1. Patchew
  2. linux
  3. [PATCH 0/6] PCI: endpoint/NTB: Harden vNTB resource management
  4. View patch

[PATCH 3/6] PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown

Koichiro Den posted 6 patches 3 months, 2 weeks ago
There is a newer version of this series
[PATCH 3/6] PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
Posted by Koichiro Den 3 months, 2 weeks ago 
epf_ntb_epc_destroy() duplicates the teardown that the caller is
supposed to perform later. This leads to an oops when .allow_link fails
or when .drop_link is performed. The following is an example oops of the
former case:

  Unable to handle kernel paging request at virtual address dead000000000108
  [...]
  [dead000000000108] address between user and kernel address ranges
  Internal error: Oops: 0000000096000044 [#1]  SMP
  [...]
  Call trace:
   pci_epc_remove_epf+0x78/0xe0 (P)
   pci_primary_epc_epf_link+0x88/0xa8
   configfs_symlink+0x1f4/0x5a0
   vfs_symlink+0x134/0x1d8
   do_symlinkat+0x88/0x138
   __arm64_sys_symlinkat+0x74/0xe0
  [...]

Remove the helper, and drop pci_epc_put(). EPC device refcounting is
tied to the configfs EPC group lifetime, and pci_epc_put() in the
.drop_link path is sufficient.

Cc: <stable@vger.kernel.org>
Fixes: e35f56bb0330 ("PCI: endpoint: Support NTB transfer between RC and EP")
Signed-off-by: Koichiro Den <den@valinux.co.jp>
---
 drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

diff --git a/drivers/pci/endpoint/functions/pci-epf-vntb.c b/drivers/pci/endpoint/functions/pci-epf-vntb.c
index 83e9ab10f9c4..49ce5d4b0ee5 100644
--- a/drivers/pci/endpoint/functions/pci-epf-vntb.c
+++ b/drivers/pci/endpoint/functions/pci-epf-vntb.c
@@ -644,19 +644,6 @@ static void epf_ntb_mw_bar_clear(struct epf_ntb *ntb, int num_mws)
 	}
 }
 
-/**
- * epf_ntb_epc_destroy() - Cleanup NTB EPC interface
- * @ntb: NTB device that facilitates communication between HOST and VHOST
- *
- * Wrapper for epf_ntb_epc_destroy_interface() to cleanup all the NTB interfaces
- */
-static void epf_ntb_epc_destroy(struct epf_ntb *ntb)
-{
-	pci_epc_remove_epf(ntb->epf->epc, ntb->epf, 0);
-	pci_epc_put(ntb->epf->epc);
-}
-
-
 /**
  * epf_ntb_is_bar_used() - Check if a bar is used in the ntb configuration
  * @ntb: NTB device that facilitates communication between HOST and VHOST
@@ -1406,7 +1393,7 @@ static int epf_ntb_bind(struct pci_epf *epf)
 	ret = epf_ntb_init_epc_bar(ntb);
 	if (ret) {
 		dev_err(dev, "Failed to create NTB EPC\n");
-		goto err_bar_init;
+		return ret;
 	}
 
 	ret = epf_ntb_config_spad_bar_alloc(ntb);
@@ -1446,9 +1433,6 @@ static int epf_ntb_bind(struct pci_epf *epf)
 err_bar_alloc:
 	epf_ntb_config_spad_bar_free(ntb);
 
