Linaro-mm-sig

linaro-mm-sig@lists.linaro.org

18 participants
3304 discussions

Re: [PATCH v4 8/8] vfio: Validate dma-buf revocation semantics

by Leon Romanovsky

On Wed, Jan 21, 2026 at 02:22:31PM +0000, Pranjal Shrivastava wrote: > On Wed, Jan 21, 2026 at 09:47:12AM -0400, Jason Gunthorpe wrote: > > On Wed, Jan 21, 2026 at 02:59:16PM +0200, Leon Romanovsky wrote: > > > From: Leon Romanovsky <leonro(a)nvidia.com> > > > > > > Use the new dma_buf_attach_revocable() helper to restrict attachments to > > > importers that support mapping invalidation. > > > > > > Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com> > > > --- > > > drivers/vfio/pci/vfio_pci_dmabuf.c | 3 +++ > > > 1 file changed, 3 insertions(+) > > > > > > diff --git a/drivers/vfio/pci/vfio_pci_dmabuf.c b/drivers/vfio/pci/vfio_pci_dmabuf.c > > > index 5fceefc40e27..85056a5a3faf 100644 > > > --- a/drivers/vfio/pci/vfio_pci_dmabuf.c > > > +++ b/drivers/vfio/pci/vfio_pci_dmabuf.c > > > @@ -31,6 +31,9 @@ static int vfio_pci_dma_buf_attach(struct dma_buf *dmabuf, > > > if (priv->revoked) > > > return -ENODEV; > > > > > > + if (!dma_buf_attach_revocable(attachment)) > > > + return -EOPNOTSUPP; > > > + > > > return 0; > > > } > > > > We need to push an urgent -rc fix to implement a pin function here > > that always fails. That was missed and it means things like rdma can > > import vfio when the intention was to block that. It would be bad for > > that uAPI mistake to reach a released kernel. > > > > It's tricky that NULL pin ops means "I support pin" :| > > > > I've been wondering about this for a while now, I've been sitting on the > following: > > diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c > index a4d8f2ff94e4..962bce959366 100644 > --- a/drivers/dma-buf/dma-buf.c > +++ b/drivers/dma-buf/dma-buf.c > @@ -1133,6 +1133,8 @@ int dma_buf_pin(struct dma_buf_attachment *attach) > > if (dmabuf->ops->pin) > ret = dmabuf->ops->pin(attach); > + else > + ret = -EOPNOTSUPP; > > return ret; > } > > But didn't get a chance to dive in the history yet. I thought there's a > good reason we didn't have it? Would it break exisitng dmabuf users? Probably every importer which called to dma_buf_pin() while connecting to existing exporters as many in tree implementation don't have ->pin() implemented. Thanks > > Praan

1 week, 3 days

Re: [PATCH rdma-next 1/2] RDMA/uverbs: Add DMABUF object type and operations

by Jason Gunthorpe

On Thu, Jan 08, 2026 at 01:11:14PM +0200, Edward Srouji wrote: > void rdma_user_mmap_entry_remove(struct rdma_user_mmap_entry *entry) > { > + struct ib_uverbs_dmabuf_file *uverbs_dmabuf, *tmp; > + > if (!entry) > return; > > + mutex_lock(&entry->dmabufs_lock); > xa_lock(&entry->ucontext->mmap_xa); > entry->driver_removed = true; > xa_unlock(&entry->ucontext->mmap_xa); > + list_for_each_entry_safe(uverbs_dmabuf, tmp, &entry->dmabufs, dmabufs_elm) { > + dma_resv_lock(uverbs_dmabuf->dmabuf->resv, NULL); > + list_del(&uverbs_dmabuf->dmabufs_elm); > + uverbs_dmabuf->revoked = true; > + dma_buf_move_notify(uverbs_dmabuf->dmabuf); > + dma_resv_unlock(uverbs_dmabuf->dmabuf->resv); This will need the same wait that Christian pointed out for VFIO.. > diff --git a/drivers/infiniband/core/rdma_core.c b/drivers/infiniband/core/rdma_core.c > index 18918f463361..3e0a8b9cd288 100644 > --- a/drivers/infiniband/core/rdma_core.c > +++ b/drivers/infiniband/core/rdma_core.c > @@ -465,7 +465,7 @@ alloc_begin_fd_uobject(const struct uverbs_api_object *obj, > > fd_type = > container_of(obj->type_attrs, struct uverbs_obj_fd_type, type); > - if (WARN_ON(fd_type->fops->release != &uverbs_uobject_fd_release && > + if (WARN_ON(fd_type->fops && fd_type->fops->release != &uverbs_uobject_fd_release && > fd_type->fops->release != &uverbs_async_event_release)) { > ret = ERR_PTR(-EINVAL); > goto err_fd; > @@ -477,14 +477,16 @@ alloc_begin_fd_uobject(const struct uverbs_api_object *obj, > goto err_fd; > } > > - /* Note that uverbs_uobject_fd_release() is called during abort */ > - filp = anon_inode_getfile(fd_type->name, fd_type->fops, NULL, > - fd_type->flags); > - if (IS_ERR(filp)) { > - ret = ERR_CAST(filp); > - goto err_getfile; > + if (fd_type->fops) { > + /* Note that uverbs_uobject_fd_release() is called during abort */ > + filp = anon_inode_getfile(fd_type->name, fd_type->fops, NULL, > + fd_type->flags); > + if (IS_ERR(filp)) { > + ret = ERR_CAST(filp); > + goto err_getfile; > + } > + uobj->object = filp; > } > - uobj->object = filp; > > uobj->id = new_fd; > return uobj; > @@ -561,7 +563,9 @@ static void alloc_abort_fd_uobject(struct ib_uobject *uobj) > { > struct file *filp = uobj->object; > > - fput(filp); > + if (filp) > + fput(filp); > + > put_unused_fd(uobj->id); This stuff changing hw the uobjects work should probably be in its own patch with its own explanation about creating a uobject that wrappers an externally allocated file descriptor vs this automatic internal allocation. > index 797e2fcc8072..66287e8e7ad7 100644 > --- a/drivers/infiniband/core/uverbs.h > +++ b/drivers/infiniband/core/uverbs.h > @@ -133,6 +133,16 @@ struct ib_uverbs_completion_event_file { > struct ib_uverbs_event_queue ev_queue; > }; > > +struct ib_uverbs_dmabuf_file { > + struct ib_uobject uobj; > + struct dma_buf *dmabuf; > + struct list_head dmabufs_elm; > + struct rdma_user_mmap_entry *mmap_entry; > + struct dma_buf_phys_vec phys_vec; Oh, are we going to have weird merge conflicts with this Leon? > +static int uverbs_dmabuf_attach(struct dma_buf *dmabuf, > + struct dma_buf_attachment *attachment) > +{ > + struct ib_uverbs_dmabuf_file *priv = dmabuf->priv; > + > + if (!attachment->peer2peer) > + return -EOPNOTSUPP; > + > + if (priv->revoked) > + return -ENODEV; This should only be checked in map This should also eventually call the new revoke testing function Leon is adding Jason

1 week, 3 days

Re: [PATCH v3 6/7] vfio: Wait for dma-buf invalidation to complete

by Christian König

On 1/20/26 21:44, Matthew Brost wrote: > On Tue, Jan 20, 2026 at 04:07:06PM +0200, Leon Romanovsky wrote: >> From: Leon Romanovsky <leonro(a)nvidia.com> >> >> dma-buf invalidation is performed asynchronously by hardware, so VFIO must >> wait until all affected objects have been fully invalidated. >> >> Fixes: 5d74781ebc86 ("vfio/pci: Add dma-buf export support for MMIO regions") >> Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com> >> --- >> drivers/vfio/pci/vfio_pci_dmabuf.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/drivers/vfio/pci/vfio_pci_dmabuf.c b/drivers/vfio/pci/vfio_pci_dmabuf.c >> index d4d0f7d08c53..33bc6a1909dd 100644 >> --- a/drivers/vfio/pci/vfio_pci_dmabuf.c >> +++ b/drivers/vfio/pci/vfio_pci_dmabuf.c >> @@ -321,6 +321,9 @@ void vfio_pci_dma_buf_move(struct vfio_pci_core_device *vdev, bool revoked) >> dma_resv_lock(priv->dmabuf->resv, NULL); >> priv->revoked = revoked; >> dma_buf_move_notify(priv->dmabuf); >> + dma_resv_wait_timeout(priv->dmabuf->resv, >> + DMA_RESV_USAGE_KERNEL, false, >> + MAX_SCHEDULE_TIMEOUT); > > Should we explicitly call out in the dma_buf_move_notify() / > invalidate_mappings kernel-doc that KERNEL slots are the mechanism > for communicating asynchronous dma_buf_move_notify / > invalidate_mappings events via fences? Oh, I missed that! And no that is not correct. This should be DMA_RESV_USAGE_BOOKKEEP so that we wait for everything. Regards, Christian. > > Yes, this is probably implied, but it wouldn’t hurt to state this > explicitly as part of the cross-driver contract. > > Here is what we have now: > > * - Dynamic importers should set fences for any access that they can't > * disable immediately from their &dma_buf_attach_ops.invalidate_mappings > * callback. > > Matt > >> dma_resv_unlock(priv->dmabuf->resv); >> } >> fput(priv->dmabuf->file); >> @@ -342,6 +345,8 @@ void vfio_pci_dma_buf_cleanup(struct vfio_pci_core_device *vdev) >> priv->vdev = NULL; >> priv->revoked = true; >> dma_buf_move_notify(priv->dmabuf); >> + dma_resv_wait_timeout(priv->dmabuf->resv, DMA_RESV_USAGE_KERNEL, >> + false, MAX_SCHEDULE_TIMEOUT); >> dma_resv_unlock(priv->dmabuf->resv); >> vfio_device_put_registration(&vdev->vdev); >> fput(priv->dmabuf->file); >> >> -- >> 2.52.0 >>

1 week, 3 days

Re: [PATCH 5/9] dma-buf: inline spinlock for fence protection v4

by Christian König

On 1/20/26 12:41, Tvrtko Ursulin wrote: > > On 20/01/2026 10:54, Christian König wrote: >> Implement per-fence spinlocks, allowing implementations to not give an >> external spinlock to protect the fence internal statei. Instead a spinlock >> embedded into the fence structure itself is used in this case. >> >> Shared spinlocks have the problem that implementations need to guarantee >> that the lock live at least as long all fences referencing them. >> >> Using a per-fence spinlock allows completely decoupling spinlock producer >> and consumer life times, simplifying the handling in most use cases. >> >> v2: improve naming, coverage and function documentation >> v3: fix one additional locking in the selftests >> v4: separate out some changes to make the patch smaller, >> fix one amdgpu crash found by CI systems >> >> Signed-off-by: Christian König <christian.koenig(a)amd.com> >> --- >> drivers/dma-buf/dma-fence.c | 25 +++++++++++++++++------- >> drivers/dma-buf/sync_debug.h | 2 +- >> drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 2 +- >> drivers/gpu/drm/drm_crtc.c | 2 +- >> drivers/gpu/drm/drm_writeback.c | 2 +- >> drivers/gpu/drm/nouveau/nouveau_fence.c | 3 ++- >> drivers/gpu/drm/qxl/qxl_release.c | 3 ++- >> drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 3 ++- >> drivers/gpu/drm/xe/xe_hw_fence.c | 3 ++- > > i915 needed changes too, based on the kbuild report. Going to take a look now. > Have you seen my note about the RCU sparse warning as well? Nope, I must have missed that mail. ... >> +/** >> + * dma_fence_spinlock - return pointer to the spinlock protecting the fence >> + * @fence: the fence to get the lock from >> + * >> + * Return either the pointer to the embedded or the external spin lock. >> + */ >> +static inline spinlock_t *dma_fence_spinlock(struct dma_fence *fence) >> +{ >> + return test_bit(DMA_FENCE_FLAG_INLINE_LOCK_BIT, &fence->flags) ? >> + &fence->inline_lock : fence->extern_lock; >> +} > > You did not want to move this helper into "dma-buf: abstract fence locking" ? I was avoiding that to keep the pre-requisite patch smaller, cause this change here seemed independent to that. But thinking about it I could make a third patch which introduces dma_fence_spinlock() and changes all the container_of uses. > I think that would have been better to keep everything mechanical in one patch, and then this patch which changes behaviour does not touch any drivers but only dma-fence core. > > Also, what about adding something like dma_fence_container_of() in that patch as well? I would rather like to avoid that. Using the spinlock pointer with container_of seemed to be a bit of a hack to me in the first place and I don't want to encourage people to do that in new code as well. Regards, Christian. > > Regards, > > Tvrtko > >> + >> /** >> * dma_fence_lock_irqsave - irqsave lock the fence >> * @fence: the fence to lock >> @@ -385,7 +403,7 @@ dma_fence_get_rcu_safe(struct dma_fence __rcu **fencep) >> * Lock the fence, preventing it from changing to the signaled state. >> */ >> #define dma_fence_lock_irqsave(fence, flags) \ >> - spin_lock_irqsave(fence->lock, flags) >> + spin_lock_irqsave(dma_fence_spinlock(fence), flags) >> /** >> * dma_fence_unlock_irqrestore - unlock the fence and irqrestore >> @@ -395,7 +413,7 @@ dma_fence_get_rcu_safe(struct dma_fence __rcu **fencep) >> * Unlock the fence, allowing it to change it's state to signaled again. >> */ >> #define dma_fence_unlock_irqrestore(fence, flags) \ >> - spin_unlock_irqrestore(fence->lock, flags) >> + spin_unlock_irqrestore(dma_fence_spinlock(fence), flags) >> #ifdef CONFIG_LOCKDEP >> bool dma_fence_begin_signalling(void); >

