Re: [PATCH 1/2] vfio/pci: Set up barmap in vfio_pci_core_enable()

[Alex Williamson <alex@shazbot.org>]

On Tue, 21 Apr 2026 10:41:40 -0700
Matt Evans <mattev@meta.com> wrote:

> The previous lazy-setup of the barmaps provided opportunities to
> forget to do it (for example, DMABUF export).  Since all users will
> ultimately require BAR resources to have been requested, request them
> in vfio_pci_core_enable.
> 
> Existing calls to vfio_pci_core_setup_barmap() are now benign, but
> remain because some callers use it to validate a BAR index.  This
> fixes at least the case where DMABUF export could succeed before
> resources were requested.
> 
> This keeps resource request and ioremap() done at the same time, but
> in future the ioremap() could be done on-demand (not all VFIO users
> need it).
> 
> Fixes: 7f5764e179c6 ("vfio: use vfio_pci_core_setup_barmap to map bar in mmap")
> Fixes: 0d77ed3589ac0 ("vfio/pci: Pull BAR mapping setup from read-write path")
> Signed-off-by: Matt Evans <mattev@meta.com>
> ---
>  drivers/vfio/pci/vfio_pci_core.c | 63 +++++++++++++++++++++++++++-----
>  drivers/vfio/pci/vfio_pci_rdwr.c | 25 +++----------
>  2 files changed, 60 insertions(+), 28 deletions(-)
> 
> diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
> index 3f8d093aacf8..4a314213f3ae 100644
> --- a/drivers/vfio/pci/vfio_pci_core.c
> +++ b/drivers/vfio/pci/vfio_pci_core.c
> @@ -482,6 +482,55 @@ static int vfio_pci_core_runtime_resume(struct device *dev)
>  }
>  #endif /* CONFIG_PM */
>  
> +static void __vfio_pci_core_unmap_bars(struct vfio_pci_core_device *vdev)
> +{
> +	struct pci_dev *pdev = vdev->pdev;
> +	int i;
> +
> +	for (i = 0; i < PCI_STD_NUM_BARS; i++) {
> +		int bar = i + PCI_STD_RESOURCES;
> +
> +		if (!vdev->barmap[i])
> +			continue;
> +		pci_iounmap(pdev, vdev->barmap[bar]);
> +		pci_release_selected_regions(pdev, 1 << bar);
> +		vdev->barmap[bar] = NULL;
> +	}
> +}
> +
> +static int __vfio_pci_core_map_bars(struct vfio_pci_core_device *vdev)
> +{
> +	struct pci_dev *pdev = vdev->pdev;
> +	int ret = 0;
> +	int i;
> +
> +	/* Eager-request BAR resources (and iomap) */
> +	for (i = 0; i < PCI_STD_NUM_BARS; i++) {
> +		int bar = i + PCI_STD_RESOURCES;
> +		void __iomem *io;
> +
> +		if (pci_resource_len(pdev, i) == 0)
> +			continue;
> +
> +		ret = pci_request_selected_regions(pdev, 1 << bar, "vfio");
> +		if (ret)
> +			goto err_free_barmap;
> +
> +		io = pci_iomap(pdev, bar, 0);
> +		if (!io) {
> +			pci_release_selected_regions(pdev, 1 << bar);
> +			ret = -ENOMEM;
> +			goto err_free_barmap;
> +		}
> +		vdev->barmap[bar] = io;
> +	}
> +	return 0;
> +
> +err_free_barmap:
> +	__vfio_pci_core_unmap_bars(vdev);
> +	return ret;
> +}
> +
>  /*
>   * The pci-driver core runtime PM routines always save the device state
>   * before going into suspended state. If the device is going into low power
> @@ -568,6 +617,9 @@ int vfio_pci_core_enable(struct vfio_pci_core_device *vdev)
>  	if (!vfio_vga_disabled() && vfio_pci_is_vga(pdev))
>  		vdev->has_vga = true;
>  
> +	ret = __vfio_pci_core_map_bars(vdev);
> +	if (ret)
> +		goto out_free_zdev;

Beyond simply changing to a preemptive mapping scheme, this hard
failure makes me concerned about regressing userspace.  With the
current lazy scheme, we only claim the BAR if the user accesses it and
the failure only occurs in the access path.  That means we could have
BARs that are never mapped.  With a hard failure here, with might be
uncovering some latent issues, and if those latent issues are with BARs
that we never cared to map previously, we're causing trouble for no
gain.

I'd suggest setup should be a void function that generates pci_warn()
on conflict or iomap error, but doesn't block the device.  Each usage
path (including mmap that gets removed in the next path) still needs to
validate the mapping is present for the given BAR and fail the call
path otherwise.

There's also a subtle range check added in the virtio driver in the
next patch, is that fixing a bug or paranoia?  Do we need a helper that
does a range test and barmap test?  Thanks,

Alex

>  
>  	return 0;
>  
> @@ -591,7 +643,7 @@ void vfio_pci_core_disable(struct vfio_pci_core_device *vdev)
>  	struct pci_dev *pdev = vdev->pdev;
>  	struct vfio_pci_dummy_resource *dummy_res, *tmp;
>  	struct vfio_pci_ioeventfd *ioeventfd, *ioeventfd_tmp;
> -	int i, bar;
> +	int i;
>  
>  	/* For needs_reset */
>  	lockdep_assert_held(&vdev->vdev.dev_set->lock);
> @@ -646,14 +698,7 @@ void vfio_pci_core_disable(struct vfio_pci_core_device *vdev)
>  
>  	vfio_config_free(vdev);
>  
> -	for (i = 0; i < PCI_STD_NUM_BARS; i++) {
> -		bar = i + PCI_STD_RESOURCES;
> -		if (!vdev->barmap[bar])
> -			continue;
> -		pci_iounmap(pdev, vdev->barmap[bar]);
> -		pci_release_selected_regions(pdev, 1 << bar);
> -		vdev->barmap[bar] = NULL;
> -	}
> +	__vfio_pci_core_unmap_bars(vdev);
>  
>  	list_for_each_entry_safe(dummy_res, tmp,
>  				 &vdev->dummy_resources_list, res_next) {
> diff --git a/drivers/vfio/pci/vfio_pci_rdwr.c b/drivers/vfio/pci/vfio_pci_rdwr.c
> index 4251ee03e146..d1386a31a3a3 100644
> --- a/drivers/vfio/pci/vfio_pci_rdwr.c
> +++ b/drivers/vfio/pci/vfio_pci_rdwr.c
> @@ -200,26 +200,13 @@ EXPORT_SYMBOL_GPL(vfio_pci_core_do_io_rw);
>  
>  int vfio_pci_core_setup_barmap(struct vfio_pci_core_device *vdev, int bar)
>  {
> -	struct pci_dev *pdev = vdev->pdev;
> -	int ret;
> -	void __iomem *io;
> -
> -	if (vdev->barmap[bar])
> -		return 0;
> -
> -	ret = pci_request_selected_regions(pdev, 1 << bar, "vfio");
> -	if (ret)
> -		return ret;
> -
> -	io = pci_iomap(pdev, bar, 0);
> -	if (!io) {
> -		pci_release_selected_regions(pdev, 1 << bar);
> -		return -ENOMEM;
> -	}
> -
> -	vdev->barmap[bar] = io;
> +	/*
> +	 * The barmap is now always set up in vfio_pci_core_enable().
> +	 * Some legacy callers use this function to check if the BAR
> +	 * is legitimate, so maintain that:
> +	 */
>  
> -	return 0;
> +	return vdev->barmap[bar] ? 0 : -EBUSY;
>  }
>  EXPORT_SYMBOL_GPL(vfio_pci_core_setup_barmap);
>