From nobody Sun Feb 8 03:27:13 2026 Received: from canpmsgout12.his.huawei.com (canpmsgout12.his.huawei.com [113.46.200.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2AFF12ED15D; Tue, 11 Nov 2025 09:35:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=113.46.200.227 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762853744; cv=none; b=tLT0THDMntl1bAXUtko7ALFej2OMMLHWibxmxop1minURcjYe+m8/kA6WNvz9+frr2KrXVK+c9DCiD0j7caQ+fzmUmhSLUE3DZsbuStJQs+YQ1YnpDmKp6gvN//ryrY2moQoAmpIgA1wmMT4x1Z6uXHnH1fx7viP9e1OVMczcBw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762853744; c=relaxed/simple; bh=Z4cdmi4kqXnOSwXLCyG4Itbs8FaoacnhcbELdkxwR+Y=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qwiELMbQwmvTb2a1j1XAlt7NZCau2tZQolx6KAbjdjXtq0OuJTp/SVOS7K6itMNF8gU/nFEtKWu2Ac1b8DTuxOaXlXiSGamJDMELT0d/LeK0MdMD39ecvt4PCQRRpdfP7qJh8KPIpZ2qLfDPoFjFf8S9oM6J1u3lI3IP6nAKR98= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b=6vRXkGiH; arc=none smtp.client-ip=113.46.200.227 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b="6vRXkGiH" dkim-signature: v=1; a=rsa-sha256; d=huawei.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From; bh=0gCgDTkG6bOBOK3D/rcqLaUz6n4lIGyHqyyujkY3roI=; b=6vRXkGiHJEykuaL1kGCAdKOhDcf874Elw9SoKoSahBdMLXzsVJoJyMWJcRW9b+sY8MJtnybbg rz9x8g0j0wWmWF0ioKyhA/R3MqGWpXsfrkgB3wdkM5vGwRlbwNsxIrxr8/YOnLAfJFr2iFWloCi 3eyzmDbyq7MnpHKPnH6A/6o= Received: from mail.maildlp.com (unknown [172.19.163.44]) by canpmsgout12.his.huawei.com (SkyGuard) with ESMTPS id 4d5Lvf2VRNznTZF; Tue, 11 Nov 2025 17:34:06 +0800 (CST) Received: from dggemv706-chm.china.huawei.com (unknown [10.3.19.33]) by mail.maildlp.com (Postfix) with ESMTPS id 602FE140158; Tue, 11 Nov 2025 17:35:38 +0800 (CST) Received: from kwepemq200001.china.huawei.com (7.202.195.16) by dggemv706-chm.china.huawei.com (10.3.19.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 11 Nov 2025 17:35:38 +0800 Received: from localhost.huawei.com (10.90.31.46) by kwepemq200001.china.huawei.com (7.202.195.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 11 Nov 2025 17:35:37 +0800 From: Chenghai Huang To: , , CC: , , , , , , Subject: [PATCH v5 1/4] uacce: fix cdev handling in register and remove paths Date: Tue, 11 Nov 2025 17:35:33 +0800 Message-ID: <20251111093536.3729-2-huangchenghai2@huawei.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20251111093536.3729-1-huangchenghai2@huawei.com> References: <20251111093536.3729-1-huangchenghai2@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: kwepems500002.china.huawei.com (7.221.188.17) To kwepemq200001.china.huawei.com (7.202.195.16) Content-Type: text/plain; charset="utf-8" From: Wenkai Lin This patch addresses a potential issue in the uacce driver where the cdev was not properly managed during error handling and cleanup paths. Changes made: 1. In uacce_register(), store the return value of cdev_device_add() and clear the cdev owner as a flag if registration fails. 2. In uacce_remove(), add additional check for cdev owner before calling cdev_device_del() to prevent potential issues. Fixes: 015d239ac014 ("uacce: add uacce driver") Cc: stable@vger.kernel.org Signed-off-by: Wenkai Lin Signed-off-by: Chenghai Huang --- drivers/misc/uacce/uacce.