From: sashiko-bot@kernel.org
To: "Dimitri Daskalakis" <dimitri.daskalakis1@gmail.com>
Cc: linux-pci@vger.kernel.org, kvm@vger.kernel.org
Subject: Re: [RFC 11/12] PCI: Initialize and release SIOV capability
Date: Thu, 04 Jun 2026 15:23:12 +0000 [thread overview]
Message-ID: <20260604152312.F3B9E1F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260604150153.3619662-12-dimitri.daskalakis1@gmail.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Calculation of maximum SIOV bus consumption silently wraps around due to 16-bit truncation, underreporting the maximum bus number and breaking IOMMU isolation.
--
commit 72b51539a88b3ec026656cdb5f408780a8f58cd2
Author: Dimitri Daskalakis <daskald@meta.com>
PCI: Initialize and release SIOV capability
This commit modifies pci_init_capabilities() to discover the SIOV extended
capability and allocate a struct pci_siov. It computes the worst-case bus
consumption from total_SDIs and mirrors SR-IOV initialization patterns.
> diff --git a/drivers/pci/siov.c b/drivers/pci/siov.c
> new file mode 100644
> index 0000000000000..7372ce95714b2
> --- /dev/null
> +++ b/drivers/pci/siov.c
[ ... ]
> +static int pci_siov_sdi_bus(struct pci_dev *dev, int sdi_id)
> +{
> + if (!dev->siov)
> + return -EINVAL;
> + return pci_virtfn_routing_id(dev, dev->siov->offset,
> + dev->siov->stride, sdi_id) >> 8;
> +}
> +
> +static int compute_max_sdi_buses(struct pci_dev *dev)
> +{
> + struct pci_siov *siov = dev->siov;
> +
> + if (!siov->offset || (siov->total_SDIs > 1 && !siov->stride))
> + return -EIO;
> +
> + siov->max_SDI_buses = pci_siov_sdi_bus(dev, siov->total_SDIs - 1);
[Severity: High]
Does this calculation properly handle 16-bit truncation wrap-around?
If a PCIe endpoint advertises a total_SDIs and stride combination that exceeds
the 16-bit routing ID space (i.e. requesting a bus > 255), the result from
pci_virtfn_routing_id() will mathematically wrap around modulo 65536 since it
returns a u16:
drivers/pci/pci.h:pci_virtfn_routing_id() {
return (pf->bus->number << 8) + pf->devfn + offset + stride * id;
}
Because this only evaluates the final SDI index (siov->total_SDIs - 1),
siov->max_SDI_buses could be set to a lower, wrapped value.
Later when reserving buses, this could cause an insufficient number of buses to
be reserved, potentially assigning legitimate SDI bus numbers to other
downstream devices and breaking IOMMU isolation.
> + return 0;
> +}
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260604150153.3619662-1-dimitri.daskalakis1@gmail.com?part=11
next prev parent reply other threads:[~2026-06-04 15:23 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-04 15:01 [RFC 00/12] PCI: Add support for Scalable I/O Virtualization Dimitri Daskalakis
2026-06-04 15:01 ` [RFC 01/12] PCI: Add helpers to identify SR-IOV PFs/VFs Dimitri Daskalakis
2026-06-04 15:01 ` [RFC 02/12] PCI: Convert iov.c to pci_is_sriov_* helpers Dimitri Daskalakis
2026-06-04 15:15 ` sashiko-bot
2026-06-04 15:01 ` [RFC 03/12] PCI: Convert pci.h " Dimitri Daskalakis
2026-06-04 15:01 ` [RFC 04/12] PCI: Convert arch/powerpc " Dimitri Daskalakis
2026-06-04 17:26 ` sashiko-bot
2026-06-04 15:01 ` [RFC 05/12] PCI: Convert s390/pci/pci.c " Dimitri Daskalakis
2026-06-04 15:01 ` [RFC 06/12] PCI: Convert vfio_pci_core.c " Dimitri Daskalakis
2026-06-04 15:01 ` [RFC 07/12] PCI: Convert xen-pciback and pci-driver " Dimitri Daskalakis
2026-06-04 15:11 ` Juergen Gross
2026-06-04 15:24 ` sashiko-bot
2026-06-04 15:01 ` [RFC 08/12] PCI: Add is_sriov bit to struct pci_dev Dimitri Daskalakis
2026-06-04 15:01 ` [RFC 09/12] PCI: Add helper to compute VF Routing ID to pci.h Dimitri Daskalakis
2026-06-04 15:01 ` [RFC 10/12] PCI: Add Scalable I/O Virtualization data structure definitions Dimitri Daskalakis
2026-06-04 15:23 ` sashiko-bot
2026-06-04 15:01 ` [RFC 11/12] PCI: Initialize and release SIOV capability Dimitri Daskalakis
2026-06-04 15:23 ` sashiko-bot [this message]
2026-06-04 15:01 ` [RFC 12/12] PCI: Reserve bus range for SIOV devices Dimitri Daskalakis
2026-06-04 15:25 ` sashiko-bot
2026-06-04 18:20 ` [RFC 00/12] PCI: Add support for Scalable I/O Virtualization Jason Gunthorpe
2026-06-04 23:49 ` Dimitri Daskalakis
2026-06-04 23:53 ` Jason Gunthorpe
2026-06-05 0:59 ` Jakub Kicinski
2026-06-05 4:14 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260604152312.F3B9E1F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=dimitri.daskalakis1@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox