<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-rng/drivers/vfio, branch master</title>
<subtitle>Development tree for the kernel CSPRNG</subtitle>
<id>https://git.zx2c4.com/linux-rng/atom/drivers/vfio?h=master</id>
<link rel='self' href='https://git.zx2c4.com/linux-rng/atom/drivers/vfio?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/'/>
<updated>2025-12-02T01:32:07Z</updated>
<entry>
<title>Merge tag 'vfs-6.19-rc1.fd_prepare.fs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs</title>
<updated>2025-12-02T01:32:07Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2025-12-02T01:32:07Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=1b5dd29869b1e63f7e5c37d7552e2dcf22de3c26'/>
<id>urn:sha1:1b5dd29869b1e63f7e5c37d7552e2dcf22de3c26</id>
<content type='text'>
Pull fd prepare updates from Christian Brauner:
 "This adds the FD_ADD() and FD_PREPARE() primitive. They simplify the
  common pattern of get_unused_fd_flags() + create file + fd_install()
  that is used extensively throughout the kernel and currently requires
  cumbersome cleanup paths.

  FD_ADD() - For simple cases where a file is installed immediately:

      fd = FD_ADD(O_CLOEXEC, vfio_device_open_file(device));
      if (fd &lt; 0)
          vfio_device_put_registration(device);
      return fd;

  FD_PREPARE() - For cases requiring access to the fd or file, or
  additional work before publishing:

      FD_PREPARE(fdf, O_CLOEXEC, sync_file-&gt;file);
      if (fdf.err) {
          fput(sync_file-&gt;file);
          return fdf.err;
      }

      data.fence = fd_prepare_fd(fdf);
      if (copy_to_user((void __user *)arg, &amp;data, sizeof(data)))
          return -EFAULT;

      return fd_publish(fdf);

  The primitives are centered around struct fd_prepare. FD_PREPARE()
  encapsulates all allocation and cleanup logic and must be followed by
  a call to fd_publish() which associates the fd with the file and
  installs it into the caller's fdtable. If fd_publish() isn't called,
  both are deallocated automatically. FD_ADD() is a shorthand that does
  fd_publish() immediately and never exposes the struct to the caller.

  I've implemented this in a way that it's compatible with the cleanup
  infrastructure while also being usable separately. IOW, it's centered
  around struct fd_prepare which is aliased to class_fd_prepare_t and so
  we can make use of all the basica guard infrastructure"

* tag 'vfs-6.19-rc1.fd_prepare.fs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (42 commits)
  io_uring: convert io_create_mock_file() to FD_PREPARE()
  file: convert replace_fd() to FD_PREPARE()
  vfio: convert vfio_group_ioctl_get_device_fd() to FD_ADD()
  tty: convert ptm_open_peer() to FD_ADD()
  ntsync: convert ntsync_obj_get_fd() to FD_PREPARE()
  media: convert media_request_alloc() to FD_PREPARE()
  hv: convert mshv_ioctl_create_partition() to FD_ADD()
  gpio: convert linehandle_create() to FD_PREPARE()
  pseries: port papr_rtas_setup_file_interface() to FD_ADD()
  pseries: convert papr_platform_dump_create_handle() to FD_ADD()
  spufs: convert spufs_gang_open() to FD_PREPARE()
  papr-hvpipe: convert papr_hvpipe_dev_create_handle() to FD_PREPARE()
  spufs: convert spufs_context_open() to FD_PREPARE()
  net/socket: convert __sys_accept4_file() to FD_ADD()
  net/socket: convert sock_map_fd() to FD_ADD()
  net/kcm: convert kcm_ioctl() to FD_PREPARE()
  net/handshake: convert handshake_nl_accept_doit() to FD_PREPARE()
  secretmem: convert memfd_secret() to FD_ADD()
  memfd: convert memfd_create() to FD_ADD()
  bpf: convert bpf_token_create() to FD_PREPARE()
  ...
</content>
</entry>
<entry>
<title>vfio: convert vfio_group_ioctl_get_device_fd() to FD_ADD()</title>
<updated>2025-11-28T11:42:36Z</updated>
<author>
<name>Christian Brauner</name>
<email>brauner@kernel.org</email>
</author>
<published>2025-11-23T16:34:01Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=5f3ea1c201088290f66445b601a21fd89a398f88'/>
<id>urn:sha1:5f3ea1c201088290f66445b601a21fd89a398f88</id>
<content type='text'>
Link: https://patch.msgid.link/20251123-work-fd-prepare-v4-43-b6efa1706cfd@kernel.org
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>vfio/type1: handle DMA map/unmap up to the addressable limit</title>
<updated>2025-10-28T21:54:41Z</updated>
<author>
<name>Alex Mastro</name>
<email>amastro@fb.com</email>
</author>
<published>2025-10-28T16:15:02Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=ef270ec44637d464126bd4ade483c4a1887e06bc'/>
<id>urn:sha1:ef270ec44637d464126bd4ade483c4a1887e06bc</id>
<content type='text'>
Before this commit, it was possible to create end of address space
mappings, but unmapping them via VFIO_IOMMU_UNMAP_DMA, replaying them
for newly added iommu domains, and querying their dirty pages via
VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP was broken due to bugs caused by
comparisons against (iova + size) expressions, which overflow to zero.
Additionally, there appears to be a page pinning leak in the
vfio_iommu_type1_release() path, since vfio_unmap_unpin()'s loop body
where unmap_unpin_*() are called will never be entered due to overflow
of (iova + size) to zero.

This commit handles DMA map/unmap operations up to the addressable
limit by comparing against inclusive end-of-range limits, and changing
iteration to perform relative traversals across range sizes, rather than
absolute traversals across addresses.

vfio_link_dma() inserts a zero-sized vfio_dma into the rb-tree, and is
only used for that purpose, so discard the size from consideration for
the insertion point.

Tested-by: Alejandro Jimenez &lt;alejandro.j.jimenez@oracle.com&gt;
Fixes: 73fa0d10d077 ("vfio: Type1 IOMMU implementation")
Reviewed-by: Jason Gunthorpe &lt;jgg@nvidia.com&gt;
Reviewed-by: Alejandro Jimenez &lt;alejandro.j.jimenez@oracle.com&gt;
Signed-off-by: Alex Mastro &lt;amastro@fb.com&gt;
Link: https://lore.kernel.org/r/20251028-fix-unmap-v6-3-2542b96bcc8e@fb.com
Signed-off-by: Alex Williamson &lt;alex@shazbot.org&gt;
</content>
</entry>
<entry>
<title>vfio/type1: move iova increment to unmap_unpin_*() caller</title>
<updated>2025-10-28T21:54:41Z</updated>
<author>
<name>Alex Mastro</name>
<email>amastro@fb.com</email>
</author>
<published>2025-10-28T16:15:01Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=1196f1f897d4ee64d8844e8cfa97c8f93e4d158c'/>
<id>urn:sha1:1196f1f897d4ee64d8844e8cfa97c8f93e4d158c</id>
<content type='text'>
Move incrementing iova to the caller of these functions as part of
preparing to handle end of address space map/unmap.

Tested-by: Alejandro Jimenez &lt;alejandro.j.jimenez@oracle.com&gt;
Fixes: 73fa0d10d077 ("vfio: Type1 IOMMU implementation")
Reviewed-by: Jason Gunthorpe &lt;jgg@nvidia.com&gt;
Reviewed-by: Alejandro Jimenez &lt;alejandro.j.jimenez@oracle.com&gt;
Signed-off-by: Alex Mastro &lt;amastro@fb.com&gt;
Link: https://lore.kernel.org/r/20251028-fix-unmap-v6-2-2542b96bcc8e@fb.com
Signed-off-by: Alex Williamson &lt;alex@shazbot.org&gt;
</content>
</entry>
<entry>
<title>vfio/type1: sanitize for overflow using check_*_overflow()</title>
<updated>2025-10-28T21:54:41Z</updated>
<author>
<name>Alex Mastro</name>
<email>amastro@fb.com</email>
</author>
<published>2025-10-28T16:15:00Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=6012379ede6aa7477db6276bb9876fe7d67c4312'/>
<id>urn:sha1:6012379ede6aa7477db6276bb9876fe7d67c4312</id>
<content type='text'>
Adopt check_*_overflow() functions to clearly express overflow check
intent.

