[{"id":3688092,"web_url":"http://patchwork.ozlabs.org/comment/3688092/","msgid":"<20260507232017.A0AC6C2BCB2@smtp.kernel.org>","list_archive_url":null,"date":"2026-05-07T23:20:17","subject":"Re: [PATCH v7 3/6] vfio/pci: Add PCIe TPH interface with capability\n query","submitter":{"id":93311,"url":"http://patchwork.ozlabs.org/api/people/93311/","name":null,"email":"sashiko-bot@kernel.org"},"content":"Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:\n- [Medium] The ST table size (`st_table_sz`) is incorrectly reported as 0 when the Steering Tag (ST) table is located in the MSI-X table.\n--\n\ncommit 84cffb4ace52d740319be3c3a2f634b68268963c\nAuthor: Chengwen Feng <fengchengwen@huawei.com>\n\nvfio/pci: Add PCIe TPH interface with capability query\n\nThis commit adds the VFIO_DEVICE_PCI_TPH IOCTL to allow userspace to query\ndevice TPH capabilities, supported modes, and steering tag table information.\nIt also introduces a module parameter to restrict unsafe device-specific TPH\nmode to trusted userspace only.\n\n> diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c\n> index 3f8d093aacf8a..e7efa8f230bec 100644\n> --- a/drivers/vfio/pci/vfio_pci_core.c\n> +++ b/drivers/vfio/pci/vfio_pci_core.c\n[ ... ]\n> @@ -1461,6 +1463,55 @@ static int vfio_pci_ioctl_ioeventfd(struct vfio_pci_core_device *vdev,\n>  \t\t\t\t  ioeventfd.fd);\n>  }\n>  \n> +static int vfio_pci_tph_get_cap(struct vfio_pci_core_device *vdev,\n> +\t\t\t\tstruct vfio_device_pci_tph_op *op,\n> +\t\t\t\tvoid __user *uarg)\n> +{\n> +\tstruct pci_dev *pdev = vdev->pdev;\n> +\tstruct vfio_pci_tph_cap cap = {0};\n> +\tu8 mode;\n> +\n> +\tif (op->argsz < offsetofend(struct vfio_device_pci_tph_op, cap))\n> +\t\treturn -EINVAL;\n> +\n> +\tmode = pcie_tph_get_st_modes(pdev);\n> +\tif (!enable_unsafe_tph_ds_mode)\n> +\t\tmode &= ~PCI_TPH_CAP_ST_DS;\n> +\tif (mode == 0 || mode == PCI_TPH_CAP_ST_NS)\n> +\t\treturn -EOPNOTSUPP;\n> +\n> +\tif (mode & PCI_TPH_CAP_ST_IV)\n> +\t\tcap.supported_modes |= VFIO_PCI_TPH_MODE_IV;\n> +\tif (mode & PCI_TPH_CAP_ST_DS)\n> +\t\tcap.supported_modes |= VFIO_PCI_TPH_MODE_DS;\n> +\n> +\tif (pcie_tph_get_st_table_loc(pdev) != PCI_TPH_LOC_NONE)\n> +\t\tcap.st_table_sz = pcie_tph_get_st_table_size(pdev);\n\nIs it possible that st_table_sz is incorrectly reported as 0 here when the\nSteering Tag (ST) table is located in the MSI-X table?\n\nThe kernel function pcie_tph_get_st_table_size() returns 0 if the ST table\nlocation is anything other than PCI_TPH_LOC_CAP, meaning it returns 0 for\nPCI_TPH_LOC_MSIX.\n\nAs a result, userspace would receive st_table_sz == 0, which the UAPI\ndocumentation explicitly defines as 'no ST table'.\n\nFurthermore, because the location is not PCI_TPH_LOC_NONE, any subsequent\nuserspace attempt to use VFIO_PCI_TPH_GET_ST would be rejected by the kernel\nwith -EOPNOTSUPP.\n\nThis would leave userspace completely unable to properly program the ST table\nusing SET_ST because it falsely believes the table size is 0 and cannot query\nthe CPU tags.\n\nShould the MSI-X table size (e.g., via pci_msix_vec_count(pdev)) be used to\npopulate st_table_sz when the location is PCI_TPH_LOC_MSIX?