1 week, 3 days

Re: [PATCH v3 6/7] vfio: Wait for dma-buf invalidation to complete

by Leon Romanovsky

On Tue, Jan 20, 2026 at 12:44:50PM -0800, Matthew Brost wrote: > On Tue, Jan 20, 2026 at 04:07:06PM +0200, Leon Romanovsky wrote: > > From: Leon Romanovsky <leonro(a)nvidia.com> > > > > dma-buf invalidation is performed asynchronously by hardware, so VFIO must > > wait until all affected objects have been fully invalidated. > > > > Fixes: 5d74781ebc86 ("vfio/pci: Add dma-buf export support for MMIO regions") > > Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com> > > --- > > drivers/vfio/pci/vfio_pci_dmabuf.c | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/drivers/vfio/pci/vfio_pci_dmabuf.c b/drivers/vfio/pci/vfio_pci_dmabuf.c > > index d4d0f7d08c53..33bc6a1909dd 100644 > > --- a/drivers/vfio/pci/vfio_pci_dmabuf.c > > +++ b/drivers/vfio/pci/vfio_pci_dmabuf.c > > @@ -321,6 +321,9 @@ void vfio_pci_dma_buf_move(struct vfio_pci_core_device *vdev, bool revoked) > > dma_resv_lock(priv->dmabuf->resv, NULL); > > priv->revoked = revoked; > > dma_buf_move_notify(priv->dmabuf); > > + dma_resv_wait_timeout(priv->dmabuf->resv, > > + DMA_RESV_USAGE_KERNEL, false, > > + MAX_SCHEDULE_TIMEOUT); > > Should we explicitly call out in the dma_buf_move_notify() / > invalidate_mappings kernel-doc that KERNEL slots are the mechanism > for communicating asynchronous dma_buf_move_notify / > invalidate_mappings events via fences? > > Yes, this is probably implied, but it wouldn’t hurt to state this > explicitly as part of the cross-driver contract. > > Here is what we have now: > > * - Dynamic importers should set fences for any access that they can't > * disable immediately from their &dma_buf_attach_ops.invalidate_mappings > * callback. I believe I documented this in patch 4: https://lore.kernel.org/all/20260120-dmabuf-revoke-v3-4-b7e0b07b8214@nvidia…" Is there anything else that should be added? 1275 /** 1276 * dma_buf_move_notify - notify attachments that DMA-buf is moving 1277 * 1278 * @dmabuf: [in] buffer which is moving 1279 * 1280 * Informs all attachments that they need to destroy and recreate all their 1281 * mappings. If the attachment is dynamic then the dynamic importer is expected 1282 * to invalidate any caches it has of the mapping result and perform a new 1283 * mapping request before allowing HW to do any further DMA. 1284 * 1285 * If the attachment is pinned then this informs the pinned importer that 1286 * the underlying mapping is no longer available. Pinned importers may take 1287 * this is as a permanent revocation so exporters should not trigger it 1288 * lightly. 1289 * 1290 * For legacy pinned importers that cannot support invalidation this is a NOP. 1291 * Drivers can call dma_buf_attach_revocable() to determine if the importer 1292 * supports this. 1293 * 1294 * NOTE: The invalidation triggers asynchronous HW operation and the callers 1295 * need to wait for this operation to complete by calling 1296 * to dma_resv_wait_timeout(). 1297 */ Thanks > > Matt > > > dma_resv_unlock(priv->dmabuf->resv); > > } > > fput(priv->dmabuf->file); > > @@ -342,6 +345,8 @@ void vfio_pci_dma_buf_cleanup(struct vfio_pci_core_device *vdev) > > priv->vdev = NULL; > > priv->revoked = true; > > dma_buf_move_notify(priv->dmabuf); > > + dma_resv_wait_timeout(priv->dmabuf->resv, DMA_RESV_USAGE_KERNEL, > > + false, MAX_SCHEDULE_TIMEOUT); > > dma_resv_unlock(priv->dmabuf->resv); > > vfio_device_put_registration(&vdev->vdev); > > fput(priv->dmabuf->file); > > > > -- > > 2.52.0 > >

