Patch "vfio/pci: Clear token on bypass registration failure" has been added to the 4.4-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 26 Oct 2020 01:57:11 -0400

This is a note to let you know that I've just added the patch titled

    vfio/pci: Clear token on bypass registration failure

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     vfio-pci-clear-token-on-bypass-registration-failure.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 800e09317d38ac8bd77ece7e0ddc4cf57b595d3c
Author: Alex Williamson <alex.williamson@xxxxxxxxxx>
Date:   Mon Oct 19 07:13:55 2020 -0600

    vfio/pci: Clear token on bypass registration failure
    
    [ Upstream commit 852b1beecb6ff9326f7ca4bc0fe69ae860ebdb9e ]
    
    The eventfd context is used as our irqbypass token, therefore if an
    eventfd is re-used, our token is the same.  The irqbypass code will
    return an -EBUSY in this case, but we'll still attempt to unregister
    the producer, where if that duplicate token still exists, results in
    removing the wrong object.  Clear the token of failed producers so
    that they harmlessly fall out when unregistered.
    
    Fixes: 6d7425f109d2 ("vfio: Register/unregister irq_bypass_producer")
    Reported-by: guomin chen <guomin_chen@xxxxxxxx>
    Tested-by: guomin chen <guomin_chen@xxxxxxxx>
    Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c
index f7d48661aa944..af4f7ebb45a79 100644
--- a/drivers/vfio/pci/vfio_pci_intrs.c
+++ b/drivers/vfio/pci/vfio_pci_intrs.c
@@ -364,11 +364,13 @@ static int vfio_msi_set_vector_signal(struct vfio_pci_device *vdev,
 	vdev->ctx[vector].producer.token = trigger;
 	vdev->ctx[vector].producer.irq = irq;
 	ret = irq_bypass_register_producer(&vdev->ctx[vector].producer);
-	if (unlikely(ret))
+	if (unlikely(ret)) {
 		dev_info(&pdev->dev,
 		"irq bypass producer (token %p) registration fails: %d\n",
 		vdev->ctx[vector].producer.token, ret);
 
+		vdev->ctx[vector].producer.token = NULL;
+	}
 	vdev->ctx[vector].trigger = trigger;
 
 	return 0;






