[{"id":3688743,"web_url":"http://patchwork.ozlabs.org/comment/3688743/","msgid":"<20260508214923.44016C2BCB0@smtp.kernel.org>","list_archive_url":null,"date":"2026-05-08T21:49:22","subject":"Re: [PATCH v8 7/7] vfio/pci: Add PCIe TPH SET_ST interface","submitter":{"id":93311,"url":"http://patchwork.ozlabs.org/api/people/93311/","name":null,"email":"sashiko-bot@kernel.org"},"content":"Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:\n- [High] The error path in `vfio_pci_tph_set_st()` destructively zeroes out successfully programmed ST entries on partial failure, causing an unknown and inconsistent device state.\n- [High] Positive PCIBIOS error codes from `pcie_tph_set_st_entry()` are propagated to userspace `ioctl()`, resulting in false success reporting.\n--\n\ncommit c7946d420debcc101b2f2daf21858db188b20ee7\nAuthor: Chengwen Feng <fengchengwen@huawei.com>\n\nvfio/pci: Add PCIe TPH SET_ST interface\n\nThis commit adds the VFIO_PCI_TPH_SET_ST operation to support batch programming\nof steering tag entries. It includes an error path that attempts to roll back\nsuccessfully programmed entries to 0 if any entry fails.\n\n> diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c\n> --- a/drivers/vfio/pci/vfio_pci_core.c\n> +++ b/drivers/vfio/pci/vfio_pci_core.c\n\n[ ... ]\n\n> @@ -1606,6 +1606,94 @@ static int vfio_pci_tph_get_st(struct vfio_pci_core_device *vdev,\n>  \treturn err;\n>  }\n>  \n> +static int vfio_pci_tph_set_st(struct vfio_pci_core_device *vdev,\n> +\t\t\t       struct vfio_device_pci_tph_op *op,\n> +\t\t\t       void __user *uarg)\n> +{\n\n[ ... ]\n\n> +\t\tif (ents[i].cpu == U32_MAX) {\n> +\t\t\terr = pcie_tph_set_st_entry(pdev, ents[i].index, 0);\n> +\t\t\tif (err)\n> +\t\t\t\tgoto out;\n\nCould this return a positive PCIBIOS error code to userspace?\n\npcie_tph_set_st_entry() eventually calls pci_write_config_word(), which returns\npositive PCIBIOS_* error codes (like PCIBIOS_SET_FAILED). Since the VFS ioctl\nhandler only treats strictly negative values as errors, returning a positive\nvalue directly will cause userspace to falsely assume the ioctl succeeded.\n\nShould this error be converted using pcibios_err_to_errno()?\n\n> +\t\t\tcontinue;\n> +\t\t}\n> +\n> +\t\terr = pcie_tph_get_cpu_st(pdev, mtype, ents[i].cpu, &st_val);\n> +\t\tif (err)\n> +\t\t\tgoto out;\n> +\t\terr = pcie_tph_set_st_entry(pdev, ents[i].index, st_val);\n> +\t\tif (err)\n> +\t\t\tgoto out;\n> +\t}\n> +\n> +out:\n> +\tif (err) {\n> +\t\t/* Roll back previously programmed entries to 0 */\n> +\t\tfor (j = 0; j < i; j++)\n> +\t\t\tpcie_tph_set_st_entry(pdev, ents[j].index, 0);\n\nDoes this error path actually leave the device in an inconsistent state if the\nentries contained valid non-zero tags before this ioctl was called?\n\nSince the original ST values are not read or saved prior to modification,\nthis \"rollback\" destructively overwrites them with 0 rather than restoring the\ntrue previous state.\n\nCould we read and save the original values before modifying them, or return\nan error without attempting a partial revert?