On Tue, May 07, 2024 at 09:31:53PM -0300, Jason Gunthorpe wrote: > On Thu, May 02, 2024 at 07:50:36AM +0000, Kasireddy, Vivek wrote: > > Hi Jason, > > > > > > > > On Tue, Apr 30, 2024 at 04:24:50PM -0600, Alex Williamson wrote: > > > > > +static vm_fault_t vfio_pci_dma_buf_fault(struct vm_fault *vmf) > > > > > +{ > > > > > + struct vm_area_struct *vma = vmf->vma; > > > > > + struct vfio_pci_dma_buf *priv = vma->vm_private_data; > > > > > + pgoff_t pgoff = vmf->pgoff; > > > > > + > > > > > + if (pgoff >= priv->nr_pages) > > > > > + return VM_FAULT_SIGBUS; > > > > > + > > > > > + return vmf_insert_pfn(vma, vmf->address, > > > > > + page_to_pfn(priv->pages[pgoff])); > > > > > +} > > > > > > > > How does this prevent the MMIO space from being mmap'd when disabled > > > at > > > > the device? How is the mmap revoked when the MMIO becomes disabled? > > > > Is it part of the move protocol? > > In this case, I think the importers that mmap'd the dmabuf need to be tracked > > separately and their VMA PTEs need to be zapped when MMIO access is revoked. > > Which, as we know, is quite hard. > > > > Yes, we should not have a mmap handler for dmabuf. vfio memory must be > > > mmapped in the normal way. > > Although optional, I think most dmabuf exporters (drm ones) provide a mmap > > handler. Otherwise, there is no easy way to provide CPU access (backup slow path) > > to the dmabuf for the importer. > > Here we should not, there is no reason since VFIO already provides a > mmap mechanism itself. Anything using this API should just call the > native VFIO function instead of trying to mmap the DMABUF. Yes, it > will be inconvient for the scatterlist case you have, but the kernel > side implementation is much easier .. Just wanted to confirm that it's entirely legit to not implement dma-buf mmap. Same for the in-kernel vmap functions. Especially for really funny buffers like these it's just not a good idea, and the dma-buf interfaces are intentionally "everything is optional". Similarly you can (and should) reject and dma_buf_attach to devices where p2p connectevity isn't there, or well really for any other reason that makes stuff complicated and is out of scope for your use-case. It's better to reject strictly and than accidentally support something really horrible (we've been there). The only real rule with all the interfaces is that when attach() worked, then map must too (except when you're in OOM). Because at least for some drivers/subsystems, that's how userspace figures out whether a buffer can be shared. -Sima -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch