APPLIED: [SRU][N:linux-bluefield][PATCH v1 0/2] UBUNTU: SAUCE: vfio: Export vfio device get and put registration helpers

Alessio Faina alessio.faina at canonical.com
Fri Apr 17 06:55:34 UTC 2026 

On Thu, Apr 16, 2026 at 03:14:04PM +0300, Stav Aviram wrote:
> BugLink: https://bugs.launchpad.net/bugs/2148554
> 
> SRU Justification:
> 
> [IMPACT]
> A kernel NULL pointer dereference occurs on Nvidia BlueField DPUs running Ubuntu 24.04
> (Noble) with linux-bluefield-6.8. The crash is triggered when closing a dma_buf file
> descriptor associated with a vfio_pci device. The root cause is that
> vfio_pci_dma_buf_release() and vfio_pci_dma_buf_cleanup() call vfio_put_device() to
> release a reference, but the reference was acquired with vfio_device_get(), which uses
> a separate refcount (device->refcount). Using vfio_put_device() incorrectly decrements
> the kobject refcount, triggering a refcount underflow and kernel crash.
> 
> [FIX]
> Two custom patches are submitted:
> - UBUNTU: SAUCE: vfio: Export vfio device get and put registration helpers — exports
>   vfio_device_try_get_registration and vfio_device_put_registration via
>   EXPORT_SYMBOL_GPL in vfio_main.c and adds their declarations to vfio.h, making them
>   available to other VFIO modules.
> - UBUNTU: SAUCE: vfio/pci: Use the correct ref count — fixes
>   vfio_pci_dma_buf_release() and vfio_pci_dma_buf_cleanup() to call
>   vfio_device_put_registration() instead of vfio_put_device(), correctly matching the
>   reference acquisition done via vfio_device_get().
> 
> [TEST CASE]
> Compile tested on linux-bluefield-6.8 on the master-next branch.
> Functionally verified: the NULL pointer dereference no longer reproduces after applying
> the fix.
> 
> [Regression Potential]
> Low. The change corrects an incorrect function call in the release path, and the fix
> has been functionally verified on the affected setup.
> 
> Amir Tzin (1):
>   UBUNTU: SAUCE: vfio/pci: Use the correct ref count
> 
> Vivek Kasireddy (1):
>   UBUNTU: SAUCE: vfio: Export vfio device get and put registration
>     helpers
> 
>  drivers/vfio/pci/dma_buf.c | 4 ++--
>  drivers/vfio/vfio_main.c   | 2 ++
>  include/linux/vfio.h       | 2 ++
>  3 files changed, 6 insertions(+), 2 deletions(-)
> 
> -- 
> 2.38.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Applied to n:linux-bluefield 

Thanks!
- Alessio Faina

More information about the kernel-team mailing list