[PATCH 0/2] vfio: selftests: Fix MMIO test failures in iommufd compat mode

[PATCH 0/2] vfio: selftests: Fix MMIO test failures in iommufd compat mode

[Yi Lai]

This series fixes two issues in the vfio_dma_mapping_mmio_test selftest when
running in iommufd compat mode.

The first patch fixes a segmentation fault caused by an uninitialized list head
when __iommu_map() fails (as expected for MMIO regions in iommufd).

The second patch fixes a test assertion failure by aligning the check for the
__iommu_unmap() return value based on the iommufd mode (native vs. compat).

Yi Lai (2):
  vfio: selftests: Fix iommufd compat mode __iommu_unmap() crash
  vfio: selftests: Align __iommu_unmap() check with iommufd compat mode

 .../selftests/vfio/vfio_dma_mapping_mmio_test.c        | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

-- 
2.43.0

[PATCH 1/2] vfio: selftests: Fix iommufd compat mode __iommu_unmap() crash

[Yi Lai]

When running vfio_dma_mapping_mmio_test in MODE_IOMMUFD_COMPAT* mode,
the test crashes with "Test terminated unexpectedly by signal 11".

The crash happens because:
1. __iommu_map() fails as expected for MMIO mappings in iommufd.
Consequently, the region.link remains uninitialized.
2. The test proceeds to call __iommu_unmap().
3. In iommufd compat mode, the kernel returns 0 for unmapping a
non-existent range.
4. __iommu_unmap() calls list_del_init(&region->link), dereferencing the
uninitialized pointer.

Fix this by explicitly initializing region.link using INIT_LIST_HEAD.

Signed-off-by: Yi Lai <yi1.lai@intel.com>
---
 tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c b/tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c
index 957a89ce7b3a..4f7ecdca0215 100644
--- a/tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c
+++ b/tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c
@@ -88,6 +88,7 @@ static void do_mmio_map_test(struct iommu *iommu,
 		.vaddr = vaddr,
 		.size = size,
 		.iova = iova_allocator_alloc(iova_allocator, size),
+		.link = LIST_HEAD_INIT(region.link),
 	};
 
 	/*
-- 
2.43.0

[PATCH 2/2] vfio: selftests: Align __iommu_unmap() check with iommufd compat mode

[Yi Lai]

When __iommu_map() fails (as expected for MMIO in iommufd modes), the
test proceeds to call __iommu_unmap() for cleanup.

The behavior of unmapping a non-existent range differs between iommufd
native and compat modes:
- Native iommufd returns -ENOENT (failure).
- Compat iommufd returns 0 (success), mimicking legacy VFIO behavior.

The previous code asserted that __iommu_unmap() always fails, which
caused test failures in compat mode. Fix this by checking the return
value based on the iommufd mode.

Signed-off-by: Yi Lai <yi1.lai@intel.com>
---
 .../testing/selftests/vfio/vfio_dma_mapping_mmio_test.c  | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c b/tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c
index 4f7ecdca0215..e6a2b2ff91f0 100644
--- a/tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c
+++ b/tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c
@@ -101,7 +101,14 @@ static void do_mmio_map_test(struct iommu *iommu,
 		iommu_unmap(iommu, &region);
 	} else {
 		VFIO_ASSERT_NE(__iommu_map(iommu, &region), 0);
-		VFIO_ASSERT_NE(__iommu_unmap(iommu, &region, NULL), 0);
+		/*
+		 * Native IOMMUFD returns -ENOENT and Compat IOMMUFD returns 0
+		 * for unmapping a non-existent range.
+		 */
+		if (!strcmp(iommu->mode->name, MODE_IOMMUFD))
+			VFIO_ASSERT_NE(__iommu_unmap(iommu, &region, NULL), 0);
+		else
+			VFIO_ASSERT_EQ(__iommu_unmap(iommu, &region, NULL), 0);
 	}
 }
 
-- 
2.43.0

Re: [PATCH 0/2] vfio: selftests: Fix MMIO test failures in iommufd compat mode

[David Matlack]

On Thu, Mar 19, 2026 at 9:03 PM Yi Lai <yi1.lai@intel.com> wrote:
>
> This series fixes two issues in the vfio_dma_mapping_mmio_test selftest when
> running in iommufd compat mode.
>
> The first patch fixes a segmentation fault caused by an uninitialized list head
> when __iommu_map() fails (as expected for MMIO regions in iommufd).
>
> The second patch fixes a test assertion failure by aligning the check for the
> __iommu_unmap() return value based on the iommufd mode (native vs. compat).

Alex Mastro also sent a fix for these issues here:

  https://lore.kernel.org/kvm/20260303-fix-mmio-test-v1-1-78b4a9e46a4e@fb.com/

Can you take a look and see if it looks ok to you? I think I prefer
Alex's fix. We shouldn't even be calling __iommu_unmap() after
__iommu_map() fails.

Re: [PATCH 0/2] vfio: selftests: Fix MMIO test failures in iommufd compat mode

[Lai, Yi]

On Fri, Mar 20, 2026 at 10:43:54AM -0700, David Matlack wrote:
> On Thu, Mar 19, 2026 at 9:03 PM Yi Lai <yi1.lai@intel.com> wrote:
> >
> > This series fixes two issues in the vfio_dma_mapping_mmio_test selftest when
> > running in iommufd compat mode.
> >
> > The first patch fixes a segmentation fault caused by an uninitialized list head
> > when __iommu_map() fails (as expected for MMIO regions in iommufd).
> >
> > The second patch fixes a test assertion failure by aligning the check for the
> > __iommu_unmap() return value based on the iommufd mode (native vs. compat).
> 
> Alex Mastro also sent a fix for these issues here:
> 
>   https://lore.kernel.org/kvm/20260303-fix-mmio-test-v1-1-78b4a9e46a4e@fb.com/
> 
> Can you take a look and see if it looks ok to you? I think I prefer
> Alex's fix. We shouldn't even be calling __iommu_unmap() after
> __iommu_map() fails.

Yes, just remove calling __iommu_unmap() is a more direct fix for the
two issues I encoutered. Agree with the fix.