On Wed, Oct 29, 2025 at 05:25:03PM -0700, Samiullah Khawaja wrote:
> On Mon, Oct 13, 2025 at 8:27 AM Leon Romanovsky <[email protected]> wrote:
> >
> > From: Leon Romanovsky <[email protected]>
> >
> > Add support for exporting PCI device MMIO regions through dma-buf,
> > enabling safe sharing of non-struct page memory with controlled
> > lifetime management. This allows RDMA and other subsystems to import
> > dma-buf FDs and build them into memory regions for PCI P2P operations.
> >
> > The implementation provides a revocable attachment mechanism using
> > dma-buf move operations. MMIO regions are normally pinned as BARs
> > don't change physical addresses, but access is revoked when the VFIO
> > device is closed or a PCI reset is issued. This ensures kernel
> > self-defense against potentially hostile userspace.
> >
> > Signed-off-by: Jason Gunthorpe <[email protected]>
> > Signed-off-by: Vivek Kasireddy <[email protected]>
> > Signed-off-by: Leon Romanovsky <[email protected]>
> > ---
> > drivers/vfio/pci/Kconfig | 3 +
> > drivers/vfio/pci/Makefile | 2 +
> > drivers/vfio/pci/vfio_pci_config.c | 22 +-
> > drivers/vfio/pci/vfio_pci_core.c | 28 ++
> > drivers/vfio/pci/vfio_pci_dmabuf.c | 446 +++++++++++++++++++++++++++++
> > drivers/vfio/pci/vfio_pci_priv.h | 23 ++
> > include/linux/vfio_pci_core.h | 1 +
> > include/uapi/linux/vfio.h | 25 ++
> > 8 files changed, 546 insertions(+), 4 deletions(-)
> > create mode 100644 drivers/vfio/pci/vfio_pci_dmabuf.c
<...>
> > +void vfio_pci_dma_buf_move(struct vfio_pci_core_device *vdev, bool revoked)
> > +{
> > + struct vfio_pci_dma_buf *priv;
> > + struct vfio_pci_dma_buf *tmp;
> > +
> > + lockdep_assert_held_write(&vdev->memory_lock);
> > +
> > + list_for_each_entry_safe(priv, tmp, &vdev->dmabufs, dmabufs_elm) {
> > + if (!get_file_active(&priv->dmabuf->file))
> > + continue;
> > +
> > + if (priv->revoked != revoked) {
> > + dma_resv_lock(priv->dmabuf->resv, NULL);
> > + priv->revoked = revoked;
> > + dma_buf_move_notify(priv->dmabuf);
>
> I think this should only be called when revoked is true, otherwise
> this will be calling move_notify on the already revoked dmabuf
> attachments.
This case is protected by "if (priv->revoked)" check both in
vfio_pci_dma_buf_map
and vfio_pci_dma_buf_attach. They will prevent DMABUF recreation if revoked is
false.
VTW, please trim your replies, it is time consuming to find your reply
among 600 lines of unrelated text.
Thanks
> > + dma_resv_unlock(priv->dmabuf->resv);
> > + }
> > + dma_buf_put(priv->dmabuf);
> > + }
> > +}
