vfio/pci: Fallback huge faults for unaligned pfn

PlaidCat · PlaidCat · commit a19d26d45317 · 2025-07-15T00:01:36.000-04:00
jira LE-3557 Rebuild_History Non-Buildable kernel-5.14.0-570.26.1.el9_6 commit-author Alex Williamson <alex.williamson@redhat.com> commit 09dfc8a Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-5.14.0-570.26.1.el9_6/09dfc8a5.failed The PFN must also be aligned to the fault order to insert a huge pfnmap. Test the alignment and fallback when unaligned. Fixes: f9e54c3 ("vfio/pci: implement huge_fault support") Link: https://bugzilla.kernel.org/show_bug.cgi?id=219619 Reported-by: Athul Krishna <athul.krishna.kr@protonmail.com> Reported-by: Precific <precification@posteo.de> Reviewed-by: Peter Xu <peterx@redhat.com> Tested-by: Precific <precification@posteo.de> Link: https://lore.kernel.org/r/20250102183416.1841878-1-alex.williamson@redhat.com Cc: stable@vger.kernel.org Signed-off-by: Alex Williamson <alex.williamson@redhat.com> (cherry picked from commit 09dfc8a) Signed-off-by: Jonathan Maple <jmaple@ciq.com> # Conflicts: # drivers/vfio/pci/vfio_pci_core.c
diff --git a/ciq/ciq_backports/kernel-5.14.0-570.26.1.el9_6/09dfc8a5.failed b/ciq/ciq_backports/kernel-5.14.0-570.26.1.el9_6/09dfc8a5.failed
@@ -0,0 +1,134 @@
+vfio/pci: Fallback huge faults for unaligned pfn
+
+jira LE-3557
+Rebuild_History Non-Buildable kernel-5.14.0-570.26.1.el9_6
+commit-author Alex Williamson <alex.williamson@redhat.com>
+commit 09dfc8a5f2ce897005a94bf66cca4f91e4e03700
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-5.14.0-570.26.1.el9_6/09dfc8a5.failed
+
+The PFN must also be aligned to the fault order to insert a huge
+pfnmap.  Test the alignment and fallback when unaligned.
+
+Fixes: f9e54c3a2f5b ("vfio/pci: implement huge_fault support")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=219619
+	Reported-by: Athul Krishna <athul.krishna.kr@protonmail.com>
+	Reported-by: Precific <precification@posteo.de>
+	Reviewed-by: Peter Xu <peterx@redhat.com>
+	Tested-by: Precific <precification@posteo.de>
+Link: https://lore.kernel.org/r/20250102183416.1841878-1-alex.williamson@redhat.com
+	Cc: stable@vger.kernel.org
+	Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+(cherry picked from commit 09dfc8a5f2ce897005a94bf66cca4f91e4e03700)
+	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
+
+# Conflicts:
+#	drivers/vfio/pci/vfio_pci_core.c
+diff --cc drivers/vfio/pci/vfio_pci_core.c
+index ffda816e0119,1a4ed5a357d3..000000000000
+--- a/drivers/vfio/pci/vfio_pci_core.c
++++ b/drivers/vfio/pci/vfio_pci_core.c
+@@@ -1770,49 -1658,59 +1770,87 @@@ static vm_fault_t vfio_pci_mmap_fault(s
+  {
+  	struct vm_area_struct *vma = vmf->vma;
+  	struct vfio_pci_core_device *vdev = vma->vm_private_data;
+++<<<<<<< HEAD
+ +	struct vfio_pci_mmap_vma *mmap_vma;
+ +	vm_fault_t ret = VM_FAULT_NOPAGE;
+ +
+ +	mutex_lock(&vdev->vma_lock);
+ +	down_read(&vdev->memory_lock);
+ +
+ +	/*
+ +	 * Memory region cannot be accessed if the low power feature is engaged
+ +	 * or memory access is disabled.
