From e1bf0f2ac949559a0b0720eaee252ae451e61acd Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Sat, 27 Jul 2024 17:03:06 +0100 Subject: [PATCH 1/5] vfio/pci: Remove unused struct 'vfio_pci_mmap_vma' 'vfio_pci_mmap_vma' has been unused since commit aac6db75a9fc ("vfio/pci: Use unmap_mapping_range()") Remove it. Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Jason Gunthorpe Reviewed-by: Kevin Tian Link: https://lore.kernel.org/r/20240727160307.1000476-1-linux@treblig.org Signed-off-by: Alex Williamson --- drivers/vfio/pci/vfio_pci_core.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c index ba0ce0075b2f..2127b82d301a 100644 --- a/drivers/vfio/pci/vfio_pci_core.c +++ b/drivers/vfio/pci/vfio_pci_core.c @@ -57,11 +57,6 @@ struct vfio_pci_vf_token { int users; }; -struct vfio_pci_mmap_vma { - struct vm_area_struct *vma; - struct list_head vma_next; -}; - static inline bool vfio_vga_disabled(void) { #ifdef CONFIG_VFIO_PCI_VGA From a7aaa65f9c46b82051af490c93bc6398f11b94ce Mon Sep 17 00:00:00 2001 From: Yue Haibing Date: Tue, 30 Jul 2024 22:11:33 +0800 Subject: [PATCH 2/5] vfio/fsl-mc: Remove unused variable 'hwirq' Commit 7447d911af69 ("vfio/fsl-mc: Block calling interrupt handler without trigger") left this variable unused, so remove it. Signed-off-by: Yue Haibing Link: https://lore.kernel.org/r/20240730141133.525771-1-yuehaibing@huawei.com Signed-off-by: Alex Williamson --- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c b/drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c index 82b2afa9b7e3..7e7988c4258f 100644 --- a/drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c +++ b/drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c @@ -108,10 +108,10 @@ static int vfio_fsl_mc_set_irq_trigger(struct vfio_fsl_mc_device *vdev, void *data) { struct fsl_mc_device *mc_dev = vdev->mc_dev; - int ret, hwirq; struct vfio_fsl_mc_irq *irq; struct device *cont_dev = fsl_mc_cont_dev(&mc_dev->dev); struct fsl_mc_device *mc_cont = to_fsl_mc_device(cont_dev); + int ret; if (!count && (flags & VFIO_IRQ_SET_DATA_NONE)) return vfio_set_trigger(vdev, index, -1); @@ -136,8 +136,6 @@ static int vfio_fsl_mc_set_irq_trigger(struct vfio_fsl_mc_device *vdev, return vfio_set_trigger(vdev, index, fd); } - hwirq = vdev->mc_dev->irqs[index]->virq; - irq = &vdev->mc_irqs[index]; if (flags & VFIO_IRQ_SET_DATA_NONE) { From 7555c7d2cfc471144bc356e4a7c4a1d8733567a7 Mon Sep 17 00:00:00 2001 From: Zhang Zekun Date: Mon, 12 Aug 2024 20:08:23 +0800 Subject: [PATCH 3/5] vfio: mdev: Remove unused function declarations The definition of mdev_bus_register() and mdev_bus_unregister() have been removed since commit 6c7f98b334a3 ("vfio/mdev: Remove vfio_mdev.c"). So, let's remove the unused declarations. Signed-off-by: Zhang Zekun Reviewed-by: Jason Gunthorpe Reviewed-by: Kevin Tian Link: https://lore.kernel.org/r/20240812120823.10968-1-zhangzekun11@huawei.com Signed-off-by: Alex Williamson --- drivers/vfio/mdev/mdev_private.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/vfio/mdev/mdev_private.h b/drivers/vfio/mdev/mdev_private.h index 63a1316b08b7..5f61acd0fe42 100644 --- a/drivers/vfio/mdev/mdev_private.h +++ b/drivers/vfio/mdev/mdev_private.h @@ -10,9 +10,6 @@ #ifndef MDEV_PRIVATE_H #define MDEV_PRIVATE_H -int mdev_bus_register(void); -void mdev_bus_unregister(void); - extern const struct bus_type mdev_bus_type; extern const struct attribute_group *mdev_device_groups[]; From 27a8204b26ac009e47e0bcde4cd24ff69d96fccf Mon Sep 17 00:00:00 2001 From: Hongbo Li Date: Wed, 4 Sep 2024 09:18:37 +0800 Subject: [PATCH 4/5] vfio/mdev: Constify struct kobj_type This 'struct kobj_type' is not modified. It is only used in kobject_init_and_add() which takes a 'const struct kobj_type *ktype' parameter. Constifying this structure and moving it to a read-only section, and this can increase over all security. ``` [Before] text data bss dec hex filename 2372 600 0 2972 b9c drivers/vfio/mdev/mdev_sysfs.o [After] text data bss dec hex filename 2436 568 0 3004 bbc drivers/vfio/mdev/mdev_sysfs.o ``` Signed-off-by: Hongbo Li Reviewed-by: Jason Gunthorpe Link: https://lore.kernel.org/r/20240904011837.2010444-1-lihongbo22@huawei.com Signed-off-by: Alex Williamson --- drivers/vfio/mdev/mdev_sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/vfio/mdev/mdev_sysfs.c b/drivers/vfio/mdev/mdev_sysfs.c index 9d2738e10c0b..e44bb44c581e 100644 --- a/drivers/vfio/mdev/mdev_sysfs.c +++ b/drivers/vfio/mdev/mdev_sysfs.c @@ -160,7 +160,7 @@ static void mdev_type_release(struct kobject *kobj) put_device(type->parent->dev); } -static struct kobj_type mdev_type_ktype = { +static const struct kobj_type mdev_type_ktype = { .sysfs_ops = &mdev_type_sysfs_ops, .release = mdev_type_release, .default_groups = mdev_type_groups, From aab439ffa1ca1067c0114773d4044828fab582af Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 12 Sep 2024 11:49:10 +0300 Subject: [PATCH 5/5] vfio/pci: clean up a type in vfio_pci_ioctl_pci_hot_reset_groups() The "array_count" value comes from the copy_from_user() in vfio_pci_ioctl_pci_hot_reset(). If the user passes a value larger than INT_MAX then we'll pass a negative value to kcalloc() which triggers an allocation failure and a stack trace. It's better to make the type unsigned so that if (array_count > count) returns -EINVAL instead. Signed-off-by: Dan Carpenter Reviewed-by: Jason Gunthorpe Link: https://lore.kernel.org/r/262ada03-d848-4369-9c37-81edeeed2da2@stanley.mountain Signed-off-by: Alex Williamson --- drivers/vfio/pci/vfio_pci_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c index 2127b82d301a..8343f802cf93 100644 --- a/drivers/vfio/pci/vfio_pci_core.c +++ b/drivers/vfio/pci/vfio_pci_core.c @@ -1323,7 +1323,7 @@ static int vfio_pci_ioctl_get_pci_hot_reset_info( static int vfio_pci_ioctl_pci_hot_reset_groups(struct vfio_pci_core_device *vdev, - int array_count, bool slot, + u32 array_count, bool slot, struct vfio_pci_hot_reset __user *arg) { int32_t *group_fds;