\n\n> +\t}\n> +\tkvfree(ents);\n> +\treturn err;\n> +}","headers":{"Return-Path":"\n <linux-pci+bounces-54294-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linux-pci@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=d4OTP0IZ;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=104.64.211.4; helo=sin.lore.kernel.org;\n envelope-from=linux-pci+bounces-54294-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"d4OTP0IZ\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from sin.lore.kernel.org (sin.lore.kernel.org [104.64.211.4])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gC2p04hCSz1yHW\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 09 May 2026 07:49:28 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 50BC4300CBCD\n\tfor <incoming@patchwork.ozlabs.org>; Fri,  8 May 2026 21:49:25 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id D7A96321445;\n\tFri,  8 May 2026 21:49:23 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id B4DA825F994\n\tfor <linux-pci@vger.kernel.org>; Fri,  8 May 2026 21:49:23 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 44016C2BCB0;\n\tFri,  8 May 2026 21:49:23 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1778276963; cv=none;\n b=TLzMJoeKTkNTQ3W9XzDaPRQXmSwx3kpZw5MmwRcklc561rj7i2E1D8FKXP2eU+k1Ry8La5Cfn+xr7ucZtr/Z5ev9cj4dmmXArS8jCSCxEbfzO+BAb6fvm/n5JKd5+p1nRAYA+lMBCA8s7ptyJ+28R32GHs4gt3K6F3OvtJTF76c=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1778276963; c=relaxed/simple;\n\tbh=UoBIY/XvUtd54XfIjiSNJsMkB2cFeCiSK4L3rHDoVNw=;\n\th=From:Subject:To:Cc:In-Reply-To:References:Content-Type:Date:\n\t Message-Id;\n b=OuddDzsKdH0ugPX5+5TjH6INOtiMZb0KVzVYFhZrjlinftQu76n1Fyzu4TBFd6PjBYeX1CUgneJkCr44dPpA3yQ9rzdDdx5JKk1bDVMeEShJbzL7RCJ0QW0qO2XRSV05029VXNvIrJ97fvpmu3oDhiSMUr502u7Z6/X/IuZKxz4=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=d4OTP0IZ; arc=none smtp.client-ip=10.30.226.201","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1778276963;\n\tbh=UoBIY/XvUtd54XfIjiSNJsMkB2cFeCiSK4L3rHDoVNw=;\n\th=From:Subject:Reply-To:To:Cc:In-Reply-To:References:Date:From;\n\tb=d4OTP0IZ+5A4gZZUfutqz4iaoj6wRroH6ZV/Bg+KvL3rXnCEV6Yrh1OTAd7BW+xfg\n\t 6VNNpk5YdkxjbQmDI64Qq9JFLJobpkn5CvrM7aCruHIzH+tu//Iq+L2DSNGcvcfkrE\n\t 2fu3caC2VYvf4ZRmLmmSgfnFLyBQ2KUbhb6Fy7+PK0a1GaOrym0PMsoE4TtuCijlJn\n\t uDuOjva8d29PDMcO0gT1nZhO0zVza/wjD04Yb0ZqRS8nTyTM/QmqF9i8V49dOlBF/c\n\t md/yi9lF6+//rbX9UKZWd57HgNUvvOl1inWziKefzhM2gX2WdgNC+MWFu1jkY4/UEx\n\t YgRgwd2sylkSw==","From":"sashiko-bot@kernel.org","Subject":"Re: [PATCH v8 7/7] vfio/pci: Add PCIe TPH SET_ST interface","Reply-To":"sashiko@lists.linux.dev","To":"\"Chengwen Feng\" <fengchengwen@huawei.com>","Cc":"linux-pci@vger.kernel.org","In-Reply-To":"<20260508064053.37529-8-fengchengwen@huawei.com>","References":"<20260508064053.37529-8-fengchengwen@huawei.com>","Content-Type":"text/plain; charset=utf-8","Content-Transfer-Encoding":"quoted-printable","Date":"Fri, 08 May 2026 21:49:22 +0000","Message-Id":"<20260508214923.44016C2BCB0@smtp.kernel.org>","Precedence":"bulk","X-Mailing-List":"linux-pci@vger.kernel.org","List-Id":"<linux-pci.vger.kernel.org>","List-Subscribe":"<mailto:linux-pci+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:linux-pci+unsubscribe@vger.kernel.org>"}}]