>-----Original Message----- >From: Qiang, Chenyi <[email protected]> >Subject: Re: [PATCH] vfio/container: Restrict dma_map_file() to shared RAM > > > >On 5/25/2026 6:31 PM, Duan, Zhenzhong wrote: >> Hi, >> >>> -----Original Message----- >>> From: Qiang, Chenyi <[email protected]> >>> Subject: [PATCH] vfio/container: Restrict dma_map_file() to shared RAM >>> >>> vfio_container_dma_map() uses dma_map_file() whenever a RAMBlock has an >>> fd and the VFIO IOMMU backend supports file-based DMA mapping. That is >>> not correct for private file-backed RAM. >>> >>> dma_map_file() resolves PFNs from the backing file, but private >>> mappings can run on different PFNs than the file itself. As a result, >>> using dma_map_file() on a private RAMBlock can program DMA against pages >>> that do not back QEMU's actual guest memory. >>> >>> This was observed with hugetlbfs-backed guest memory and iommufd/VFIO: >>> share=on works, while share=off can fault because the file-backed PFNs >>> can diverge from the PFNs backing QEMU's private mapping. >> >> Good finding, did you see same issue with common file(not hugetlbfs file) >> backed >private mapping? > >Yes, I also tried with "-object memory-backend- >memfd,id=mem1,size=2G,share=off", and it can also be reproduced.
Reviewed-by: Zhenzhong Duan <[email protected]>