1 week, 3 days

[PATCH] dma-buf: Remove DMA-BUF sysfs stats

by T.J. Mercier

Commit bdb8d06dfefd ("dmabuf: Add the capability to expose DMA-BUF stats in sysfs") added dmabuf statistics to sysfs in 2021 under CONFIG_DMABUF_SYSFS_STATS. After being used in production, performance problems were discovered leading to its deprecation in 2022 in commit e0a9f1fe206a ("dma-buf: deprecate DMABUF_SYSFS_STATS"). Some of the problems with this interface were discussed in my LPC 2025 talk. [1][2] Android was probably the last user of the interface, which has since been migrated to use the dmabuf BPF iterator [3] to obtain the same information more cheaply. As promised in that series, now that the longterm stable 6.18 kernel has been released let's remove the sysfs dmabuf statistics from the kernel. [1] https://www.youtube.com/watch?v=D83qygudq9c [2] https://lpc.events/event/19/contributions/2118/ [3] https://lore.kernel.org/all/20250522230429.941193-1-tjmercier@google.com/ Signed-off-by: T.J. Mercier <tjmercier(a)google.com> --- .../ABI/testing/sysfs-kernel-dmabuf-buffers | 24 --- Documentation/driver-api/dma-buf.rst | 5 - drivers/dma-buf/Kconfig | 15 -- drivers/dma-buf/Makefile | 1 - drivers/dma-buf/dma-buf-sysfs-stats.c | 202 ------------------ drivers/dma-buf/dma-buf-sysfs-stats.h | 35 --- drivers/dma-buf/dma-buf.c | 18 -- include/linux/dma-buf.h | 12 -- 8 files changed, 312 deletions(-) delete mode 100644 Documentation/ABI/testing/sysfs-kernel-dmabuf-buffers delete mode 100644 drivers/dma-buf/dma-buf-sysfs-stats.c delete mode 100644 drivers/dma-buf/dma-buf-sysfs-stats.h diff --git a/Documentation/ABI/testing/sysfs-kernel-dmabuf-buffers b/Documentation/ABI/testing/sysfs-kernel-dmabuf-buffers deleted file mode 100644 index 5d3bc997dc64..000000000000 --- a/Documentation/ABI/testing/sysfs-kernel-dmabuf-buffers +++ /dev/null @@ -1,24 +0,0 @@ -What: /sys/kernel/dmabuf/buffers -Date: May 2021 -KernelVersion: v5.13 -Contact: Hridya Valsaraju <hridya(a)google.com> -Description: The /sys/kernel/dmabuf/buffers directory contains a - snapshot of the internal state of every DMA-BUF. - /sys/kernel/dmabuf/buffers/<inode_number> will contain the - statistics for the DMA-BUF with the unique inode number - <inode_number> -Users: kernel memory tuning/debugging tools - -What: /sys/kernel/dmabuf/buffers/<inode_number>/exporter_name -Date: May 2021 -KernelVersion: v5.13 -Contact: Hridya Valsaraju <hridya(a)google.com> -Description: This file is read-only and contains the name of the exporter of - the DMA-BUF. - -What: /sys/kernel/dmabuf/buffers/<inode_number>/size -Date: May 2021 -KernelVersion: v5.13 -Contact: Hridya Valsaraju <hridya(a)google.com> -Description: This file is read-only and specifies the size of the DMA-BUF in - bytes. diff --git a/Documentation/driver-api/dma-buf.rst b/Documentation/driver-api/dma-buf.rst index 29abf1eebf9f..2f36c21d9948 100644 --- a/Documentation/driver-api/dma-buf.rst +++ b/Documentation/driver-api/dma-buf.rst @@ -125,11 +125,6 @@ Implicit Fence Poll Support .. kernel-doc:: drivers/dma-buf/dma-buf.c :doc: implicit fence polling -DMA-BUF statistics -~~~~~~~~~~~~~~~~~~ -.. kernel-doc:: drivers/dma-buf/dma-buf-sysfs-stats.c - :doc: overview - DMA Buffer ioctls ~~~~~~~~~~~~~~~~~ diff --git a/drivers/dma-buf/Kconfig b/drivers/dma-buf/Kconfig index fdd823e446cc..012d22e941d6 100644 --- a/drivers/dma-buf/Kconfig +++ b/drivers/dma-buf/Kconfig @@ -75,21 +75,6 @@ menuconfig DMABUF_HEAPS allows userspace to allocate dma-bufs that can be shared between drivers. -menuconfig DMABUF_SYSFS_STATS - bool "DMA-BUF sysfs statistics (DEPRECATED)" - depends on DMA_SHARED_BUFFER - help - Choose this option to enable DMA-BUF sysfs statistics - in location /sys/kernel/dmabuf/buffers. - - /sys/kernel/dmabuf/buffers/<inode_number> will contain - statistics for the DMA-BUF with the unique inode number - <inode_number>. - - This option is deprecated and should sooner or later be removed. - Android is the only user of this and it turned out that this resulted - in quite some performance problems. - source "drivers/dma-buf/heaps/Kconfig" endmenu diff --git a/drivers/dma-buf/Makefile b/drivers/dma-buf/Makefile index 2008fb7481b3..7a85565d906b 100644 --- a/drivers/dma-buf/Makefile +++ b/drivers/dma-buf/Makefile @@ -6,7 +6,6 @@ obj-$(CONFIG_DMABUF_HEAPS) += heaps/ obj-$(CONFIG_SYNC_FILE) += sync_file.o obj-$(CONFIG_SW_SYNC) += sw_sync.o sync_debug.o obj-$(CONFIG_UDMABUF) += udmabuf.o -obj-$(CONFIG_DMABUF_SYSFS_STATS) += dma-buf-sysfs-stats.o dmabuf_selftests-y := \ selftest.o \ diff --git a/drivers/dma-buf/dma-buf-sysfs-stats.c