<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/ntb/hw, branch master</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>Merge tag 'ntb-7.2' of https://github.com/jonmason/ntb</title>
<updated>2026-06-28T14:46:12+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-28T14:46:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0716f9b9338a86dd27796e00ed0fd560c653323a'/>
<id>0716f9b9338a86dd27796e00ed0fd560c653323a</id>
<content type='text'>
Pull NTB updates from Jon Mason:
 "An EPF bug fix to prevent an invalid unmap during device removal,
  along with documentation fixes and minor AMD driver cleanups"

* tag 'ntb-7.2' of https://github.com/jonmason/ntb:
  ntb: amd: Use named initializer for pci_device_id::driver_data
  NTB: fix kernel-doc warnings in ntb.h
  NTB: epf: Avoid pci_iounmap() with offset when PEER_SPAD and CONFIG share BAR
  ntb_hw_amd: Fix incorrect debug message in link disable path
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull NTB updates from Jon Mason:
 "An EPF bug fix to prevent an invalid unmap during device removal,
  along with documentation fixes and minor AMD driver cleanups"

* tag 'ntb-7.2' of https://github.com/jonmason/ntb:
  ntb: amd: Use named initializer for pci_device_id::driver_data
  NTB: fix kernel-doc warnings in ntb.h
  NTB: epf: Avoid pci_iounmap() with offset when PEER_SPAD and CONFIG share BAR
  ntb_hw_amd: Fix incorrect debug message in link disable path
</pre>
</div>
</content>
</entry>
<entry>
<title>ntb: amd: Use named initializer for pci_device_id::driver_data</title>
<updated>2026-06-27T02:18:34+00:00</updated>
<author>
<name>Uwe Kleine-König (The Capable Hub)</name>
<email>u.kleine-koenig@baylibre.com</email>
</author>
<published>2026-05-07T07:41:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d1c3d45f87e89e5c1fa0769a72a48d1ad99106fc'/>
<id>d1c3d45f87e89e5c1fa0769a72a48d1ad99106fc</id>
<content type='text'>
The current list initialisation depends on the well hidden two zeros in
the PCI_VDEVICE macro. Instead use a named initialisation that is more
robust and easier to understand.

Signed-off-by: Uwe Kleine-König (The Capable Hub) &lt;u.kleine-koenig@baylibre.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Signed-off-by: Jon Mason &lt;jdmason@kudzu.us&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The current list initialisation depends on the well hidden two zeros in
the PCI_VDEVICE macro. Instead use a named initialisation that is more
robust and easier to understand.

Signed-off-by: Uwe Kleine-König (The Capable Hub) &lt;u.kleine-koenig@baylibre.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Signed-off-by: Jon Mason &lt;jdmason@kudzu.us&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>NTB: epf: Avoid pci_iounmap() with offset when PEER_SPAD and CONFIG share BAR</title>
<updated>2026-06-27T02:18:21+00:00</updated>
<author>
<name>Koichiro Den</name>
<email>den@valinux.co.jp</email>
</author>
<published>2026-03-04T02:05:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d876153680e3d721d385e554def919bce3d18c74'/>
<id>d876153680e3d721d385e554def919bce3d18c74</id>
<content type='text'>
When BAR_PEER_SPAD and BAR_CONFIG share one PCI BAR, the module teardown
path ends up calling pci_iounmap() on the same iomem with some offset,
which is unnecessary and triggers a kernel warning like the following:

  Trying to vunmap() nonexistent vm area (0000000069a5ffe8)
  WARNING: mm/vmalloc.c:3470 at vunmap+0x58/0x68, CPU#5: modprobe/2937
  [...]
  Call trace:
   vunmap+0x58/0x68 (P)
   iounmap+0x34/0x48
   pci_iounmap+0x2c/0x40
   ntb_epf_pci_remove+0x44/0x80 [ntb_hw_epf]
   pci_device_remove+0x48/0xf8
   device_remove+0x50/0x88
   device_release_driver_internal+0x1c8/0x228
   driver_detach+0x50/0xb0
   bus_remove_driver+0x74/0x100
   driver_unregister+0x34/0x68
   pci_unregister_driver+0x34/0xa0
   ntb_epf_pci_driver_exit+0x14/0xfe0 [ntb_hw_epf]
  [...]

Fix it by unmapping only when PEER_SPAD and CONFIG use difference bars.

Cc: stable@vger.kernel.org
Fixes: e75d5ae8ab88 ("NTB: epf: Allow more flexibility in the memory BAR map method")
Reviewed-by: Frank Li &lt;Frank.Li@nxp.com&gt;
Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Signed-off-by: Jon Mason &lt;jdmason@kudzu.us&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When BAR_PEER_SPAD and BAR_CONFIG share one PCI BAR, the module teardown
path ends up calling pci_iounmap() on the same iomem with some offset,
which is unnecessary and triggers a kernel warning like the following:

  Trying to vunmap() nonexistent vm area (0000000069a5ffe8)
  WARNING: mm/vmalloc.c:3470 at vunmap+0x58/0x68, CPU#5: modprobe/2937
  [...]
  Call trace:
   vunmap+0x58/0x68 (P)
   iounmap+0x34/0x48
   pci_iounmap+0x2c/0x40
   ntb_epf_pci_remove+0x44/0x80 [ntb_hw_epf]
   pci_device_remove+0x48/0xf8
   device_remove+0x50/0x88
   device_release_driver_internal+0x1c8/0x228
   driver_detach+0x50/0xb0
   bus_remove_driver+0x74/0x100
   driver_unregister+0x34/0x68
   pci_unregister_driver+0x34/0xa0
   ntb_epf_pci_driver_exit+0x14/0xfe0 [ntb_hw_epf]
  [...]

Fix it by unmapping only when PEER_SPAD and CONFIG use difference bars.

Cc: stable@vger.kernel.org
Fixes: e75d5ae8ab88 ("NTB: epf: Allow more flexibility in the memory BAR map method")
Reviewed-by: Frank Li &lt;Frank.Li@nxp.com&gt;
Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Signed-off-by: Jon Mason &lt;jdmason@kudzu.us&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ntb_hw_amd: Fix incorrect debug message in link disable path</title>
<updated>2026-06-27T02:08:31+00:00</updated>
<author>
<name>Alok Tiwari</name>
<email>alok.a.tiwari@oracle.com</email>
</author>
<published>2026-02-08T16:49:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4fc0625cf9c6c11f1f9b09e1f2e35fa2dd46ea6a'/>
<id>4fc0625cf9c6c11f1f9b09e1f2e35fa2dd46ea6a</id>
<content type='text'>
amd_ntb_link_disable() prints "Enabling Link" which is misleading.
Update the message to reflect that the link is being disabled.

Signed-off-by: Alok Tiwari &lt;alok.a.tiwari@oracle.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Signed-off-by: Jon Mason &lt;jdmason@kudzu.us&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
amd_ntb_link_disable() prints "Enabling Link" which is misleading.
Update the message to reflect that the link is being disabled.

Signed-off-by: Alok Tiwari &lt;alok.a.tiwari@oracle.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Signed-off-by: Jon Mason &lt;jdmason@kudzu.us&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>NTB: epf: Implement .db_vector_count()/mask() for doorbells</title>
<updated>2026-06-23T16:37:44+00:00</updated>
<author>
<name>Koichiro Den</name>
<email>den@valinux.co.jp</email>
</author>
<published>2026-05-13T02:49:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1fda82e37e00eb679d762756867b2e7508dd73f9'/>
<id>1fda82e37e00eb679d762756867b2e7508dd73f9</id>
<content type='text'>
Implement .db_vector_count() and .db_vector_mask() so NTB core/clients can
map doorbell events to per-vector work.

Report vectors as 0..(db_count - 2) (skipping the unused slot) and return
BIT_ULL(db_vector) for the corresponding doorbell bit. Use
ntb_epf_db_vector_count() for bounds checks in ntb_epf_db_vector_mask(), so
the same lower-bound guard is applied before building the bitmask.

Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Link: https://patch.msgid.link/20260513024923.451765-13-den@valinux.co.jp
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Implement .db_vector_count() and .db_vector_mask() so NTB core/clients can
map doorbell events to per-vector work.

Report vectors as 0..(db_count - 2) (skipping the unused slot) and return
BIT_ULL(db_vector) for the corresponding doorbell bit. Use
ntb_epf_db_vector_count() for bounds checks in ntb_epf_db_vector_mask(), so
the same lower-bound guard is applied before building the bitmask.

Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Link: https://patch.msgid.link/20260513024923.451765-13-den@valinux.co.jp
</pre>
</div>
</content>
</entry>
<entry>
<title>NTB: epf: Fix doorbell bitmask and IRQ vector handling</title>
<updated>2026-06-23T16:37:44+00:00</updated>
<author>
<name>Koichiro Den</name>
<email>den@valinux.co.jp</email>
</author>
<published>2026-05-13T02:49:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4fdea8dbb62d746429498e07385a3ba0b0f6d1ab'/>
<id>4fdea8dbb62d746429498e07385a3ba0b0f6d1ab</id>
<content type='text'>
The EPF driver currently stores the incoming doorbell as a vector number
(irq_no + 1) in db_val and db_clear() clears all bits unconditionally.
This breaks db_read()/db_clear() semantics when multiple doorbells are
used.

Store doorbells as a bitmask (BIT_ULL(vector)) and make
db_clear(db_bits) clear only the specified bits. Use atomic64 operations
as db_val is updated from interrupt context.

Once db_val is stored as a bitmask, the ISR's doorbell vector is used
not only for ntb_db_event(), but also as the bit index for BIT_ULL().
The existing ISR derives that vector by subtracting pci_irq_vector(pdev,
0) from the Linux IRQ number passed to the handler, but Linux IRQ
numbers are not guaranteed to be contiguous.

Pass per-vector context as request_irq() dev_id instead, so the ISR gets
the device vector directly.

Validate the doorbell vector before updating db_val or calling
ntb_db_event(), so an unexpected vector cannot create an invalid shift
or be reported to NTB clients.

While at it, read and validate mw_count before requesting interrupt
vectors. An unsupported memory-window count does not need IRQs, and
failing before ntb_epf_init_isr() keeps the probe error path simple.

Fixes: 812ce2f8d14e ("NTB: Add support for EPF PCI Non-Transparent Bridge")
Suggested-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Reviewed-by: Frank Li &lt;Frank.Li@nxp.com&gt;
Link: https://patch.msgid.link/20260513024923.451765-12-den@valinux.co.jp
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The EPF driver currently stores the incoming doorbell as a vector number
(irq_no + 1) in db_val and db_clear() clears all bits unconditionally.
This breaks db_read()/db_clear() semantics when multiple doorbells are
used.

Store doorbells as a bitmask (BIT_ULL(vector)) and make
db_clear(db_bits) clear only the specified bits. Use atomic64 operations
as db_val is updated from interrupt context.

Once db_val is stored as a bitmask, the ISR's doorbell vector is used
not only for ntb_db_event(), but also as the bit index for BIT_ULL().
The existing ISR derives that vector by subtracting pci_irq_vector(pdev,
0) from the Linux IRQ number passed to the handler, but Linux IRQ
numbers are not guaranteed to be contiguous.

Pass per-vector context as request_irq() dev_id instead, so the ISR gets
the device vector directly.

Validate the doorbell vector before updating db_val or calling
ntb_db_event(), so an unexpected vector cannot create an invalid shift
or be reported to NTB clients.

While at it, read and validate mw_count before requesting interrupt
vectors. An unsupported memory-window count does not need IRQs, and
failing before ntb_epf_init_isr() keeps the probe error path simple.

Fixes: 812ce2f8d14e ("NTB: Add support for EPF PCI Non-Transparent Bridge")
Suggested-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Reviewed-by: Frank Li &lt;Frank.Li@nxp.com&gt;
Link: https://patch.msgid.link/20260513024923.451765-12-den@valinux.co.jp
</pre>
</div>
</content>
</entry>
<entry>
<title>NTB: epf: Report 0-based doorbell vector via ntb_db_event()</title>
<updated>2026-06-23T16:37:44+00:00</updated>
<author>
<name>Koichiro Den</name>
<email>den@valinux.co.jp</email>
</author>
<published>2026-05-13T02:49:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3147f0964cecca15e349cbfbdd6a28eb6d50379d'/>
<id>3147f0964cecca15e349cbfbdd6a28eb6d50379d</id>
<content type='text'>
ntb_db_event() expects the vector number to be relative to the first
doorbell vector starting at 0.

Vector 0 is reserved for link events in the EPF driver, so doorbells
start at vector 1. However, both supported peers (ntb_hw_epf with
pci-epf-ntb, and pci-epf-vntb) have historically skipped vector 1 and
started doorbells at vector 2.

Pass (irq_no - 2) to ntb_db_event() so doorbells are reported as 0..N-1.
If irq_no == 1 is ever observed, warn and ignore it, since the slot is
reserved in the legacy layout and reporting it as DB#0 would collide with
the real DB#0 slot.

Fixes: 812ce2f8d14e ("NTB: Add support for EPF PCI Non-Transparent Bridge")
Suggested-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Reviewed-by: Frank Li &lt;Frank.Li@nxp.com&gt;
Link: https://patch.msgid.link/20260513024923.451765-11-den@valinux.co.jp
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
ntb_db_event() expects the vector number to be relative to the first
doorbell vector starting at 0.

Vector 0 is reserved for link events in the EPF driver, so doorbells
start at vector 1. However, both supported peers (ntb_hw_epf with
pci-epf-ntb, and pci-epf-vntb) have historically skipped vector 1 and
started doorbells at vector 2.

Pass (irq_no - 2) to ntb_db_event() so doorbells are reported as 0..N-1.
If irq_no == 1 is ever observed, warn and ignore it, since the slot is
reserved in the legacy layout and reporting it as DB#0 would collide with
the real DB#0 slot.

Fixes: 812ce2f8d14e ("NTB: Add support for EPF PCI Non-Transparent Bridge")
Suggested-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Reviewed-by: Frank Li &lt;Frank.Li@nxp.com&gt;
Link: https://patch.msgid.link/20260513024923.451765-11-den@valinux.co.jp
</pre>
</div>
</content>
</entry>
<entry>
<title>NTB: epf: Make db_valid_mask cover only real doorbell bits</title>
<updated>2026-06-23T16:37:44+00:00</updated>
<author>
<name>Koichiro Den</name>
<email>den@valinux.co.jp</email>
</author>
<published>2026-05-13T02:49:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6eb7e28f1f24a28234add38755687a7ed8bc2654'/>
<id>6eb7e28f1f24a28234add38755687a7ed8bc2654</id>
<content type='text'>
ndev-&gt;db_count includes an unused doorbell slot due to the legacy extra
offset in the peer doorbell path. db_valid_mask must cover only the real
doorbell bits and exclude the unused slot.

Set db_valid_mask to BIT_ULL(db_count - 1) - 1.

Fixes: 812ce2f8d14e ("NTB: Add support for EPF PCI Non-Transparent Bridge")
Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Frank Li &lt;Frank.Li@nxp.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Link: https://patch.msgid.link/20260513024923.451765-10-den@valinux.co.jp
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
ndev-&gt;db_count includes an unused doorbell slot due to the legacy extra
offset in the peer doorbell path. db_valid_mask must cover only the real
doorbell bits and exclude the unused slot.

Set db_valid_mask to BIT_ULL(db_count - 1) - 1.

Fixes: 812ce2f8d14e ("NTB: Add support for EPF PCI Non-Transparent Bridge")
Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Frank Li &lt;Frank.Li@nxp.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Link: https://patch.msgid.link/20260513024923.451765-10-den@valinux.co.jp
</pre>
</div>
</content>
</entry>
<entry>
<title>NTB: epf: Document legacy doorbell slot offset in ntb_epf_peer_db_set()</title>
<updated>2026-06-23T16:37:44+00:00</updated>
<author>
<name>Koichiro Den</name>
<email>den@valinux.co.jp</email>
</author>
<published>2026-05-13T02:49:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=84af8a5f5ef24b74f44470e7e6af7089ef125e84'/>
<id>84af8a5f5ef24b74f44470e7e6af7089ef125e84</id>
<content type='text'>
ntb_epf_peer_db_set() uses ffs(db_bits) to select a doorbell to ring.
ffs() returns a 1-based bit index (bit 0 -&gt; 1).

Entry 0 is reserved for link events, so doorbell bit 0 must map to entry
1. However, since the initial commit 812ce2f8d14e ("NTB: Add support for
EPF PCI Non-Transparent Bridge"), the implementation has been adding an
extra +1, ending up using entry 2 for bit 0. Fixing the extra increment
would break interoperability with peers running older kernels.

Keep the legacy behavior and document the offset and the resulting slot
layout to avoid confusion when enabling per-db-vector handling.

Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Reviewed-by: Frank Li &lt;Frank.Li@nxp.com&gt;
Link: https://patch.msgid.link/20260513024923.451765-9-den@valinux.co.jp
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
ntb_epf_peer_db_set() uses ffs(db_bits) to select a doorbell to ring.
ffs() returns a 1-based bit index (bit 0 -&gt; 1).

Entry 0 is reserved for link events, so doorbell bit 0 must map to entry
1. However, since the initial commit 812ce2f8d14e ("NTB: Add support for
EPF PCI Non-Transparent Bridge"), the implementation has been adding an
extra +1, ending up using entry 2 for bit 0. Fixing the extra increment
would break interoperability with peers running older kernels.

Keep the legacy behavior and document the offset and the resulting slot
layout to avoid confusion when enabling per-db-vector handling.

Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Reviewed-by: Frank Li &lt;Frank.Li@nxp.com&gt;
Link: https://patch.msgid.link/20260513024923.451765-9-den@valinux.co.jp
</pre>
</div>
</content>
</entry>
<entry>
<title>NTB: epf: Avoid calling pci_irq_vector() from hardirq context</title>
<updated>2026-06-22T20:23:40+00:00</updated>
<author>
<name>Koichiro Den</name>
<email>den@valinux.co.jp</email>
</author>
<published>2026-03-04T08:30:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4dcddc1c794d1c65eda68f1f8dd04a0fecc0870f'/>
<id>4dcddc1c794d1c65eda68f1f8dd04a0fecc0870f</id>
<content type='text'>
ntb_epf_vec_isr() calls pci_irq_vector() in hardirq context to derive
the vector number. pci_irq_vector() calls msi_get_virq() that takes a
mutex and can therefore trigger "scheduling while atomic" splats:

  BUG: scheduling while atomic: kworker/u33:0/55/0x00010001
  ...
  Call trace:
   ...
   schedule+0x38/0x110
   schedule_preempt_disabled+0x28/0x50
   __mutex_lock.constprop.0+0x848/0x908
   __mutex_lock_slowpath+0x18/0x30
   mutex_lock+0x4c/0x60
   msi_domain_get_virq+0xe8/0x138
   pci_irq_vector+0x2c/0x60
   ntb_epf_vec_isr+0x28/0x120 [ntb_hw_epf]
   __handle_irq_event_percpu+0x70/0x3a8
   handle_irq_event+0x48/0x100
   handle_edge_irq+0x100/0x1c8
   ...

Cache the Linux IRQ number for vector 0 when vectors are allocated and
use it as a base in the ISR. Running the ISR in a threaded IRQ handler
would also avoid the problem, but that would be unnecessary here.

Fixes: 812ce2f8d14e ("NTB: Add support for EPF PCI Non-Transparent Bridge")
Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Cc: stable@vger.kernel.org # v5.12+
Link: https://patch.msgid.link/20260304083028.1391068-3-den@valinux.co.jp
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
ntb_epf_vec_isr() calls pci_irq_vector() in hardirq context to derive
the vector number. pci_irq_vector() calls msi_get_virq() that takes a
mutex and can therefore trigger "scheduling while atomic" splats:

  BUG: scheduling while atomic: kworker/u33:0/55/0x00010001
  ...
  Call trace:
   ...
   schedule+0x38/0x110
   schedule_preempt_disabled+0x28/0x50
   __mutex_lock.constprop.0+0x848/0x908
   __mutex_lock_slowpath+0x18/0x30
   mutex_lock+0x4c/0x60
   msi_domain_get_virq+0xe8/0x138
   pci_irq_vector+0x2c/0x60
   ntb_epf_vec_isr+0x28/0x120 [ntb_hw_epf]
   __handle_irq_event_percpu+0x70/0x3a8
   handle_irq_event+0x48/0x100
   handle_edge_irq+0x100/0x1c8
   ...

Cache the Linux IRQ number for vector 0 when vectors are allocated and
use it as a base in the ISR. Running the ISR in a threaded IRQ handler
would also avoid the problem, but that would be unnecessary here.

Fixes: 812ce2f8d14e ("NTB: Add support for EPF PCI Non-Transparent Bridge")
Signed-off-by: Koichiro Den &lt;den@valinux.co.jp&gt;
Signed-off-by: Manivannan Sadhasivam &lt;mani@kernel.org&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Reviewed-by: Dave Jiang &lt;dave.jiang@intel.com&gt;
Cc: stable@vger.kernel.org # v5.12+
Link: https://patch.msgid.link/20260304083028.1391068-3-den@valinux.co.jp
</pre>
</div>
</content>
</entry>
</feed>
