From nobody Sat Feb  7 15:40:34 2026
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 48856183CCB;
	Thu, 22 Aug 2024 11:09:31 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=13.77.154.182
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1724324972; cv=none;
 b=FAphtVmSdcEr3BUw1CymuIbj/JU8sAwvXkWQwxggU4WSrjRPn5cQhnxUd/B02QZK12HjERKpdKhz1XlCWvfgHZLhLbaefsasybtbBpzSnlPvH6YxwUWmNJCn2XYjl5zAVdRHxjP/QRrLNWQGh5wsK8JieHZBftIj2IpyRAYDwzI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1724324972; c=relaxed/simple;
	bh=aWww33SGyshCww31ZYjn1FdoQIdulYU7ah1T9dhj3/A=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=JnWCw34SfY680wYwxCH4BxISvG3DqTgxFkWYNmARevRcRSLahP5t3v3UyDFkIKOEVxilzvhqqmr+I6lHM3zzNAzDTxbntfnK2nKXm7aajQPVeEPgAwHN8OZHqU5TBcIARIP4zuONyegQokFBn1DvyTu+BTP2pmbotjDgL5WO4T8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.microsoft.com;
 spf=pass smtp.mailfrom=linux.microsoft.com;
 dkim=pass (1024-bit key) header.d=linux.microsoft.com
 header.i=@linux.microsoft.com header.b=ZxAZ48QA;
 arc=none smtp.client-ip=13.77.154.182
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.microsoft.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linux.microsoft.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux.microsoft.com
 header.i=@linux.microsoft.com header.b="ZxAZ48QA"
Received: from namjain-Virtual-Machine.mshome.net (unknown [167.220.238.141])
	by linux.microsoft.com (Postfix) with ESMTPSA id C7C9820B7127;
	Thu, 22 Aug 2024 04:09:22 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com C7C9820B7127
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
	s=default; t=1724324965;
	bh=WzoWiQTMLIDQsHZ0QPN035MdRK7BLJ1MDbjZBC5wdIE=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ZxAZ48QAXcdxF0HPHeynI9agHAQ4a9mwHbfiTdXE197vxE4iFk4Cw6z2oVdmUCGub
	 G+P+OXWsmpsb4xMD5Huwwjk1wmaTepcdN0+M2CeF4r+BFObj34+xzbfUH0AyvIx25r
	 wfLDFBBbj/ON6fJm1r59l8R4wuJX4DLamgNbx5cE=
From: Naman Jain <namjain@linux.microsoft.com>
To: "K . Y . Srinivasan" <kys@microsoft.com>,
	Haiyang Zhang <haiyangz@microsoft.com>,
	Wei Liu <wei.liu@kernel.org>,
	Dexuan Cui <decui@microsoft.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Stephen Hemminger <stephen@networkplumber.org>
Cc: linux-hyperv@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Saurabh Sengar <ssengar@linux.microsoft.com>,
	Naman Jain <namjain@linux.microsoft.com>
Subject: [PATCH 1/2] uio_hv_generic: Fix kernel NULL pointer dereference in
 hv_uio_rescind
Date: Thu, 22 Aug 2024 16:39:11 +0530
Message-Id: <20240822110912.13735-2-namjain@linux.microsoft.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240822110912.13735-1-namjain@linux.microsoft.com>
References: <20240822110912.13735-1-namjain@linux.microsoft.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Saurabh Sengar <ssengar@linux.microsoft.com>

For primary VMBus channels primary_channel pointer is always NULL. This
pointer is valid only for the secondry channels.

Fix NULL pointer dereference by retrieving the device_obj from the parent
in the absence of a valid primary_channel pointer.