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/misc/uacce/uacce.c b/drivers/misc/uacce/uacce.c index 42e7d2a2a90c..688050c35d88 100644 --- a/drivers/misc/uacce/uacce.c +++ b/drivers/misc/uacce/uacce.c @@ -519,6 +519,8 @@ EXPORT_SYMBOL_GPL(uacce_alloc); */ int uacce_register(struct uacce_device *uacce) { + int ret; + if (!uacce) return -ENODEV; =20 @@ -529,7 +531,11 @@ int uacce_register(struct uacce_device *uacce) uacce->cdev->ops =3D &uacce_fops; uacce->cdev->owner =3D THIS_MODULE; =20 - return cdev_device_add(uacce->cdev, &uacce->dev); + ret =3D cdev_device_add(uacce->cdev, &uacce->dev); + if (ret) + uacce->cdev->owner =3D NULL; + + return ret; } EXPORT_SYMBOL_GPL(uacce_register); =20 @@ -568,7 +574,7 @@ void uacce_remove(struct uacce_device *uacce) unmap_mapping_range(q->mapping, 0, 0, 1); } =20 - if (uacce->cdev) + if (uacce->cdev && uacce->cdev->owner) cdev_device_del(uacce->cdev, &uacce->dev); xa_erase(&uacce_xa, uacce->dev_id); /* --=20 2.33.0 From nobody Sun Feb 8 03:27:13 2026 Received: from canpmsgout06.his.huawei.com (canpmsgout06.his.huawei.com [113.46.200.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 96FB32367D5; Tue, 11 Nov 2025 09:35:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=113.46.200.221 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762853744; cv=none; b=k2jlff67hQlEu2AnBOwkgyfpyH/gCbP++f+sJ3Y520tndsvuJvdZt3o8jENSMmCqwRbopceq44mFxXl/tuk0P0Xmr02fqU27+g9frwRTylCW5CY921ofpFCaT3qY09iOxaLDHJTacqL08DXf4E6zVIGqhrVExqHQlz1cuAfXmvc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762853744; c=relaxed/simple; bh=5AI/piut+WFoihOlBkm0FvES+FMSfwHi0GXje6ubS/E=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=cNf8TPeYPTLCjhF47KMflPFb6eq4KowzlX3JNN3FXNZ062bsbtTtljZgmEA7lAngxGzE2N3AXnlUtVEPPR+MCi+sXpspSRyNPQW+SPkOLKd0u+D1FNJkDHn6WCuoPwXrfgxb4ewLRNs4FHNbUcmYnUKALoAoxg87yViOab0XkNI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b=g2rICyYG; arc=none smtp.client-ip=113.46.200.221 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b="g2rICyYG" dkim-signature: v=1; a=rsa-sha256; d=huawei.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From; bh=PHarLjZzOHZRKUIH+D7ZcBsW2Ul6UQ+BgUzGUpkAbQk=; b=g2rICyYGm8DcDJhyoYjvPuYwFxvNx4BVjqHTLfYv56Jl7jfwNgRO+lncjdsulG54h71BY5x4r Jn2ba/81HlozS3zt1AbigfCMmFYkiLFlcbyBc96cNcRqgREovNE6be/FnGKIyWYh/amIA5yEEo4 dSA18tbwZX7JpmTlmYtycHo= Received: from mail.maildlp.com (unknown [172.19.163.174]) by canpmsgout06.his.huawei.com (SkyGuard) with ESMTPS id 4d5LvX2kcTzRhR5; Tue, 11 Nov 2025 17:34:00 +0800 (CST) Received: from dggemv712-chm.china.huawei.com (unknown [10.1.198.32]) by mail.maildlp.com (Postfix) with ESMTPS id C397A140203; Tue, 11 Nov 2025 17:35:38 +0800 (CST) Received: from kwepemq200001.china.huawei.com (7.202.195.16) by dggemv712-chm.china.huawei.com (10.1.198.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 11 Nov 2025 17:35:38 +0800 Received: from localhost.huawei.com (10.90.31.46) by kwepemq200001.china.huawei.com (7.202.195.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 11 Nov 2025 17:35:38 +0800 From: Chenghai Huang To: , , CC: , , , , , , Subject: [PATCH v5 2/4] uacce: fix isolate sysfs check condition Date: Tue, 11 Nov 2025 17:35:34 +0800 Message-ID: <20251111093536.3729-3-huangchenghai2@huawei.