Re: [PATCH] vfio/pci: Don't export DMABUFs for unmappable BARs

[Leon Romanovsky]

On Thu, Apr 16, 2026 at 02:05:30PM +0100, Matt Evans wrote:
> Hi Leon,
> 
> On 16/04/2026 09:11, Leon Romanovsky wrote:
> > > On Wed, Apr 15, 2026 at 11:16:23AM -0700, Matt Evans wrote:
> > > Although vfio_pci_core_feature_dma_buf() validates that both requested
> > > DMABUF ranges and the PCI resources being referenced are page-aligned,
> > > there may be reasons other than alignment that cause a BAR to be
> > > unmappable.
> > > 
> > > Add a check for vdev->bar_mmap_supported[index], similar to the VFIO
> > > mmap path.
> > > 
> > > Fixes: 5d74781ebc86c ("vfio/pci: Add dma-buf export support for MMIO regions")
> > > Signed-off-by: Matt Evans <mattev@xxxxxxxx>
> > > ---
> > >   drivers/vfio/pci/vfio_pci_dmabuf.c | 3 +++
> > >   1 file changed, 3 insertions(+)
> > > 
> > > diff --git a/drivers/vfio/pci/vfio_pci_dmabuf.c b/drivers/vfio/pci/vfio_pci_dmabuf.c
> > > index f87fd32e4a01..4ccaf3531e02 100644
> > > --- a/drivers/vfio/pci/vfio_pci_dmabuf.c
> > > +++ b/drivers/vfio/pci/vfio_pci_dmabuf.c
> > > @@ -249,6 +249,9 @@ int vfio_pci_core_feature_dma_buf(struct vfio_pci_core_device *vdev, u32 flags,
> > >   	if (get_dma_buf.region_index >= VFIO_PCI_ROM_REGION_INDEX)
> > >   		return -ENODEV;
> > > +	if (!vdev->bar_mmap_supported[get_dma_buf.region_index])
> > > +		return -EINVAL;
> > > +
> > 
> > And it looks like AI has valid concern about this line too.
> > https://urldefense.com/v3/__https://sashiko.dev/*/patchset/20260415181623.1021090-1-mattev@meta.com__;Iw!!Bt8RZUm9aw!5DxsN8cDUviPIZqEjG0pZ_VYYbl_RdmWucTGdTZ3ZzlVP_Ysb0n7ykr0eXwFXdpuqvZH2FK3$
> 
> Ah, Sashiko has a point, and I think its suggestion of checking lower down
> in the default .get_dmabuf_phys (vfio_pci_core_get_dmabuf_phys()) and
> preserving driver overrides is decent.  Will revisit.
> 
> To your other question:
> > I noticed this check in vfio_pci_core_mmap(). Isn't that sufficient?
> 
> The scenario in mind is doing a DMABUF-export for BARs that you haven't
> necessarily noticed can't be mmap()ed, and both paths should be checking.

I added the validation checks that matter on the kernel side, but mmap is
primarily important for callers. What I am missing is an explanation of
why the kernel should impose this restriction on itself.

Thanks

> 
> Cheers,
> 
> 
> Matt
> 
> 
> > 
> > Thanks
> > 
> > >   	dma_ranges = memdup_array_user(&arg->dma_ranges, get_dma_buf.nr_ranges,
> > >   				       sizeof(*dma_ranges));
> > >   	if (IS_ERR(dma_ranges))
> > > -- 
> > > 2.47.3
> > > 
>