From: "Julian Ruess" <julianr@linux.ibm.com>
To: "Niklas Schnelle" <schnelle@linux.ibm.com>,
"Farhan Ali" <alifm@linux.ibm.com>,
"Julian Ruess" <julianr@linux.ibm.com>, <wintera@linux.ibm.com>,
<ts@linux.ibm.com>, <oberpar@linux.ibm.com>,
<gbayer@linux.ibm.com>, "Alex Williamson" <alex@shazbot.org>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"Yishai Hadas" <yishaih@nvidia.com>,
"Shameer Kolothum" <skolothumtho@nvidia.com>,
"Kevin Tian" <kevin.tian@intel.com>
Cc: <mjrosato@linux.ibm.com>, <raspl@linux.ibm.com>,
<hca@linux.ibm.com>, <agordeev@linux.ibm.com>,
<gor@linux.ibm.com>, <kvm@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <linux-s390@vger.kernel.org>,
<linux-pci@vger.kernel.org>
Subject: Re: [PATCH v5 2/3] vfio/ism: Implement vfio_pci driver for ISM devices
Date: Wed, 18 Mar 2026 07:16:11 +0100 [thread overview]
Message-ID: <DH5OSCR30K6L.3SIBYOZ6166AC@linux.ibm.com> (raw)
In-Reply-To: <ef044e7fa28e33cf865882e374957c0cd10124d1.camel@linux.ibm.com>
On Tue Mar 17, 2026 at 10:16 PM CET, Niklas Schnelle wrote:
> On Tue, 2026-03-17 at 11:43 -0700, Farhan Ali wrote:
>> <..snip..>
>>
>> On 3/17/2026 5:58 AM, Julian Ruess wrote:
>> > static int ism_vfio_pci_probe(struct pci_dev *pdev,
>> > + const struct pci_device_id *id)
>> > +{
>> > + struct ism_vfio_pci_core_device *ivpcd;
>> > + struct zpci_dev *zdev = to_zpci(pdev);
>> > + char cache_name[20];
>> > + int ret;
>> > +
>> > + ivpcd = vfio_alloc_device(ism_vfio_pci_core_device, core_device.vdev,
>> > + &pdev->dev, &ism_pci_ops);
>> > + if (IS_ERR(ivpcd))
>> > + return PTR_ERR(ivpcd);
>> > +
>> > + snprintf(cache_name, sizeof(cache_name), "ism_sb_fid_%08x", zdev->fid);
>> > + ivpcd->store_block_cache =
>> > + kmem_cache_create(cache_name, zdev->maxstbl, 0, 0, NULL);
>> > + if (!ivpcd->store_block_cache) {
>> > + vfio_put_device(&ivpcd->core_device.vdev);
>> > + return -ENOMEM;
>> > + }
>> > +
>> > + dev_set_drvdata(&pdev->dev, &ivpcd->core_device);
>> > + ret = vfio_pci_core_register_device(&ivpcd->core_device);
>> > + if (ret) {
>> > + kmem_cache_destroy(ivpcd->store_block_cache);
>> > + vfio_put_device(&ivpcd->core_device.vdev);
>> > + }
>> > +
>> > + return ret;
>> > +}
>> > +
>> > +static void ism_vfio_pci_remove(struct pci_dev *pdev)
>> > +{
>> > + struct vfio_pci_core_device *core_device;
>> > + struct ism_vfio_pci_core_device *ivpcd;
>> > +
>> > + core_device = dev_get_drvdata(&pdev->dev);
>> > + ivpcd = container_of(core_device, struct ism_vfio_pci_core_device,
>> > + core_device);
>> > +
>> > + vfio_pci_core_unregister_device(&ivpcd->core_device);
>> > + vfio_put_device(&ivpcd->core_device.vdev);
>> > +
>> > + kmem_cache_destroy(ivpcd->store_block_cache);
>>
>> I think the kmem_cache_destroy() should be done before we do
>> vfio_put_device() (or maybe even before
>> vfio_pci_core_unregister_device()) to avoid use after free similar to
>> ism_vfio_pci_probe(). Sorry I missed this earlier.
>>
>> Thanks
>>
>> Farhan
>>
>
> Good find! Wouldn't it be even cleaner to provide vfio/ism specific
> .init and .release functions in ism_pci_ops that do the
> kmem_cache_create() / kmem_cache_destroy() as part of init / release?
> It seems this is done for e.g. Xe with xe_vfio_pci_init_dev()
> and xe_vfio_pci_release_dev(). In fact wouldn't that be even necessary
> to correctly handle the case where the above vfio_put_device() isn't
> the last reference?
>
> Thanks,
> Niklas
Thanks guys! Yes, I think we should introduce custom .init and .release functions. Will change that in the next version.
next prev parent reply other threads:[~2026-03-18 6:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-17 12:58 [PATCH v5 0/3] vfio/pci: Introduce vfio_pci driver for ISM devices Julian Ruess
2026-03-17 12:58 ` [PATCH v5 1/3] vfio/pci: Rename vfio_config_do_rw() to vfio_pci_config_rw_single() and export it Julian Ruess
2026-03-17 12:58 ` [PATCH v5 2/3] vfio/ism: Implement vfio_pci driver for ISM devices Julian Ruess
2026-03-17 18:43 ` Farhan Ali
2026-03-17 21:16 ` Niklas Schnelle
2026-03-18 6:16 ` Julian Ruess [this message]
2026-03-18 14:52 ` Niklas Schnelle
2026-03-17 12:58 ` [PATCH v5 3/3] MAINTAINERS: add VFIO ISM PCI DRIVER section Julian Ruess
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DH5OSCR30K6L.3SIBYOZ6166AC@linux.ibm.com \
--to=julianr@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=alex@shazbot.org \
--cc=alifm@linux.ibm.com \
--cc=gbayer@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=jgg@ziepe.ca \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mjrosato@linux.ibm.com \
--cc=oberpar@linux.ibm.com \
--cc=raspl@linux.ibm.com \
--cc=schnelle@linux.ibm.com \
--cc=skolothumtho@nvidia.com \
--cc=ts@linux.ibm.com \
--cc=wintera@linux.ibm.com \
--cc=yishaih@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox