On Mon, Apr 18, 2022 at 11:28:30AM -0400, Tony Krowiak wrote:
> > diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
> > index a4555014bd1e72..8a5c46aa2bef61 100644
> > +++ b/drivers/vfio/vfio.c
> > @@ -2484,19 +2484,15 @@ static int vfio_unregister_group_notifier(struct
> > vfio_group *group,
> > return ret;
> > }
> > -int vfio_register_notifier(struct device *dev, enum vfio_notify_type type,
> > +int vfio_register_notifier(struct vfio_device *dev, enum vfio_notify_type
> > type,
> > unsigned long *events, struct notifier_block *nb)
> > {
> > - struct vfio_group *group;
> > + struct vfio_group *group = dev->group;
>
> Is there a guarantee that dev != NULL? The original code below checks
> the value of dev, so why is that check eliminated here?
Yes, no kernel driver calls this with null dev. The original code
should have been a WARN_ON as it is just protecting against a buggy
driver. In this case if the driver is buggy we simply generate a
backtrace through a null deref panic.
Jason