\n\n> +\n> +\tif (copy_to_user(uarg, &cap, sizeof(cap)))\n> +\t\treturn -EFAULT;\n> +\n> +\treturn 0;\n> +}","headers":{"Return-Path":"\n <linux-pci+bounces-54132-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linux-pci@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=RvAqhW6k;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-pci+bounces-54132-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"RvAqhW6k\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gBSsL0NNKz1yK7\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 08 May 2026 09:20:22 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 841EC3031827\n\tfor <incoming@patchwork.ozlabs.org>; Thu,  7 May 2026 23:20:19 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 589B92F290E;\n\tThu,  7 May 2026 23:20:18 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 357AA175A99\n\tfor <linux-pci@vger.kernel.org>; Thu,  7 May 2026 23:20:18 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id A0AC6C2BCB2;\n\tThu,  7 May 2026 23:20:17 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1778196018; cv=none;\n b=cfpxRn1+mqKavdPMLd3xaC4XFGQBMrN2NlTPSoMq4SYkorkboZYS/Fd23Kf3nMsr7mOKXcz4S+TQXCTnOJS7f+u+RkSUJJrf4UfoarPuZ7JKqmy/RuLQQcMLStlv2Zh4Y6xNB5wpsPu2k83As/aeFT4KR8e9K36pTYKf8NC1X/Q=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1778196018; c=relaxed/simple;\n\tbh=XDIL4lZLx7HTlxm0pMj9E20DYlZnj9ZoOLm53fZLC3Q=;\n\th=From:Subject:To:Cc:In-Reply-To:References:Content-Type:Date:\n\t Message-Id;\n b=cnG/MhRF2lfi+0Pg5w63pprTxI4U2QaIr+k12iaghEu3/MvDMZj2i401f9NkHKjc5NF7qHWQYhsIG0EMLSXQQ5mEpyRS0OR2r3AzPfOd2jLKhcWtYAqHACrCcINyNPtF/gibC4mVVjJtTs2xns/cF80A1kDuh8jLSARBIMf3mtE=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=RvAqhW6k; arc=none smtp.client-ip=10.30.226.201","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1778196018;\n\tbh=XDIL4lZLx7HTlxm0pMj9E20DYlZnj9ZoOLm53fZLC3Q=;\n\th=From:Subject:Reply-To:To:Cc:In-Reply-To:References:Date:From;\n\tb=RvAqhW6klnAUwWfXAeCfa9KX5EghWE7GuF4x0NsRGg3fV/pkXT1KeZZg2lHN9cgfU\n\t cSXo65AYlRJOaZJgo6pO5WQuIqP0E9PvRuthb/l/9bBeVXOXfGMfX5rmo7cvayyinl\n\t MhiGCLBvePZy0qb+4AkrTLamZmrkeblamt7BDscP3BKcGCLJ8Tztcc4DhbpPn/SXnS\n\t hFZdbZH+UToT8QROw1NzN7ofxwazuzfw/Rqs5UHJW5Co8Aa+2PJESuTL/izbbmeYbz\n\t cGphOI1UvAbPrHMQZ+WtOOgmgV45cFosHLGqbtu86RdshlCqg16Jw/PN+ZM4/hugpE\n\t onBVplxYOww2Q==","From":"sashiko-bot@kernel.org","Subject":"Re: [PATCH v7 3/6] vfio/pci: Add PCIe TPH interface with capability\n query","Reply-To":"sashiko@lists.linux.dev","To":"\"Chengwen Feng\" <fengchengwen@huawei.com>","Cc":"linux-pci@vger.kernel.org","In-Reply-To":"<20260507130956.34441-4-fengchengwen@huawei.com>","References":"<20260507130956.34441-4-fengchengwen@huawei.com>","Content-Type":"text/plain; charset=utf-8","Content-Transfer-Encoding":"quoted-printable","Date":"Thu, 07 May 2026 23:20:17 +0000","Message-Id":"<20260507232017.A0AC6C2BCB2@smtp.kernel.org>","Precedence":"bulk","X-Mailing-List":"linux-pci@vger.kernel.org","List-Id":"<linux-pci.vger.kernel.org>","List-Subscribe":"<mailto:linux-pci+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:linux-pci+unsubscribe@vger.kernel.org>"}}]