Re: [PATCH V3 05/10] vfio: Allow null group for noiommu without containers

Next message: Jeff Johnson: "[PATCH ath-next 0/2] wifi: ath12k: Consistently name struct ath12k_base pointers"
Previous message: Lorenzo Stoakes: "Re: [RFC] mm: stress-ng --mremap triggers severe lruvec lock contention in populate/unmap paths"
Next in thread: Jacob Pan: "Re: [PATCH V3 05/10] vfio: Allow null group for noiommu without containers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Thu Apr 09 2026 - 14:44:26 EST

On Thu, Apr 02, 2026 at 10:11:41PM -0700, Jacob Pan wrote:

> @@ -598,6 +604,14 @@ static struct vfio_group *vfio_noiommu_group_alloc(struct device *dev,
> struct vfio_group *group;
> int ret;
>
> + /*
> + * With noiommu enabled under cdev interface only, there is no need to
> + * create a vfio_group if the group based containers are not enabled.
> + * The cdev interface is exclusively used for iommufd.
> + */
> + if (vfio_null_group_allowed())
> + return NULL;

Sashiko wondered if this causes a null pointer deref without pointing
at a specific case. Claude found a case:

@@ -696,6 +696,9 @@ void vfio_device_remove_group(struct vfio_device *device)
struct vfio_group *group = device->group;
struct iommu_group *iommu_group;

+ if (!group)
+ return;
+
if (group->type == VFIO_NO_IOMMU || group->type == VFIO_EMULATED_IOMMU)
iommu_group_remove_device(device->dev);

Happens during error unwind in __vfio_register_dev()

It also points out that the hunks are weirdly split between this patch
and "vfio: Enable cdev noiommu mode under iommufd" so that things are
broken at this point.

I think you should pull the vfio_device_has_group() and related into
this patch.

Jason