-err_bar_init:
-	epf_ntb_epc_destroy(ntb);
-
 	return ret;
 }
 
@@ -1464,7 +1448,6 @@ static void epf_ntb_unbind(struct pci_epf *epf)
 
 	epf_ntb_epc_cleanup(ntb);
 	epf_ntb_config_spad_bar_free(ntb);
-	epf_ntb_epc_destroy(ntb);
 
 	pci_unregister_driver(&vntb_pci_driver);
 }
-- 
2.48.1
Re: [PATCH 3/6] PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
Posted by Frank Li 3 months, 2 weeks ago 
On Thu, Oct 23, 2025 at 04:17:54PM +0900, Koichiro Den wrote:
> epf_ntb_epc_destroy() duplicates the teardown that the caller is
> supposed to perform later. This leads to an oops when .allow_link fails
> or when .drop_link is performed. The following is an example oops of the
> former case:
>
>   Unable to handle kernel paging request at virtual address dead000000000108
>   [...]
>   [dead000000000108] address between user and kernel address ranges
>   Internal error: Oops: 0000000096000044 [#1]  SMP
>   [...]
>   Call trace:
>    pci_epc_remove_epf+0x78/0xe0 (P)
>    pci_primary_epc_epf_link+0x88/0xa8
>    configfs_symlink+0x1f4/0x5a0
>    vfs_symlink+0x134/0x1d8
>    do_symlinkat+0x88/0x138
>    __arm64_sys_symlinkat+0x74/0xe0
>   [...]
>
> Remove the helper, and drop pci_epc_put(). EPC device refcounting is
> tied to the configfs EPC group lifetime, and pci_epc_put() in the
> .drop_link path is sufficient.
>
> Cc: <stable@vger.kernel.org>
> Fixes: e35f56bb0330 ("PCI: endpoint: Support NTB transfer between RC and EP")
> Signed-off-by: Koichiro Den <den@valinux.co.jp>

Reviewed-by: Frank Li <Frank.Li@nxp.com>


> ---
>  drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 +------------------
>  1 file changed, 1 insertion(+), 18 deletions(-)
>
> diff --git a/drivers/pci/endpoint/functions/pci-epf-vntb.c b/drivers/pci/endpoint/functions/pci-epf-vntb.c
> index 83e9ab10f9c4..49ce5d4b0ee5 100644
> --- a/drivers/pci/endpoint/functions/pci-epf-vntb.c
> +++ b/drivers/pci/endpoint/functions/pci-epf-vntb.c
> @@ -644,19 +644,6 @@ static void epf_ntb_mw_bar_clear(struct epf_ntb *ntb, int num_mws)
>  	}
>  }
>
> -/**
> - * epf_ntb_epc_destroy() - Cleanup NTB EPC interface
> - * @ntb: NTB device that facilitates communication between HOST and VHOST
> - *
> - * Wrapper for epf_ntb_epc_destroy_interface() to cleanup all the NTB interfaces
> - */
> -static void epf_ntb_epc_destroy(struct epf_ntb *ntb)
> -{
> -	pci_epc_remove_epf(ntb->epf->epc, ntb->epf, 0);
> -	pci_epc_put(ntb->epf->epc);
> -}
> -
> -
>  /**
>   * epf_ntb_is_bar_used() - Check if a bar is used in the ntb configuration
>   * @ntb: NTB device that facilitates communication between HOST and VHOST
> @@ -1406,7 +1393,7 @@ static int epf_ntb_bind(struct pci_epf *epf)
>  	ret = epf_ntb_init_epc_bar(ntb);
>  	if (ret) {
>  		dev_err(dev, "Failed to create NTB EPC\n");
> -		goto err_bar_init;
> +		return ret;
>  	}
>
>  	ret = epf_ntb_config_spad_bar_alloc(ntb);
> @@ -1446,9 +1433,6 @@ static int epf_ntb_bind(struct pci_epf *epf)
>  err_bar_alloc:
>  	epf_ntb_config_spad_bar_free(ntb);
>
> -err_bar_init:
> -	epf_ntb_epc_destroy(ntb);
> -
>  	return ret;
>  }
>
> @@ -1464,7 +1448,6 @@ static void epf_ntb_unbind(struct pci_epf *epf)
>
>  	epf_ntb_epc_cleanup(ntb);
>  	epf_ntb_config_spad_bar_free(ntb);
> -	epf_ntb_epc_destroy(ntb);
>
>  	pci_unregister_driver(&vntb_pci_driver);
>  }
> --
> 2.48.1
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.