+ +	 */
+ +	if (vdev->pm_runtime_engaged || !__vfio_pci_memory_enabled(vdev)) {
+ +		ret = VM_FAULT_SIGBUS;
+ +		goto up_out;
+++=======
++ 	unsigned long pfn, pgoff = vmf->pgoff - vma->vm_pgoff;
++ 	vm_fault_t ret = VM_FAULT_SIGBUS;
++ 
++ 	pfn = vma_to_pfn(vma) + pgoff;
++ 
++ 	if (order && (pfn & ((1 << order) - 1) ||
++ 		      vmf->address & ((PAGE_SIZE << order) - 1) ||
++ 		      vmf->address + (PAGE_SIZE << order) > vma->vm_end)) {
++ 		ret = VM_FAULT_FALLBACK;
++ 		goto out;
++ 	}
++ 
++ 	down_read(&vdev->memory_lock);
++ 
++ 	if (vdev->pm_runtime_engaged || !__vfio_pci_memory_enabled(vdev))
++ 		goto out_unlock;
++ 
++ 	switch (order) {
++ 	case 0:
++ 		ret = vmf_insert_pfn(vma, vmf->address, pfn);
++ 		break;
++ #ifdef CONFIG_ARCH_SUPPORTS_PMD_PFNMAP
++ 	case PMD_ORDER:
++ 		ret = vmf_insert_pfn_pmd(vmf,
++ 					 __pfn_to_pfn_t(pfn, PFN_DEV), false);
++ 		break;
++ #endif
++ #ifdef CONFIG_ARCH_SUPPORTS_PUD_PFNMAP
++ 	case PUD_ORDER:
++ 		ret = vmf_insert_pfn_pud(vmf,
++ 					 __pfn_to_pfn_t(pfn, PFN_DEV), false);
++ 		break;
++ #endif
++ 	default:
++ 		ret = VM_FAULT_FALLBACK;
+++>>>>>>> 09dfc8a5f2ce (vfio/pci: Fallback huge faults for unaligned pfn)
+  	}
+  
+ -out_unlock:
+ -	up_read(&vdev->memory_lock);
+ -out:
+ -	dev_dbg_ratelimited(&vdev->pdev->dev,
+ -			   "%s(,order = %d) BAR %ld page offset 0x%lx: 0x%x\n",
+ -			    __func__, order,
+ -			    vma->vm_pgoff >>
+ -				(VFIO_PCI_OFFSET_SHIFT - PAGE_SHIFT),
+ -			    pgoff, (unsigned int)ret);
+ +	/*
+ +	 * We populate the whole vma on fault, so we need to test whether
+ +	 * the vma has already been mapped, such as for concurrent faults
+ +	 * to the same vma.  io_remap_pfn_range() will trigger a BUG_ON if
+ +	 * we ask it to fill the same range again.
+ +	 */
+ +	list_for_each_entry(mmap_vma, &vdev->vma_list, vma_next) {
+ +		if (mmap_vma->vma == vma)
+ +			goto up_out;
+ +	}
+  
+ -	return ret;
+ -}
+ +	if (io_remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff,
+ +			       vma->vm_end - vma->vm_start,
+ +			       vma->vm_page_prot)) {
+ +		ret = VM_FAULT_SIGBUS;
+ +		zap_vma_ptes(vma, vma->vm_start, vma->vm_end - vma->vm_start);
+ +		goto up_out;
+ +	}
+  
+ -static vm_fault_t vfio_pci_mmap_page_fault(struct vm_fault *vmf)
+ -{
+ -	return vfio_pci_mmap_huge_fault(vmf, 0);
+ +	if (__vfio_pci_add_vma(vdev, vma)) {
+ +		ret = VM_FAULT_OOM;
+ +		zap_vma_ptes(vma, vma->vm_start, vma->vm_end - vma->vm_start);
+ +	}
+ +
+ +up_out:
+ +	up_read(&vdev->memory_lock);
+ +	mutex_unlock(&vdev->vma_lock);
+ +	return ret;
+  }
+  
+  static const struct vm_operations_struct vfio_pci_mmap_ops = {
+* Unmerged path drivers/vfio/pci/vfio_pci_core.c
