2026-06-19 9:05 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 12/25] alpha/PCI: Use BAR index in sysfs attr->private instead of resource pointer Krzysztof Wilczyński
2026-06-19 9:02 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 13/25] alpha/PCI: Use PCI resource accessor macros Krzysztof Wilczyński
2026-06-19 9:04 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 14/25] alpha/PCI: Fix __pci_mmap_fits() overflow for zero-length BARs Krzysztof Wilczyński
2026-06-19 9:11 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 15/25] alpha/PCI: Remove WARN from __pci_mmap_fits() and __legacy_mmap_fits() Krzysztof Wilczyński
2026-06-19 8:56 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 16/25] alpha/PCI: Add static PCI resource attribute macros Krzysztof Wilczyński
2026-06-19 9:04 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 17/25] alpha/PCI: Convert resource files to static attributes Krzysztof Wilczyński
2026-06-19 9:09 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 18/25] PCI/sysfs: Remove pci_{create,remove}_sysfs_dev_files() Krzysztof Wilczyński
2026-06-19 9:20 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 19/25] PCI: Add macros for legacy I/O and memory address space sizes Krzysztof Wilczyński
2026-06-19 9:12 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 20/25] alpha/PCI: Compute legacy size in pci_mmap_legacy_page_range() Krzysztof Wilczyński
2026-06-19 9:12 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 21/25] PCI/sysfs: Add __weak pci_legacy_has_sparse() helper Krzysztof Wilczyński
2026-06-19 9:08 ` sashiko-bot
2026-06-19 8:51 ` [PATCH v8 22/25] PCI/sysfs: Add legacy I/O and memory attribute macros Krzysztof Wilczyński
2026-06-19 9:18 ` sashiko-bot
2026-06-19 18:26 ` Krzysztof Wilczyński
2026-06-19 8:51 ` [PATCH v8 23/25] PCI/sysfs: Convert legacy I/O and memory attributes to static definitions Krzysztof Wilczyński
2026-06-19 9:16 ` sashiko-bot
2026-06-19 18:31 ` Krzysztof Wilczyński
2026-06-19 8:51 ` [PATCH v8 24/25] PCI/sysfs: Remove pci_create_legacy_files() and pci_sysfs_init() Krzysztof Wilczyński
2026-06-19 9:11 ` sashiko-bot
2026-06-19 8:52 ` [PATCH v8 25/25] PCI/sysfs: Limit BAR resize attribute scope to platforms with PCI mmap Krzysztof Wilczyński
2026-06-19 9:29 ` sashiko-bot
2026-06-19 18:39 ` [PATCH v8 00/25] PCI: Convert all dynamic sysfs attributes to static Krzysztof Wilczyński
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260619090903.302621F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=kwilczynski@kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.