On Fri, Jan 09, 2026 at 12:43:32AM +0000, David Matlack wrote:
> On 2026-01-08 08:36 PM, Jason Gunthorpe wrote:
> > On Thu, Jan 08, 2026 at 09:29:29PM +0000, David Matlack wrote:
> > > On 2026-01-08 02:33 PM, Jason Gunthorpe wrote:
> > > > On Thu, Jan 08, 2026 at 10:24:19AM -0800, David Matlack wrote:
> > > > > > > Oh, I was thinking about a compatability only flow only in the
> > > > > > > type 1
> > > > > > > emulation that internally magically converts a VMA to a dmabuf,
> > > > > > > but I
> > > > > > > haven't written anything.. It is a bit tricky and the type 1
> > > > > > > emulation
> > > > > > > has not been as popular as I expected??
> > > > > >
> > > > > > In part because of this gap, I'd guess. Thanks,
> > > > >
> > > > > Lack of huge mappings in the IOMMU when using VFIO_TYPE1_IOMMU is
> > > > > another gap I'm aware of.
> > > > > vfio_dma_mapping_test.vfio_type1_iommu_anonymous_hugetlb_1gb.dma_map_unmap
> > > > > fails when IOMMUFD_VFIO_CONTAINER is enabled.
> > > >
> > > > What is this? I'm not aware of it..
> > >
> > > It's one of the test cases within
> > > tools/testing/selftests/vfio/vfio_dma_mapping_test.c.
> > >
> > > Here's the output when running with CONFIG_IOMMUFD_VFIO_CONTAINER=y:
> > >
> > > # RUN
> > > vfio_dma_mapping_test.vfio_type1_iommu_anonymous_hugetlb_1gb.dma_map_unmap
> > > ...
> > > Mapped HVA 0x7f0480000000 (size 0x40000000) at IOVA 0x0
> > > Searching for IOVA 0x0 in
> > > /sys/kernel/debug/iommu/intel/0000:6a:01.0/domain_translation_struct
> > > Found IOMMU mappings for IOVA 0x0:
> > > PGD: 0x0000000203475027
> > > P4D: 0x0000000203476027
> > > PUD: 0x0000000203477027
> > > PMD: 0x00000001e7562027
> > > PTE: 0x00000041c0000067
> > > #
> > > tools/testing/selftests/vfio/vfio_dma_mapping_test.c:188:dma_map_unmap:Expected
> > > 0 (0) == mapping.pte (282394099815)
> > > # dma_map_unmap: Test terminated by assertion
> > > # FAIL
> > > vfio_dma_mapping_test.vfio_type1_iommu_anonymous_hugetlb_1gb.dma_map_unmap
> >
> > I can't think of any reason this would fail, I think your tests have
> > found a real bug?? Can you check into it, what kernel call fails and
> > where does the kernel code come from?
>
> Oh I thought it was by design. This code in iommufd_vfio_set_iommu():
>
> /*
> * The difference between TYPE1 and TYPE1v2 is the ability to unmap in
> * the middle of mapped ranges. This is complicated by huge page support
> * which creates single large IOPTEs that cannot be split by the iommu
> * driver. TYPE1 is very old at this point and likely nothing uses it,
> * however it is simple enough to emulate by simply disabling the
> * problematic large IOPTEs. Then we can safely unmap within any range.
> */
> if (type == VFIO_TYPE1_IOMMU)
> rc = iopt_disable_large_pages(&ioas->iopt);
>
> git-blame says some guy named Jason Gunthorpe wrote it :P
Er, maybe I mis understood the output then?
This is not a "failure" though, the map succeeded and gave a small
page mapping.
This is not reflecting a bug in iommufd but a bug in the TYPE1 support
in VFIO itself because it definitely cannot maintain the required
unmap anywhere semantic if it mapped in a 1G huge page like this.
Basically, if you are mapping with TYPE1 mode then this should be triggered:
if (!strcmp(variant->iommu_mode, "iommufd_compat_type1"))
mapping_size = SZ_4K;
And VFIO should be the one to fail, not iommufd.
If you really want to test TYPE1 you need to test what makes it
unique, which is that you can map any VMA and then unmap any slice of
it. Including within what should otherwise be a 1G page.
But I doubt anyone cares enough to fix this, so just exclude
VFIO_TYPE1_IOMMU from this test?
Jason
