[PATCH v5 0/3] vfio/pci: Request resources and map BARs at enable time

[Matt Evans]

Hi,

These patches fix a potential race for concurrent calls to
vfio_pci_core_setup_barmap(), and a DMABUF missing check for resource
before the export.  Discussion on a previous series (different,
replaced by this one) is here:

 https://lore.kernel.org/kvm/20260415181423.1008458-1-mattev@xxxxxxxx

Responses in that thread indicated there wasn't a strong historical
reason to require the mapping to be performed on-demand at BAR
reference time.  It's much simpler to move this earlier, to
vfio_pci_core_enable(), and that then avoids having to deal with
concurrent requests later.

The first patch requests PCI resources and pci_iomap() of the BARs
from vfio_pci_core_enable(), moving this out of
vfio_pci_core_setup_barmap().

Some callers rely on vfio_pci_core_setup_barmap() for its ioremap()
effect, and other callers use it for its resource-acquiring effect.
The function turns into a cheap error check that both these actions
have occurred; that maintains the same error behaviour as before the
fix.

The second patch adds a call to vfio_pci_core_setup_barmap() to VFIO
DMABUF export to check the resource is reserved; previously this was
able to export an unrequested resource.  Although patch 1 at first
appears to fix this by requesting resources at enable time, code using
the BAR still needs to check the resource really was acquired.

(FWIW, Leon gave a R-B on v2 in
https://lore.kernel.org/kvm/20260426111606.GC440345@unreal/ though
this repost isn't 100% identical so I didn't propagate it.)

The third patch refactors vfio_pci_core_setup_barmap() plus the various
vdev->barmap[] accesses into vfio_pci_core_get_iomap() which returns
either a pointer to the mapping or an ERR_PTR() describing why it
doesn't exist.  This is used by callers that need the mapping, but
also by other callers to check that the resource/mapping step was
successful.


=== Changes ===

v5:
 - vfio_pci_core_map_bars() releases the region if the subsequent
   pci_iomap() fails
 - vfio_pci_core_disable() correctly tests for NULL/error
 - For nvgrace-gpu, check the result of vfio_pci_core_get_iomap() at
   open time then stash the BAR base for use later on.  Errors are
   checked up-front, and this avoids the perception that a
   later ..._get_iomap() might fail.

v4:
 https://lore.kernel.org/kvm/20260505173835.2324179-1-mattev@xxxxxxxx/
 - Reorder patches to put fixes at the front: First, the early BAR
   setup to avoid the race.  Then, add DMABUF check.  Then,
   refactor/tidy.

 - Adjust Fixes: of first patch to point to early VFIO PCI commit, and
   reduce the patch to only the fix (don't add new error checks).
   Use pci_dbg() instead of pci_warn() when setting up BAR
   resources.  Add barmap[] error checking to vfio_pci_core_disable().

 - Add barmap[]/BAR index error checking to vfio_pci_core_get_iomap(),
   and use WARN_ON_ONCE() since the conditions truly shouldn't happen.

v3:
  https://lore.kernel.org/kvm/20260430100340.2787446-1-mattev@xxxxxxxx/

 - Remove the separate tracking of the BAR mapping versus the
   acquiring its resource.  Errors from failing iomap vs resource
   reservation are ERR_PTR()-elcoded into barmap[bar].

 - Remove the separate test helper, and add vfio_pci_core_get_iomap().
   This gets the iomap base or is used check for error/failure to
   acquire the resource.  Added comments at call sites explaining
   whether they want to just ensure the resource is reserved versus
   actually use the mapping.

v2:
  https://lore.kernel.org/kvm/20260423182517.2286030-1-mattev@xxxxxxxx/

 - Don't fail if resources can't be requested or iomapped, even for
   valid BARs, as this would change the userspace-observable error
   behaviour.  Specifically, if there was an issue with one particular
   BAR which happened to never be used, then userspace would never
   encounter an error for it.  Track iomap and resource-acquisition
   status per BAR.

 - Break out the checks for resource success from those for iomap
   success, in the form of the two new helpers.

 - Third patch to add the check to VFIO DMABUF export, because
   init-time requests can now fail.

v1:
  https://lore.kernel.org/kvm/20260421174143.3883579-1-mattev@xxxxxxxx/


Matt Evans (3):
  vfio/pci: Set up BAR resources and maps in vfio_pci_core_enable()
  vfio/pci: Check BAR resources before exporting a DMABUF
  vfio/pci: Replace vfio_pci_core_setup_barmap() with
    vfio_pci_core_get_iomap()

 drivers/vfio/pci/nvgrace-gpu/main.c | 20 +++++++-----
 drivers/vfio/pci/vfio_pci_core.c    | 48 ++++++++++++++++++++++++-----
 drivers/vfio/pci/vfio_pci_dmabuf.c  |  6 ++--
 drivers/vfio/pci/vfio_pci_rdwr.c    | 42 +++++--------------------
 drivers/vfio/pci/virtio/legacy_io.c | 13 ++++----
 include/linux/vfio_pci_core.h       | 20 +++++++++++-
 6 files changed, 91 insertions(+), 58 deletions(-)

-- 
2.47.3