Bitfield operations are not atomic, they use a read-modify-write pattern, therefore we should be careful not to pack bitfields that can be concurrently updated into the same storage unit. The split fields (is_err and object_changed in mlx5_vhca_page_tracker, deferred_reset in mlx5vf_pci_core_device) are mutated from contexts that don't serialize against the other writers in the same storage unit, so a bitfield RMW could drop an adjacent field's update. The remaining bitfields are either probe-only or share a single writer context, so they stay packed. The page tracker's status field is also relocated to fill the alignment hole the split exposes. Fixes: f886473071d6 ("vfio/mlx5: Add support for tracker object change event") Fixes: 61a2f1460fd0 ("vfio/mlx5: Manage the VF attach/detach callback from the PF") Cc: stable@vger.kernel.org Assisted-by: Claude:claude-opus-4-7 Signed-off-by: Alex Williamson --- drivers/vfio/pci/mlx5/cmd.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/vfio/pci/mlx5/cmd.h b/drivers/vfio/pci/mlx5/cmd.h index deed0f132f39..b782139eb8be 100644 --- a/drivers/vfio/pci/mlx5/cmd.h +++ b/drivers/vfio/pci/mlx5/cmd.h @@ -158,14 +158,14 @@ struct mlx5_vhca_qp { struct mlx5_vhca_page_tracker { u32 id; u32 pdn; - u8 is_err:1; - u8 object_changed:1; + u8 is_err; + u8 object_changed; + int status; struct mlx5_uars_page *uar; struct mlx5_vhca_cq cq; struct mlx5_vhca_qp *host_qp; struct mlx5_vhca_qp *fw_qp; struct mlx5_nb nb; - int status; }; struct mlx5vf_pci_core_device { @@ -173,11 +173,11 @@ struct mlx5vf_pci_core_device { int vf_id; u16 vhca_id; u8 migrate_cap:1; - u8 deferred_reset:1; u8 mdev_detach:1; u8 log_active:1; u8 chunk_mode:1; u8 mig_state_cap:1; + u8 deferred_reset; struct completion tracker_comp; /* protect migration state */ struct mutex state_mutex; -- 2.51.0