b/drivers/dma-buf/dma-buf-sysfs-stats.c deleted file mode 100644 index b5b62e40ccc1..000000000000 --- a/drivers/dma-buf/dma-buf-sysfs-stats.c +++ /dev/null @@ -1,202 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0-only -/* - * DMA-BUF sysfs statistics. - * - * Copyright (C) 2021 Google LLC. - */ - -#include <linux/dma-buf.h> -#include <linux/dma-resv.h> -#include <linux/kobject.h> -#include <linux/printk.h> -#include <linux/slab.h> -#include <linux/sysfs.h> - -#include "dma-buf-sysfs-stats.h" - -#define to_dma_buf_entry_from_kobj(x) container_of(x, struct dma_buf_sysfs_entry, kobj) - -/** - * DOC: overview - * - * ``/sys/kernel/debug/dma_buf/bufinfo`` provides an overview of every DMA-BUF - * in the system. However, since debugfs is not safe to be mounted in - * production, procfs and sysfs can be used to gather DMA-BUF statistics on - * production systems. - * - * The ``/proc/<pid>/fdinfo/<fd>`` files in procfs can be used to gather - * information about DMA-BUF fds. Detailed documentation about the interface - * is present in Documentation/filesystems/proc.rst. - * - * Unfortunately, the existing procfs interfaces can only provide information - * about the DMA-BUFs for which processes hold fds or have the buffers mmapped - * into their address space. This necessitated the creation of the DMA-BUF sysfs - * statistics interface to provide per-buffer information on production systems. - * - * The interface at ``/sys/kernel/dmabuf/buffers`` exposes information about - * every DMA-BUF when ``CONFIG_DMABUF_SYSFS_STATS`` is enabled. - * - * The following stats are exposed by the interface: - * - * * ``/sys/kernel/dmabuf/buffers/<inode_number>/exporter_name`` - * * ``/sys/kernel/dmabuf/buffers/<inode_number>/size`` - * - * The information in the interface can also be used to derive per-exporter - * statistics. The data from the interface can be gathered on error conditions - * or other important events to provide a snapshot of DMA-BUF usage. - * It can also be collected periodically by telemetry to monitor various metrics. - * - * Detailed documentation about the interface is present in - * Documentation/ABI/testing/sysfs-kernel-dmabuf-buffers. - */ - -struct dma_buf_stats_attribute { - struct attribute attr; - ssize_t (*show)(struct dma_buf *dmabuf, - struct dma_buf_stats_attribute *attr, char *buf); -}; -#define to_dma_buf_stats_attr(x) container_of(x, struct dma_buf_stats_attribute, attr) - -static ssize_t dma_buf_stats_attribute_show(struct kobject *kobj, - struct attribute *attr, - char *buf) -{ - struct dma_buf_stats_attribute *attribute; - struct dma_buf_sysfs_entry *sysfs_entry; - struct dma_buf *dmabuf; - - attribute = to_dma_buf_stats_attr(attr); - sysfs_entry = to_dma_buf_entry_from_kobj(kobj); - dmabuf = sysfs_entry->dmabuf; - - if (!dmabuf || !attribute->show) - return -EIO; - - return attribute->show(dmabuf, attribute, buf); -} - -static const struct sysfs_ops dma_buf_stats_sysfs_ops = { - .show = dma_buf_stats_attribute_show, -}; - -static ssize_t exporter_name_show(struct dma_buf *dmabuf, - struct dma_buf_stats_attribute *attr, - char *buf) -{ - return sysfs_emit(buf, "%s\n", dmabuf->exp_name); -} - -static ssize_t size_show(struct dma_buf *dmabuf, - struct dma_buf_stats_attribute *attr, - char *buf) -{ - return sysfs_emit(buf, "%zu\n", dmabuf->size); -} - -static struct dma_buf_stats_attribute exporter_name_attribute = - __ATTR_RO(exporter_name); -static struct dma_buf_stats_attribute size_attribute = __ATTR_RO(size); - -static struct attribute *dma_buf_stats_default_attrs[] = { - &exporter_name_attribute.attr, - &size_attribute.attr, - NULL, -}; -ATTRIBUTE_GROUPS(dma_buf_stats_default); - -static void dma_buf_sysfs_release(struct kobject *kobj) -{ - struct dma_buf_sysfs_entry *sysfs_entry; - - sysfs_entry = to_dma_buf_entry_from_kobj(kobj); - kfree(sysfs_entry); -} - -static const struct kobj_type dma_buf_ktype = { - .sysfs_ops = &dma_buf_stats_sysfs_ops, - .release = dma_buf_sysfs_release, - .default_groups = dma_buf_stats_default_groups, -}; - -void dma_buf_stats_teardown(struct dma_buf *dmabuf) -{ - struct dma_buf_sysfs_entry *sysfs_entry; - - sysfs_entry = dmabuf->sysfs_entry; - if (!sysfs_entry) - return; - - kobject_del(&sysfs_entry->kobj); - kobject_put(&sysfs_entry->kobj); -} - - -/* Statistics files do not need to send uevents. */ -static int dmabuf_sysfs_uevent_filter(const struct kobject *kobj) -{ - return 0; -} - -static const struct kset_uevent_ops dmabuf_sysfs_no_uevent_ops = { - .filter = dmabuf_sysfs_uevent_filter, -}; - -static struct kset *dma_buf_stats_kset; -static struct kset *dma_buf_per_buffer_stats_kset; -int dma_buf_init_sysfs_statistics(void) -{ - dma_buf_stats_kset = kset_create_and_add("dmabuf", - &dmabuf_sysfs_no_uevent_ops, - kernel_kobj); - if (!dma_buf_stats_kset) - return -ENOMEM; - - dma_buf_per_buffer_stats_kset = kset_create_and_add("buffers", - &dmabuf_sysfs_no_uevent_ops, - &dma_buf_stats_kset->kobj); - if (!dma_buf_per_buffer_stats_kset) { - kset_unregister(dma_buf_stats_kset); - return -ENOMEM; - } - - return 0; -} - -void dma_buf_uninit_sysfs_statistics(void) -{ - kset_unregister(dma_buf_per_buffer_stats_kset); - kset_unregister(dma_buf_stats_kset); -} - -int dma_buf_stats_setup(struct dma_buf *dmabuf, struct file *file) -{ - struct dma_buf_sysfs_entry *sysfs_entry; - int ret; - - if (!dmabuf->exp_name) { - pr_err("exporter name must not be empty if stats needed\n"); - return -EINVAL; - } - - sysfs_entry = kzalloc(sizeof(struct dma_buf_sysfs_entry), GFP_KERNEL); - if (!sysfs_entry) - return -ENOMEM; - - sysfs_entry->kobj.kset = dma_buf_per_buffer_stats_kset; - sysfs_entry->dmabuf = dmabuf; - - dmabuf->sysfs_entry = sysfs_entry; - - /* create the directory for buffer stats */ - ret = kobject_init_and_add(&sysfs_entry->kobj, &dma_buf_ktype, NULL, - "%lu", file_inode(file)->i_ino); - if (ret) - goto err_sysfs_dmabuf; - - return 0; - -err_sysfs_dmabuf: - kobject_put(&sysfs_entry->kobj); - dmabuf->sysfs_entry = NULL; - return ret; -} diff --git a/drivers/dma-buf/dma-buf-sysfs-stats.h b/drivers/dma-buf/dma-buf-sysfs-stats.h deleted file mode 100644 index 7a8a995b75ba..000000000000 --- a/drivers/dma-buf/dma-buf-sysfs-stats.h +++ /dev/null @@ -1,35 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ -/* - * DMA-BUF sysfs statistics. - * - * Copyright (C) 2021 Google LLC. - */ - -#ifndef _DMA_BUF_SYSFS_STATS_H -#define _DMA_BUF_SYSFS_STATS_H - -#ifdef CONFIG_DMABUF_SYSFS_STATS - -int dma_buf_init_sysfs_statistics(void); -void dma_buf_uninit_sysfs_statistics(void); - -int dma_buf_stats_setup(struct dma_buf *dmabuf, struct file *file); - -void dma_buf_stats_teardown(struct dma_buf *dmabuf); -#else - -static inline int dma_buf_init_sysfs_statistics(void) -{ - return 0; -} - -static inline void dma_buf_uninit_sysfs_statistics(void) {} - -static inline int dma_buf_stats_setup(struct dma_buf *dmabuf, struct file *file) -{ - return 0; -} - -static inline void dma_buf_stats_teardown(struct dma_buf *dmabuf) {} -#endif -#endif // _DMA_BUF_SYSFS_STATS_H diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index a4d8f2ff94e4..8e23580f1754 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -33,8 +33,6 @@ #include <uapi/linux/dma-buf.h> #include <uapi/linux/magic.h> -#include "dma-buf-sysfs-stats.h" - #define CREATE_TRACE_POINTS #include <trace/events/dma_buf.h> @@ -184,7 +182,6 @@ static void dma_buf_release(struct dentry *dentry) */ BUG_ON(dmabuf->cb_in.active || dmabuf->cb_out.active); - dma_buf_stats_teardown(dmabuf); dmabuf->ops->release(dmabuf); if (dmabuf->resv == (struct dma_resv *)&dmabuf[1]) @@ -765,10 +762,6 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) dmabuf->resv = resv; } - ret = dma_buf_stats_setup(dmabuf, file); - if (ret) - goto err_dmabuf; - file->private_data = dmabuf; file->f_path.dentry->d_fsdata = dmabuf; dmabuf->file = file; @@ -779,10 +772,6 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) return dmabuf; -err_dmabuf: - if (!resv) - dma_resv_fini(dmabuf->resv); - kfree(dmabuf); err_file: fput(file); err_module: @@ -1802,12 +1791,6 @@ static inline void dma_buf_uninit_debugfs(void) static int __init dma_buf_init(void) { - int ret; - - ret = dma_buf_init_sysfs_statistics(); - if (ret) - return ret; - dma_buf_mnt = kern_mount(&dma_buf_fs_type); if (IS_ERR(dma_buf_mnt)) return PTR_ERR(dma_buf_mnt); @@ -1821,6 +1804,5 @@ static void __exit dma_buf_deinit(void) { dma_buf_uninit_debugfs(); kern_unmount(dma_buf_mnt); - dma_buf_uninit_sysfs_statistics(); } __exitcall(dma_buf_deinit); diff --git a/include/linux/dma-buf.h b/include/linux/dma-buf.h index 0bc492090237..91f4939db89b 100644 --- a/include/linux/dma-buf.h +++ b/include/linux/dma-buf.h @@ -429,18 +429,6 @@ struct dma_buf { __poll_t active; } cb_in, cb_out; -#ifdef CONFIG_DMABUF_SYSFS_STATS - /** - * @sysfs_entry: - * - * For exposing information about this buffer in sysfs. See also - * `DMA-BUF statistics`_ for the uapi this enables. - */ - struct dma_buf_sysfs_entry { - struct kobject kobj; - struct dma_buf *dmabuf; - } *sysfs_entry; -#endif }; /** base-commit: 26b4309a3ab82a0697751cde52eb336c29c19035 -- 2.52.0.457.g6b5491de43-goog

1 week, 3 days

Re: [PATCH rdma-next 2/2] RDMA/mlx5: Implement DMABUF export ops

by Jason Gunthorpe

On Thu, Jan 08, 2026 at 01:11:15PM +0200, Edward Srouji wrote: > +static int phys_addr_to_bar(struct pci_dev *pdev, phys_addr_t pa) > +{ > + resource_size_t start, end; > + int bar; > + > + for (bar = 0; bar < PCI_STD_NUM_BARS; bar++) { > + /* Skip BARs not present or not memory-mapped */ > + if (!(pci_resource_flags(pdev, bar) & IORESOURCE_MEM)) > + continue; > + > + start = pci_resource_start(pdev, bar); > + end = pci_resource_end(pdev, bar); > + > + if (!start || !end) > + continue; > + > + if (pa >= start && pa <= end) > + return bar; > + } Don't we know which of the two BARs the mmap entry came from based on its type? This seems like overkill.. Jason

1 week, 4 days

[PATCH v2 0/4] dma-buf: document revoke mechanism to invalidate shared buffers

by Leon Romanovsky

Changelog: v2: * Changed series to document the revoke semantics instead of implementing it. v1: https://patch.msgid.link/20260111-dmabuf-revoke-v1-0-fb4bcc8c259b@nvidia.com ------------------------------------------------------------------------- This series documents a dma-buf “revoke” mechanism: to allow a dma-buf exporter to explicitly invalidate (“kill”) a shared buffer after it has been distributed to importers, so that further CPU and device access is prevented and importers reliably observe failure. The change in this series is to properly document and use existing core “revoked” state on the dma-buf object and a corresponding exporter-triggered revoke operation. Once a dma-buf is revoked, new access paths are blocked so that attempts to DMA-map, vmap, or mmap the buffer fail in a consistent way. Thanks Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Cc: linux-kernel(a)vger.kernel.org Cc: amd-gfx(a)lists.freedesktop.org Cc: virtualization(a)lists.linux.dev Cc: intel-xe(a)lists.freedesktop.org Cc: linux-rdma(a)vger.kernel.org Cc: iommu(a)lists.linux.dev Cc: kvm(a)vger.kernel.org To: Sumit Semwal <sumit.semwal(a)linaro.org> To: Christian König <christian.koenig(a)amd.com> To: Alex Deucher <alexander.deucher(a)amd.com> To: David Airlie <airlied(a)gmail.com> To: Simona Vetter <simona(a)ffwll.ch> To: Gerd Hoffmann <kraxel(a)redhat.com> To: Dmitry Osipenko <dmitry.osipenko(a)collabora.com> To: Gurchetan Singh <gurchetansingh(a)chromium.org> To: Chia-I Wu <olvaffe(a)gmail.com> To: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> To: Maxime Ripard <mripard(a)kernel.org> To: Thomas Zimmermann <tzimmermann(a)suse.de> To: Lucas De Marchi <lucas.demarchi(a)intel.com> To: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> To: Rodrigo Vivi <rodrigo.vivi(a)intel.com> To: Jason Gunthorpe <jgg(a)ziepe.ca> To: Leon Romanovsky <leon(a)kernel.org> To: Kevin Tian <kevin.tian(a)intel.com> To: Joerg Roedel <joro(a)8bytes.org> To: Will Deacon <will(a)kernel.org> To: Robin Murphy <robin.murphy(a)arm.com> To: Alex Williamson <alex(a)shazbot.org> --- Leon Romanovsky (4): dma-buf: Rename .move_notify() callback to a clearer identifier dma-buf: Document revoke semantics iommufd: Require DMABUF revoke semantics vfio: Add pinned interface to perform revoke semantics drivers/dma-buf/dma-buf.c | 6 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 4 ++-- drivers/gpu/drm/virtio/virtgpu_prime.c | 2 +- drivers/gpu/drm/xe/tests/xe_dma_buf.c | 6 +++--- drivers/gpu/drm/xe/xe_dma_buf.c | 2 +- drivers/infiniband/core/umem_dmabuf.c | 4 ++-- drivers/infiniband/hw/mlx5/mr.c | 2 +- drivers/iommu/iommufd/pages.c | 11 +++++++++-- drivers/vfio/pci/vfio_pci_dmabuf.c | 16 ++++++++++++++++ include/linux/dma-buf.h | 25 ++++++++++++++++++++++--- 10 files changed, 60 insertions(+), 18 deletions(-) --- base-commit: 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb change-id: 20251221-dmabuf-revoke-b90ef16e4236 Best regards, -- Leon Romanovsky <leonro(a)nvidia.com>

1 week, 4 days

Re: [PATCH v3 0/2] dma-buf: system_heap: account for system heap allocation in memcg

by Maxime Ripard

On Fri, 16 Jan 2026 15:05:37 -0500, Eric Chanudet wrote: > Capture dmabuf system heap allocations in memcg following prior > conversations[1][2]. Disable this behavior by default unless configured > by "dma_heap.mem_accounting" module parameter. > > [1] https://lore.kernel.org/dri-devel/Z-5GZ3kJDbhgVBPG@phenom.ffwll.local/ > > [ ... ] Reviewed-by: Maxime Ripard <mripard(a)kernel.org> Thanks! Maxime

1 week, 5 days

Re: [PATCH v3 1/2] dma-buf: heaps: add parameter to account allocations using cgroup

by T.J. Mercier

On Fri, Jan 16, 2026 at 12:06 PM Eric Chanudet <echanude(a)redhat.com> wrote: > > Add a parameter to enable dma-buf heaps allocation accounting using > cgroup for heaps that implement it. It is disabled by default as doing > so incurs caveats based on how memcg currently accounts for shared > buffers. > > Signed-off-by: Eric Chanudet <echanude(a)redhat.com> Reviewed-by: T.J. Mercier <tjmercier(a)google.com>

1 week, 5 days

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig