ACK: [SRU][N:linux-bluefield][PATCH v1 0/2] UBUNTU: SAUCE: vfio: Export vfio device get and put registration helpers

Edoardo Canepa edoardo.canepa at canonical.com
Thu Apr 16 13:43:57 UTC 2026 

Acked-by: Edoardo Canepa <edoardo.canepa at canonical.com>

On 4/16/26 14:14, Stav Aviram wrote:
> BugLink: https://bugs.launchpad.net/bugs/2148554
>
> SRU Justification:
>
> [IMPACT]
> A kernel NULL pointer dereference occurs on Nvidia BlueField DPUs running Ubuntu 24.04
> (Noble) with linux-bluefield-6.8. The crash is triggered when closing a dma_buf file
> descriptor associated with a vfio_pci device. The root cause is that
> vfio_pci_dma_buf_release() and vfio_pci_dma_buf_cleanup() call vfio_put_device() to
> release a reference, but the reference was acquired with vfio_device_get(), which uses
> a separate refcount (device->refcount). Using vfio_put_device() incorrectly decrements
> the kobject refcount, triggering a refcount underflow and kernel crash.
>
> [FIX]
> Two custom patches are submitted:
> - UBUNTU: SAUCE: vfio: Export vfio device get and put registration helpers — exports
>    vfio_device_try_get_registration and vfio_device_put_registration via
>    EXPORT_SYMBOL_GPL in vfio_main.c and adds their declarations to vfio.h, making them
>    available to other VFIO modules.
> - UBUNTU: SAUCE: vfio/pci: Use the correct ref count — fixes
>    vfio_pci_dma_buf_release() and vfio_pci_dma_buf_cleanup() to call
>    vfio_device_put_registration() instead of vfio_put_device(), correctly matching the
>    reference acquisition done via vfio_device_get().
>
> [TEST CASE]
> Compile tested on linux-bluefield-6.8 on the master-next branch.
> Functionally verified: the NULL pointer dereference no longer reproduces after applying
> the fix.
>
> [Regression Potential]
> Low. The change corrects an incorrect function call in the release path, and the fix
> has been functionally verified on the affected setup.
>
> Amir Tzin (1):
>    UBUNTU: SAUCE: vfio/pci: Use the correct ref count
>
> Vivek Kasireddy (1):
>    UBUNTU: SAUCE: vfio: Export vfio device get and put registration
>      helpers
>
>   drivers/vfio/pci/dma_buf.c | 4 ++--
>   drivers/vfio/vfio_main.c   | 2 ++
>   include/linux/vfio.h       | 2 ++
>   3 files changed, 6 insertions(+), 2 deletions(-)
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x20F88172E14F6784.asc
Type: application/pgp-keys
Size: 3167 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260416/25a937e2/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260416/25a937e2/attachment.sig>

More information about the kernel-team mailing list