Fixes: ca3cda6fcf1e ("uio_hv_generic: add rescind support")
Signed-off-by: Saurabh Sengar <ssengar@linux.microsoft.com>
Signed-off-by: Naman Jain <namjain@linux.microsoft.com>
---
 drivers/uio/uio_hv_generic.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c
index b45653752301..c99890c16d29 100644
--- a/drivers/uio/uio_hv_generic.c
+++ b/drivers/uio/uio_hv_generic.c
@@ -109,7 +109,8 @@ static void hv_uio_channel_cb(void *context)
  */
 static void hv_uio_rescind(struct vmbus_channel *channel)
 {
-	struct hv_device *hv_dev =3D channel->primary_channel->device_obj;
+	struct hv_device *hv_dev =3D channel->primary_channel ?
+				   channel->primary_channel->device_obj : channel->device_obj;
 	struct hv_uio_private_data *pdata =3D hv_get_drvdata(hv_dev);
=20
 	/*
--=20
2.34.1
From nobody Sat Feb  7 15:40:34 2026
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 1864B17C7C1;
	Thu, 22 Aug 2024 11:09:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=13.77.154.182
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1724324970; cv=none;
 b=McKZeEjzkl4cUG4NLcBWjX5HX9YUFPzsFThlrcBd/YwyTz1zuSksbWqjpsvxg1j59zQC1ZMPs/S4hLQaRAeGWlvn0qcYsmnLoR0Ffw48YA+oKlbGVHJ2Fzr6qPBCAV5rlQhCkBhZRxahWmqTHpc3B/UmZsPcfX4f+ECLyqosg6o=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1724324970; c=relaxed/simple;
	bh=XYyx2Zhilje759kmJ/0m5vPjTaBs9TyC4cnRsuE2nn8=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=N/q8+wBiNZ3x0lJ6FC2w/D962U8kSxpZVbgLQqfE+9bcRjTQAAJp7pVrgp52s4r6n1zzwTI1eMPu8DsG5WD6vqSMD008+vGxT+oNkM9F2pmKydEpms5XEFR/1AXEz3YtenDCi6zXjOqeeSqBaOXnLc5O3ea04CBSKgUFN5UPOqE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.microsoft.com;
 spf=pass smtp.mailfrom=linux.microsoft.com;
 dkim=pass (1024-bit key) header.d=linux.microsoft.com
 header.i=@linux.microsoft.com header.b=JMPNcONo;
 arc=none smtp.client-ip=13.77.154.182
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.microsoft.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linux.microsoft.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux.microsoft.com
 header.i=@linux.microsoft.com header.b="JMPNcONo"
Received: from namjain-Virtual-Machine.mshome.net (unknown [167.220.238.141])
	by linux.microsoft.com (Postfix) with ESMTPSA id 10AE420B712C;
	Thu, 22 Aug 2024 04:09:25 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 10AE420B712C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
	s=default; t=1724324968;
	bh=9xsXr4nxiccxyjCDNqEYAMRuj7s+uFEXt6/g/gSu1iQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=JMPNcONo24HJkAcf14guWm6Nn02xeaJUd2bQcFLRK9ftuNC+buMMFrI9cMHVASAFG
	 5Ac4iPXAdqPq3sqLJl8zpTQa2zhIFK6Dwy8fpmm5LVyBahyYQVRXeS7O1zytbCnbeQ
	 XvVgrqIToWCoWDcK2rYvP+vySFivZnqsProT07Bg=
From: Naman Jain <namjain@linux.microsoft.com>
To: "K . Y . Srinivasan" <kys@microsoft.com>,
	Haiyang Zhang <haiyangz@microsoft.com>,
	Wei Liu <wei.liu@kernel.org>,
	Dexuan Cui <decui@microsoft.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Stephen Hemminger <stephen@networkplumber.org>
Cc: linux-hyperv@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Saurabh Sengar <ssengar@linux.microsoft.com>,
	Naman Jain <namjain@linux.microsoft.com>
Subject: [PATCH 2/2] Drivers: hv: vmbus: Fix rescind handling in
 uio_hv_generic
Date: Thu, 22 Aug 2024 16:39:12 +0530
Message-Id: <20240822110912.13735-3-namjain@linux.microsoft.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240822110912.13735-1-namjain@linux.microsoft.com>
References: <20240822110912.13735-1-namjain@linux.microsoft.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Rescind offer handling relies on rescind callbacks for some of the
resources cleanup, if they are registered. It does not unregister
vmbus device for the primary channel closure, when callback is
registered.
Add logic to unregister vmbus for the primary channel in rescind callback
to ensure channel removal and relid release, and to ensure rescind flag
is false when driver probe happens again.

Fixes: ca3cda6fcf1e ("uio_hv_generic: add rescind support")
Signed-off-by: Naman Jain <namjain@linux.microsoft.com>
---
 drivers/hv/vmbus_drv.c       | 1 +
 drivers/uio/uio_hv_generic.c | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
index c857dc3975be..4bae382a3eb4 100644
--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -1952,6 +1952,7 @@ void vmbus_device_unregister(struct hv_device *device=
_obj)
 	 */
 	device_unregister(&device_obj->device);
 }
+EXPORT_SYMBOL_GPL(vmbus_device_unregister);
=20
 #ifdef CONFIG_ACPI
 /*
diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c
index c99890c16d29..ea26c0b460d6 100644
--- a/drivers/uio/uio_hv_generic.c
+++ b/drivers/uio/uio_hv_generic.c
@@ -121,6 +121,13 @@ static void hv_uio_rescind(struct vmbus_channel *chann=
el)
=20
 	/* Wake up reader */
 	uio_event_notify(&pdata->info);
+
+	/*
+	 * With rescind callback registered, rescind path will not unregister the=
 device
+	 * when the primary channel is rescinded. Without it, next onoffer msg do=
es not come.
+	 */
+	if (!channel->primary_channel)
+		vmbus_device_unregister(channel->device_obj);
 }
=20
 /* Sysfs API to allow mmap of the ring buffers
--=20
2.34.1