[RFC PATCH 2/7] vfio/pci: Clean up DMABUFs before disabling function

Next message: Matt Evans: "[RFC PATCH 1/7] vfio/pci: Ensure VFIO barmap is set up before creating a DMABUF"
Previous message: Nico Pache: "Re: [PATCH mm-unstable v2 5/5] mm/khugepaged: unify khugepaged and madv_collapse with collapse_single_pmd()"
In reply to: Matt Evans: "[RFC PATCH 6/7] vfio/pci: Add mmap() attributes to DMABUF feature"
Next in thread: Matt Evans: "[RFC PATCH 1/7] vfio/pci: Ensure VFIO barmap is set up before creating a DMABUF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Matt Evans

Date: Thu Feb 26 2026 - 15:28:44 EST

On device shutdown, make vfio_pci_core_close_device() call
vfio_pci_dma_buf_cleanup() before the function is disabled via
vfio_pci_core_disable(). This ensures that any access to DMABUFs is
revoked (and importers act on move_notify()) before the function's
BARs become inaccessible.

This fixes an issue where, if the function is disabled first, a tiny
window exists in which the function's MSE is cleared and yet BARs
could still be accessed via the DMABUF. Worse, the resources would
also be free/up for grabs by a different driver.

Fixes: 5d74781ebc86c ("vfio/pci: Add dma-buf export support for MMIO regions")
Signed-off-by: Matt Evans <mattev@xxxxxxxx>
---
drivers/vfio/pci/vfio_pci_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
index 3a11e6f450f7..8d0e3605fbc7 100644
--- a/drivers/vfio/pci/vfio_pci_core.c
+++ b/drivers/vfio/pci/vfio_pci_core.c
@@ -726,10 +726,10 @@ void vfio_pci_core_close_device(struct vfio_device *core_vdev)
#if IS_ENABLED(CONFIG_EEH)
eeh_dev_release(vdev->pdev);
#endif
- vfio_pci_core_disable(vdev);
-
vfio_pci_dma_buf_cleanup(vdev);

+ vfio_pci_core_disable(vdev);
+
mutex_lock(&vdev->igate);
vfio_pci_eventfd_replace_locked(vdev, &vdev->err_trigger, NULL);
vfio_pci_eventfd_replace_locked(vdev, &vdev->req_trigger, NULL);
--
2.47.3