From: sashiko-bot@kernel.org
To: "Chengwen Feng" <fengchengwen@huawei.com>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH v10 3/5] PCI/TPH: Add pcie_tph_enabled_mode() helper
Date: Fri, 15 May 2026 10:49:39 +0000 [thread overview]
Message-ID: <20260515104940.79D6BC2BCB0@smtp.kernel.org> (raw)
In-Reply-To: <20260515094040.38496-4-fengchengwen@huawei.com>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [Medium] The pcie_tph_enabled_mode() helper returns 0 both when TPH is disabled and when it is actively enabled in No ST Mode, causing an unresolvable API ambiguity.
- [Medium] Lockless multi-variable read of TPH state without memory barriers leads to inconsistent state and TOCTOU vulnerabilities.
--
commit 1855ec2d0c286906dabaf853860c8045f63a2d5f
Author: Chengwen Feng <fengchengwen@huawei.com>
PCI/TPH: Add pcie_tph_enabled_mode() helper
Add a helper to query enabled TPH mode on a PCI device. This is useful for
drivers like VFIO-PCI that need to validate TPH state before allowing
access to steering tag tables.
> diff --git a/drivers/pci/tph.c b/drivers/pci/tph.c
> index ba31b010f67ad..91c1e83410a3e 100644
> --- a/drivers/pci/tph.c
> +++ b/drivers/pci/tph.c
[ ... ]
> @@ -451,6 +451,18 @@ int pcie_enable_tph(struct pci_dev *pdev, int mode)
> }
> EXPORT_SYMBOL(pcie_enable_tph);
>
> +/**
> + * pcie_tph_enabled_mode - Get current enabled TPH mode
> + * @pdev: PCI device
> + *
> + * Return the enabled TPH mode (IV/DS) or 0 if disabled.
> + */
> +int pcie_tph_enabled_mode(struct pci_dev *pdev)
> +{
> + return pdev->tph_enabled ? pdev->tph_mode : 0;
Will this return value be ambiguous when TPH is enabled in No ST Mode?
Since No ST Mode (PCI_TPH_ST_NS_MODE) is defined as 0x0, returning 0 when
disabled makes it impossible for a caller to distinguish between TPH being
completely disabled and TPH being actively enabled in No ST Mode.
Could this return a negative error code (such as -ENODATA or -EINVAL) when
TPH is disabled, to avoid collisions with valid mode values?
Also, can this lockless read of pdev->tph_enabled and pdev->tph_mode see
an inconsistent state if pcie_enable_tph() runs concurrently?
For example, if VFIO allows userspace to trigger pcie_enable_tph()
concurrently with querying the enabled mode, could the CPU or compiler
reorder the load of pdev->tph_mode before pdev->tph_enabled?
This might result in seeing tph_enabled == 1 but an old or uninitialized
value for tph_mode.
> +}
> +EXPORT_SYMBOL(pcie_tph_enabled_mode);
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260515094040.38496-1-fengchengwen@huawei.com?part=3
next prev parent reply other threads:[~2026-05-15 10:49 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-15 9:40 [PATCH v10 0/5] vfio/pci: Add PCIe TPH support Chengwen Feng
2026-05-15 9:40 ` [PATCH v10 1/5] PCI/TPH: Fix pcie_tph_get_st_table_loc() field extraction Chengwen Feng
2026-05-15 10:01 ` sashiko-bot
2026-05-15 9:40 ` [PATCH v10 2/5] PCI/TPH: Export pcie_tph_get_st_modes() for external use Chengwen Feng
2026-05-15 9:40 ` [PATCH v10 3/5] PCI/TPH: Add pcie_tph_enabled_mode() helper Chengwen Feng
2026-05-15 10:49 ` sashiko-bot [this message]
2026-05-15 9:40 ` [PATCH v10 4/5] vfio/pci: Add PCIe TPH configuration space virtualization Chengwen Feng
2026-05-15 11:26 ` sashiko-bot
2026-05-15 9:40 ` [PATCH v10 5/5] vfio/pci: Add VFIO_DEVICE_FEATURE_TPH_ST for TPH ST entry management Chengwen Feng
2026-05-15 11:45 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260515104940.79D6BC2BCB0@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=fengchengwen@huawei.com \
--cc=linux-pci@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox