From: Weifeng Su <suweifeng1@huawei.com>

The /dev/uioX device has concurrent operations in a few scenarios.

For example, when a process is operating the uio0 device, someone executes
like "cat /dev/uio0" command. In this case, the bus master bit is cleared
unconditionally. As a result, the running program cannot work commands
or I/Os, which is usually unaware of. This happens after
865a11f("uio/uio_pci_generic: Disable bus-mastering on release");
The restriction on the process that uses the PCI device is added. The new
process can be used only after the process that uses the PCI device exits.
Otherwise, the system returns a message indicating that the device is busy.

Signed-off-by: Weifeng Su <suweifeng1@huawei.com>
---

Change v2 -> v3:
  The process is restricted from using the PCI device. Before the process 
that uses the PCI device exits, the device returns EBUSY.
After the process exits, the master bit is cleared unconditionally 
to ensure DMA security.

 drivers/uio/uio_pci_generic.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/drivers/uio/uio_pci_generic.c b/drivers/uio/uio_pci_generic.c
index e03f9b532..19bf5ead9 100644
--- a/drivers/uio/uio_pci_generic.c
+++ b/drivers/uio/uio_pci_generic.c
@@ -31,6 +31,7 @@
 struct uio_pci_generic_dev {
 	struct uio_info info;
 	struct pci_dev *pdev;
+	atomic_t	refcnt;
 };
 
 static inline struct uio_pci_generic_dev *
@@ -39,10 +40,21 @@ to_uio_pci_generic_dev(struct uio_info *info)
 	return container_of(info, struct uio_pci_generic_dev, info);
 }
 
+static int open(struct uio_info *info, struct inode *inode)
+{
+	struct uio_pci_generic_dev *gdev = to_uio_pci_generic_dev(info);
+
+	if (atomic_add_unless(&gdev->refcnt, 1, 1))
+		return 0;
+	else
+		return -EBUSY;
+}
+
 static int release(struct uio_info *info, struct inode *inode)
 {
 	struct uio_pci_generic_dev *gdev = to_uio_pci_generic_dev(info);
 
+	atomic_dec(&gdev->refcnt);
 	/*
 	 * This driver is insecure when used with devices doing DMA, but some
 	 * people (mis)use it with such devices.
@@ -93,7 +105,9 @@ static int probe(struct pci_dev *pdev,
 	gdev->info.name = "uio_pci_generic";
 	gdev->info.version = DRIVER_VERSION;
 	gdev->info.release = release;
+	gdev->info.open = open;
 	gdev->pdev = pdev;
+	atomic_set(&gdev->refcnt, 0);
 	if (pdev->irq && (pdev->irq != IRQ_NOTCONNECTED)) {
 		gdev->info.irq = pdev->irq;
 		gdev->info.irq_flags = IRQF_SHARED;
-- 
2.33.0

On Sat, Mar 04, 2023 at 03:43:16PM +0800, Su Weifeng wrote:
> From: Weifeng Su <suweifeng1@huawei.com>
> 
> The /dev/uioX device has concurrent operations in a few scenarios.

And you just broke that :(

> For example, when a process is operating the uio0 device, someone executes
> like "cat /dev/uio0" command. In this case, the bus master bit is cleared
> unconditionally.

It is cleared when the close happens, not when "cat" runs.

So prevent userspace from doing that with permissions, why must the
kernel enforce this policy you are making?

> As a result, the running program cannot work commands
> or I/Os, which is usually unaware of. This happens after
> 865a11f("uio/uio_pci_generic: Disable bus-mastering on release");

Please always reference commits in the documented way.

> The restriction on the process that uses the PCI device is added. The new
> process can be used only after the process that uses the PCI device exits.
> Otherwise, the system returns a message indicating that the device is busy.

Again, you are changing the functionality of the kernel, are you sure
you did not just now break something else?

thanks,

greg k-h