On 5/25/2026 6:31 PM, Duan, Zhenzhong wrote:
> Hi,
>
>> -----Original Message-----
>> From: Qiang, Chenyi <[email protected]>
>> Subject: [PATCH] vfio/container: Restrict dma_map_file() to shared RAM
>>
>> vfio_container_dma_map() uses dma_map_file() whenever a RAMBlock has an
>> fd and the VFIO IOMMU backend supports file-based DMA mapping. That is
>> not correct for private file-backed RAM.
>>
>> dma_map_file() resolves PFNs from the backing file, but private
>> mappings can run on different PFNs than the file itself. As a result,
>> using dma_map_file() on a private RAMBlock can program DMA against pages
>> that do not back QEMU's actual guest memory.
>>
>> This was observed with hugetlbfs-backed guest memory and iommufd/VFIO:
>> share=on works, while share=off can fault because the file-backed PFNs
>> can diverge from the PFNs backing QEMU's private mapping.
>
> Good finding, did you see same issue with common file(not hugetlbfs file)
> backed private mapping?
Yes, I also tried with "-object
memory-backend-memfd,id=mem1,size=2G,share=off", and it can also be reproduced.