Tested-by: Alejandro Jimenez &lt;alejandro.j.jimenez@oracle.com&gt;
Fixes: 73fa0d10d077 ("vfio: Type1 IOMMU implementation")
Reviewed-by: Jason Gunthorpe &lt;jgg@nvidia.com&gt;
Reviewed-by: Alejandro Jimenez &lt;alejandro.j.jimenez@oracle.com&gt;
Signed-off-by: Alex Mastro &lt;amastro@fb.com&gt;
Link: https://lore.kernel.org/r/20251028-fix-unmap-v6-1-2542b96bcc8e@fb.com
Signed-off-by: Alex Williamson &lt;alex@shazbot.org&gt;
</content>
</entry>
<entry>
<title>vfio: Dump migration features under debugfs</title>
<updated>2025-10-06T17:22:48Z</updated>
<author>
<name>Cédric Le Goater</name>
<email>clg@redhat.com</email>
</author>
<published>2025-09-18T12:19:28Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=451bb96328981808463405d436bd58de16dd967d'/>
<id>urn:sha1:451bb96328981808463405d436bd58de16dd967d</id>
<content type='text'>
A debugfs directory was recently added for VFIO devices. Add a new
"features" file under the migration sub-directory to expose which
features the device supports.

Signed-off-by: Cédric Le Goater &lt;clg@redhat.com&gt;
Link: https://lore.kernel.org/r/20250918121928.1921871-1-clg@redhat.com
Signed-off-by: Alex Williamson &lt;alex.williamson@redhat.com&gt;
</content>
</entry>
<entry>
<title>vfio/type1: optimize vfio_unpin_pages_remote()</title>
<updated>2025-10-06T17:21:27Z</updated>
<author>
<name>Li Zhe</name>
<email>lizhe.67@bytedance.com</email>
</author>
<published>2025-08-14T06:47:14Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=d14de5b92578c769e12d84c9bdeee5627c042270'/>
<id>urn:sha1:d14de5b92578c769e12d84c9bdeee5627c042270</id>
<content type='text'>
When vfio_unpin_pages_remote() is called with a range of addresses that
includes large folios, the function currently performs individual
put_pfn() operations for each page. This can lead to significant
performance overheads, especially when dealing with large ranges of pages.

It would be very rare for reserved PFNs and non reserved will to be mixed
within the same range. So this patch utilizes the has_rsvd variable
introduced in the previous patch to determine whether batch put_pfn()
operations can be performed. Moreover, compared to put_pfn(),
unpin_user_page_range_dirty_lock() is capable of handling large folio
scenarios more efficiently.

The performance test results for completing the 16G VFIO IOMMU DMA
unmapping are as follows.

Base(v6.16):
------- AVERAGE (MADV_HUGEPAGE) --------
VFIO UNMAP DMA in 0.141 s (113.7 GB/s)
------- AVERAGE (MAP_POPULATE) --------
VFIO UNMAP DMA in 0.307 s (52.2 GB/s)
------- AVERAGE (HUGETLBFS) --------
VFIO UNMAP DMA in 0.135 s (118.6 GB/s)

With this patchset:
------- AVERAGE (MADV_HUGEPAGE) --------
VFIO UNMAP DMA in 0.044 s (363.2 GB/s)
------- AVERAGE (MAP_POPULATE) --------
VFIO UNMAP DMA in 0.289 s (55.3 GB/s)
------- AVERAGE (HUGETLBFS) --------
VFIO UNMAP DMA in 0.044 s (361.3 GB/s)

For large folio, we achieve an over 67% performance improvement in
the VFIO UNMAP DMA item. For small folios, the performance test
results appear to show a slight improvement.

Suggested-by: Jason Gunthorpe &lt;jgg@ziepe.ca&gt;
Signed-off-by: Li Zhe &lt;lizhe.67@bytedance.com&gt;
Reviewed-by: David Hildenbrand &lt;david@redhat.com&gt;
Acked-by: David Hildenbrand &lt;david@redhat.com&gt;
Link: https://lore.kernel.org/r/20250814064714.56485-6-lizhe.67@bytedance.com
Signed-off-by: Alex Williamson &lt;alex.williamson@redhat.com&gt;
</content>
</entry>
<entry>
<title>vfio/type1: introduce a new member has_rsvd for struct vfio_dma</title>
<updated>2025-10-06T17:21:26Z</updated>
<author>
<name>Li Zhe</name>
<email>lizhe.67@bytedance.com</email>
</author>
<published>2025-08-14T06:47:13Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=089722e8939e580c9ccc64678ba22f563fdf3bb5'/>
<id>urn:sha1:089722e8939e580c9ccc64678ba22f563fdf3bb5</id>
<content type='text'>
Introduce a new member has_rsvd for struct vfio_dma. This member is
used to indicate whether there are any reserved or invalid pfns in
the region represented by this vfio_dma. If it is true, it indicates
that there is at least one pfn in this region that is either reserved
or invalid.

Signed-off-by: Li Zhe &lt;lizhe.67@bytedance.com&gt;
Reviewed-by: David Hildenbrand &lt;david@redhat.com&gt;
Link: https://lore.kernel.org/r/20250814064714.56485-5-lizhe.67@bytedance.com
Signed-off-by: Alex Williamson &lt;alex.williamson@redhat.com&gt;
</content>
</entry>
<entry>
<title>vfio/type1: batch vfio_find_vpfn() in function vfio_unpin_pages_remote()</title>
<updated>2025-10-06T17:21:26Z</updated>
<author>
<name>Li Zhe</name>
<email>lizhe.67@bytedance.com</email>
</author>
<published>2025-08-14T06:47:12Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=d10872050ffeda8c3bdc08f3376bb49b34b4e643'/>
<id>urn:sha1:d10872050ffeda8c3bdc08f3376bb49b34b4e643</id>
<content type='text'>
The function vpfn_pages() can help us determine the number of vpfn
nodes on the vpfn rb tree within a specified range. This allows us
to avoid searching for each vpfn individually in the function
vfio_unpin_pages_remote(). This patch batches the vfio_find_vpfn()
calls in function vfio_unpin_pages_remote().

Signed-off-by: Li Zhe &lt;lizhe.67@bytedance.com&gt;
Link: https://lore.kernel.org/r/20250814064714.56485-4-lizhe.67@bytedance.com
Signed-off-by: Alex Williamson &lt;alex.williamson@redhat.com&gt;
</content>
</entry>
<entry>
<title>vfio/type1: optimize vfio_pin_pages_remote()</title>
<updated>2025-10-06T17:21:26Z</updated>
<author>
<name>Li Zhe</name>
<email>lizhe.67@bytedance.com</email>
</author>
<published>2025-08-14T06:47:11Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=f6c84a52cc41e2aaed0d956d0a1c1802513a239c'/>
<id>urn:sha1:f6c84a52cc41e2aaed0d956d0a1c1802513a239c</id>
<content type='text'>
When vfio_pin_pages_remote() is called with a range of addresses that
includes large folios, the function currently performs individual
statistics counting operations for each page. This can lead to significant
performance overheads, especially when dealing with large ranges of pages.
Batch processing of statistical counting operations can effectively enhance
performance.

In addition, the pages obtained through longterm GUP are neither invalid
nor reserved. Therefore, we can reduce the overhead associated with some
calls to function is_invalid_reserved_pfn().

The performance test results for completing the 16G VFIO IOMMU DMA mapping
are as follows.

Base(v6.16):
------- AVERAGE (MADV_HUGEPAGE) --------
VFIO MAP DMA in 0.049 s (328.5 GB/s)
------- AVERAGE (MAP_POPULATE) --------
VFIO MAP DMA in 0.268 s (59.6 GB/s)
------- AVERAGE (HUGETLBFS) --------
VFIO MAP DMA in 0.051 s (310.9 GB/s)

With this patch:
------- AVERAGE (MADV_HUGEPAGE) --------
VFIO MAP DMA in 0.025 s (629.8 GB/s)
------- AVERAGE (MAP_POPULATE) --------
VFIO MAP DMA in 0.253 s (63.1 GB/s)
------- AVERAGE (HUGETLBFS) --------
VFIO MAP DMA in 0.030 s (530.5 GB/s)

For large folio, we achieve an over 40% performance improvement.
For small folios, the performance test results indicate a
slight improvement.

Signed-off-by: Li Zhe &lt;lizhe.67@bytedance.com&gt;
Co-developed-by: Alex Williamson &lt;alex.williamson@redhat.com&gt;
Acked-by: David Hildenbrand &lt;david@redhat.com&gt;
Tested-by: Eric Farman &lt;farman@linux.ibm.com&gt;
Link: https://lore.kernel.org/r/20250814064714.56485-3-lizhe.67@bytedance.com
Signed-off-by: Alex Williamson &lt;alex.williamson@redhat.com&gt;
</content>
</entry>
</feed>