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20251111093536.3729-1-huangchenghai2@huawei.com> References: <20251111093536.3729-1-huangchenghai2@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: kwepems500002.china.huawei.com (7.221.188.17) To kwepemq200001.china.huawei.com (7.202.195.16) Content-Type: text/plain; charset="utf-8" uacce supports the device isolation feature. If the driver implements the isolate_err_threshold_read and isolate_err_threshold_write callback functions, uacce will create sysfs files now. Users can read and configure the isolation policy through sysfs. Currently, sysfs files are created as long as either isolate_err_threshold_read or isolate_err_threshold_write callback functions are present. However, accessing a non-existent callback function may cause the system to crash. Therefore, intercept the creation of sysfs if neither read nor write exists; create sysfs if either is supported, but intercept unsupported operations at the call site. Fixes: e3e289fbc0b5 ("uacce: supports device isolation feature") Cc: stable@vger.kernel.org Signed-off-by: Chenghai Huang Acked-by: Zhangfei Gao --- drivers/misc/uacce/uacce.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/misc/uacce/uacce.c b/drivers/misc/uacce/uacce.c index 688050c35d88..8a0cb38d9a3d 100644 --- a/drivers/misc/uacce/uacce.c +++ b/drivers/misc/uacce/uacce.c @@ -382,6 +382,9 @@ static ssize_t isolate_strategy_show(struct device *dev= , struct device_attribute struct uacce_device *uacce =3D to_uacce_device(dev); u32 val; =20 + if (!uacce->ops->isolate_err_threshold_read) + return -ENOENT; + val =3D uacce->ops->isolate_err_threshold_read(uacce); =20 return sysfs_emit(buf, "%u\n", val); @@ -394,6 +397,9 @@ static ssize_t isolate_strategy_store(struct device *de= v, struct device_attribut unsigned long val; int ret; =20 + if (!uacce->ops->isolate_err_threshold_write) + return -ENOENT; + if (kstrtoul(buf, 0, &val) < 0) return -EINVAL; =20 --=20 2.33.0 From nobody Sun Feb 8 03:27:13 2026 Received: from canpmsgout08.his.huawei.com (canpmsgout08.his.huawei.com [113.46.200.223]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3A752EBBA8; Tue, 11 Nov 2025 09:35:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=113.46.200.223 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762853744; cv=none; b=Bsz2OdZ9UHNqOFBBIGXh/SvIfoHB0/T2x2Bkw8AFUQdAzfp3NQ4p594IMsAZVkGtzP9EIW79dkZ4pEiP58ASLYw/2sGPpqJmYrM2aNfIpiLKyIb+Mk4X94MKT9H8dgwyNhXqMJQ6cTooKLuCmTX3mmYE6guF2uQP6oGYeTd8/do= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762853744; c=relaxed/simple; bh=E6KJGY2NnOystmBSmxWUXTAFEsWXwwbGyBNkx2M4t88=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nO61yKm83Ovny3gQXFdAPHROg/F5x4aUCsYKteasofFZfKisfhjdVjNfxorsl9gm8fImLNLPF91v4nCTJlbSCAZTEl2son9jf+k+T5T7l65BJDCNg+Naw1KqP1wcSLiB8w5Z+kHdxzJjU0FVzeP8nfVVvJE9yaIa9licGddzQhc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b=Bul3pR2u; arc=none smtp.client-ip=113.46.200.223 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b="Bul3pR2u" dkim-signature: v=1; a=rsa-sha256; d=huawei.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From; bh=tkVAbGmNXJDBO8/rAN7phTaaQOlazIRlRDmypJmRr1w=; b=Bul3pR2uNBCAvUUgkdJM2H7toFEyEj0zzkYaAcRROPsm94Jde/QfocxAVhyccQflnkVEMjRB9 liWCbq3dUs7xAK8AuUF+kHM+vvIfPdSdhKeZK+QASAU9K6/OBPr9YTMlSfTn3Ev5wlojZ2WMSSp 6NUWuo4U/fOgo4ROL9cmmYk= Received: from mail.maildlp.com (unknown [172.19.163.44]) by canpmsgout08.his.huawei.com (SkyGuard) with ESMTPS id 4d5LvX1z6YzmV8L; Tue, 11 Nov 2025 17:34:00 +0800 (CST) Received: from dggemv705-chm.china.huawei.com (unknown [10.3.19.32]) by mail.maildlp.com (Postfix) with ESMTPS id 50D33140158; Tue, 11 Nov 2025 17:35:39 +0800 (CST) Received: from kwepemq200001.china.huawei.com (7.202.195.16) by dggemv705-chm.china.huawei.com (10.3.19.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 11 Nov 2025 17:35:39 +0800 Received: from localhost.huawei.com (10.90.31.46) by kwepemq200001.china.huawei.com (7.202.195.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 11 Nov 2025 17:35:38 +0800 From: Chenghai Huang To: , , CC: , , , , , , Subject: [PATCH v5 3/4] uacce: implement mremap in uacce_vm_ops to return -EPERM Date: Tue, 11 Nov 2025 17:35:35 +0800 Message-ID: <20251111093536.3729-4-huangchenghai2@huawei.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20251111093536.3729-1-huangchenghai2@huawei.com> References: <20251111093536.3729-1-huangchenghai2@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: kwepems500002.china.huawei.com (7.221.188.17) To kwepemq200001.china.huawei.com (7.202.195.16) Content-Type: text/plain; charset="utf-8" From: Yang Shen The current uacce_vm_ops does not support the mremap operation of vm_operations_struct. Implement .mremap to return -EPERM to remind users. The reason we need to explicitly disable mremap is that when the driver does not implement .mremap, it uses the default mremap method. This could lead to a risk scenario: An application might first mmap address p1, then mremap to p2, followed by munmap(p1), and finally munmap(p2). Since the default mremap copies the original vma's vm_private_data (i.e., q) to the new vma, both munmap operations would trigger vma_close, causing q->qfr to be freed twice(qfr will be set to null here, so repeated release is ok). Fixes: 015d239ac014 ("uacce: add uacce driver") Cc: stable@vger.kernel.org Signed-off-by: Yang Shen Signed-off-by: Chenghai Huang Acked-by: Zhangfei Gao --- drivers/misc/uacce/uacce.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/misc/uacce/uacce.c b/drivers/misc/uacce/uacce.c index 8a0cb38d9a3d..f2296fc9fa4e 100644 --- a/drivers/misc/uacce/uacce.c +++ b/drivers/misc/uacce/uacce.c @@ -214,8 +214,14 @@ static void uacce_vma_close(struct vm_area_struct *vma) } } =20 +static int uacce_vma_mremap(struct vm_area_struct *area) +{ + return -EPERM; +} + static const struct vm_operations_struct uacce_vm_ops =3D { .close =3D uacce_vma_close, + .mremap =3D uacce_vma_mremap, }; =20 static int uacce_fops_mmap(struct file *filep, struct vm_area_struct *vma) --=20 2.33.0 From nobody Sun Feb 8 03:27:13 2026 Received: from canpmsgout01.his.huawei.com (canpmsgout01.his.huawei.com [113.46.200.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66A9C2E5B32; Tue, 11 Nov 2025 09:35:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=113.46.200.216 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762853745; cv=none; b=Y+Y8si/+p+ToyBYKKIXSaG4CGKSsyiRnAquJRAZoeeSAIUrOU3qlYMWshwqlE6R5ZgZwlIIY9r5kGOmI2X8CODk23DjpeFhRQKKhwaYPIsw9PXoH717W1IWeDwTERsXaGBsiSdJkcsV/0GX5AqecDgDlC35r155muNc+4T/aB4E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762853745; c=relaxed/simple; bh=pRS0/ToR2XJci2Mz1IExa6qngak9pE4x5uXjjnJbve0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=W5U9u+32tEmGd2vCsCVm5OiapZ+7WlfqowwyWFm+CbMdGlLTPz2zbbeZdXcPjfeAB0RLL+4Q5bHQ7ZjJechCCMvdI30WRzDVpc3XFxL79EWLxvMvZjiZfjMZ5OerTGBjB+Qehkfyci/afCjj4NZcYlsLJW0qqS6a+7psBNG5tos= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b=n1TRk4c+; arc=none smtp.client-ip=113.46.200.216 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b="n1TRk4c+" dkim-signature: v=1; a=rsa-sha256; d=huawei.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From; bh=Zt9tGRSYxg4/oRO8jg5khRYeFcmqi5pdTRdQBn3Z5AU=; b=n1TRk4c+HegIryF1EcWxXFXlJOtuTq9lu+8HOn6rMScq7BUJ5IpARnXWgFKmaShX5L3jbVUO8 3oVrmWIqUCqz0pGT5a4ImvpUwSNHaxccg7Dq/4Nh7aTKgmOQmC2oPTIE6ruDuXbGDxTvMUMojwM SCAgcxkZc6Pw11gWCUzLZlk= Received: from mail.maildlp.com (unknown [172.19.163.48]) by canpmsgout01.his.huawei.com (SkyGuard) with ESMTPS id 4d5Lvs4w8Tz1T4Hd; Tue, 11 Nov 2025 17:34:17 +0800 (CST) Received: from dggemv705-chm.china.huawei.com (unknown [10.3.19.32]) by mail.maildlp.com (Postfix) with ESMTPS id 9A01118007F; Tue, 11 Nov 2025 17:35:39 +0800 (CST) Received: from kwepemq200001.china.huawei.com (7.202.195.16) by dggemv705-chm.china.huawei.com (10.3.19.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 11 Nov 2025 17:35:39 +0800 Received: from localhost.huawei.com (10.90.31.46) by kwepemq200001.china.huawei.com (7.202.195.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 11 Nov 2025 17:35:38 +0800 From: Chenghai Huang To: , , CC: , , , , , , Subject: [PATCH v5 4/4] uacce: ensure safe queue release with state management Date: Tue, 11 Nov 2025 17:35:36 +0800 Message-ID: <20251111093536.3729-5-huangchenghai2@huawei.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20251111093536.3729-1-huangchenghai2@huawei.com> References: <20251111093536.3729-1-huangchenghai2@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: kwepems500002.china.huawei.com (7.221.188.17) To kwepemq200001.china.huawei.com (7.202.195.16) Content-Type: text/plain; charset="utf-8" Directly calling `put_queue` carries risks since it cannot guarantee that resources of `uacce_queue` have been fully released beforehand. So adding a `stop_queue` operation for the UACCE_CMD_PUT_Q command and leaving the `put_queue` operation to the final resource release ensures safety. Queue states are defined as follows: - UACCE_Q_ZOMBIE: Initial state - UACCE_Q_INIT: After opening `uacce` - UACCE_Q_STARTED: After `start` is issued via `ioctl` When executing `poweroff -f` in virt while accelerator are still working, `uacce_fops_release` and `uacce_remove` may execute concurrently. This can cause `uacce_put_queue` within `uacce_fops_release` to access a NULL `ops` pointer. Therefore, add state checks to prevent accessing freed pointers. Fixes: 015d239ac014 ("uacce: add uacce driver") Cc: stable@vger.kernel.org Signed-off-by: Chenghai Huang Signed-off-by: Yang Shen Acked-by: Zhangfei Gao --- drivers/misc/uacce/uacce.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/drivers/misc/uacce/uacce.c b/drivers/misc/uacce/uacce.c index f2296fc9fa4e..e581b977576d 100644 --- a/drivers/misc/uacce/uacce.c +++ b/drivers/misc/uacce/uacce.c @@ -40,20 +40,34 @@ static int uacce_start_queue(struct uacce_queue *q) return 0; } =20 -static int uacce_put_queue(struct uacce_queue *q) +static int uacce_stop_queue(struct uacce_queue *q) { struct uacce_device *uacce =3D q->uacce; =20 - if ((q->state =3D=3D UACCE_Q_STARTED) && uacce->ops->stop_queue) + if (q->state !=3D UACCE_Q_STARTED) + return 0; + + if (uacce->ops->stop_queue) uacce->ops->stop_queue(q); =20 - if ((q->state =3D=3D UACCE_Q_INIT || q->state =3D=3D UACCE_Q_STARTED) && - uacce->ops->put_queue) + q->state =3D UACCE_Q_INIT; + + return 0; +} + +static void uacce_put_queue(struct uacce_queue *q) +{ + struct uacce_device *uacce =3D q->uacce; + + uacce_stop_queue(q); + + if (q->state !=3D UACCE_Q_INIT) + return; + + if (uacce->ops->put_queue) uacce->ops->put_queue(q); =20 q->state =3D UACCE_Q_ZOMBIE; - - return 0; } =20 static long uacce_fops_unl_ioctl(struct file *filep, @@ -80,7 +94,7 @@ static long uacce_fops_unl_ioctl(struct file *filep, ret =3D uacce_start_queue(q); break; case UACCE_CMD_PUT_Q: - ret =3D uacce_put_queue(q); + ret =3D uacce_stop_queue(q); break; default: if (uacce->ops->ioctl) --=20 2.33.0