From: Alex Williamson <alex@shazbot.org>
To: <dan.j.williams@intel.com>
Cc: "Anthony Pighin (Nokia)" <anthony.pighin@nokia.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
jgross@suse.com, sstabellini@kernel.org,
oleksandr_tyshchenko@epam.com
Subject: Re: [PATCH v2] vfio/pci: Lock upstream bridge for vfio_pci_core_disable()
Date: Mon, 26 Jan 2026 16:20:04 -0700 [thread overview]
Message-ID: <20260126162004.62db4391@shazbot.org> (raw)
In-Reply-To: <697135069627e_309510030@dwillia2-mobl4.notmuch>
On Wed, 21 Jan 2026 12:20:22 -0800
<dan.j.williams@intel.com> wrote:
> Anthony Pighin (Nokia) wrote:
> > The commit 7e89efc6e9e4 ("Lock upstream bridge for pci_reset_function()")
> > added locking of the upstream bridge to the reset function. To catch
> > paths that are not properly locked, the commit 920f6468924f ("Warn on
> > missing cfg_access_lock during secondary bus reset") added a warning
> > if the PCI configuration space was not locked during a secondary bus reset
> > request.
> >
> > When a VFIO PCI device is released from userspace ownership, an attempt
> > to reset the PCI device function may be made. If so, and the upstream bridge
> > is not locked, the release request results in a warning:
> >
> > pcieport 0000:00:00.0: unlocked secondary bus reset via:
> > pci_reset_bus_function+0x188/0x1b8
> >
> > Add missing upstream bridge locking to vfio_pci_core_disable().
> >
> > Fixes: 7e89efc6e9e4 ("PCI: Lock upstream bridge for pci_reset_function()")
> > Signed-off-by: Anthony Pighin <anthony.pighin@nokia.com>
> > ---
> > V1 -> V2:
> > - Reworked commit log for clarity
> > - Corrected indentation
> > - Added a Fixes: tag
> >
> >
> > drivers/vfio/pci/vfio_pci_core.c | 17 +++++++++++++----
> > 1 file changed, 13 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
> > index 3a11e6f450f7..72c33b399800 100644
> > --- a/drivers/vfio/pci/vfio_pci_core.c
> > +++ b/drivers/vfio/pci/vfio_pci_core.c
> > @@ -588,6 +588,7 @@ EXPORT_SYMBOL_GPL(vfio_pci_core_enable);
> >
> > void vfio_pci_core_disable(struct vfio_pci_core_device *vdev)
> > {
> > + struct pci_dev *bridge;
> > struct pci_dev *pdev = vdev->pdev;
> > struct vfio_pci_dummy_resource *dummy_res, *tmp;
> > struct vfio_pci_ioeventfd *ioeventfd, *ioeventfd_tmp;
> > @@ -694,12 +695,20 @@ void vfio_pci_core_disable(struct vfio_pci_core_device *vdev)
> > * We can not use the "try" reset interface here, which will
> > * overwrite the previously restored configuration information.
> > */
> > - if (vdev->reset_works && pci_dev_trylock(pdev)) {
> > - if (!__pci_reset_function_locked(pdev))
> > - vdev->needs_reset = false;
> > - pci_dev_unlock(pdev);
> > + if (vdev->reset_works) {
> > + bridge = pci_upstream_bridge(pdev);
> > + if (bridge && !pci_dev_trylock(bridge))
> > + goto out_restore_state;
> > + if (pci_dev_trylock(pdev)) {
> > + if (!__pci_reset_function_locked(pdev))
> > + vdev->needs_reset = false;
> > + pci_dev_unlock(pdev);
> > + }
> > + if (bridge)
> > + pci_dev_unlock(bridge);
>
> This looks ok, but a bit unfortunate that it duplicates what
> mlxsw_pci_reset_at_pci_disable() is also open coding. It leaves Octeon
> (orphaned) and Xen to rediscover the same bug. At a minimum I copied the Xen
> folks for their awareness, but it feels like __pci_reset_function_locked()
> really is no longer suitable to be exported to drivers with this new locking
> requirement. It wants a wrapper that contains this detail.
Even pci_try_reset_function() was missed when when this new locking
requirement was added, so adding yet another core wrapper function
doesn't guarantee we won't hit such problems.
The device_lock requirement for PCI reset has been particularly
problematic over the years, leading to the trylock nonsense we use to
avoid deadlocks. Even the previously converted mlxsw call path cannot
acquire the bridge device lock since they already expect to hold the
reset target device lock, deferring to only acquiring the
pci_cfg_access_lock().
The above vfio-pci code may ultimately choose something similar because
even when userspace has correctly shutdown the VM before unbinding the
device from vfio-pci, the fput is run through a workqueue and may not
be able to acquire device lock here.
I don't know what a wrapper to handle all these variant would look
like. Maybe we need to bubble up the warning to the existing wrapper
so we can see it without having specific hardware that triggers the bus
reset path. Thanks,
Alex
prev parent reply other threads:[~2026-01-26 23:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-16 15:31 [PATCH v2] vfio/pci: Lock upstream bridge for vfio_pci_core_disable() Anthony Pighin (Nokia)
2026-01-19 20:38 ` Alex Williamson
2026-01-21 20:20 ` dan.j.williams
2026-01-26 23:20 ` Alex Williamson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260126162004.62db4391@shazbot.org \
--to=alex@shazbot.org \
--cc=anthony.pighin@nokia.com \
--cc=dan.j.williams@intel.com \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=jgross@suse.com \
--cc=kvm@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=oleksandr_tyshchenko@epam.com \
--cc=sstabellini@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox