9ef7cdf7ca
- kvm-hw-arm-virt-Add-properties-to-disable-high-memory-re.patch [RHEL-19738] - kvm-vfio-Introduce-base-object-for-VFIOContainer-and-tar.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-a-empty-VFIOIOMMUOps.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Switch-to-dma_map-unmap-API.patch [RHEL-19302 RHEL-21057] - kvm-vfio-common-Introduce-vfio_container_init-destroy-he.patch [RHEL-19302 RHEL-21057] - kvm-vfio-common-Move-giommu_list-in-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-space-field-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Switch-to-IOMMU-BE-set_dirty_page_tra.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-per-container-device-list-in-bas.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Convert-functions-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-pgsizes-and-dma_max_mappings-to-.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-vrdl_list-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-listener-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-dirty_pgsizes-and-max_dirty_bitm.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-iova_ranges-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Implement-attach-detach_device.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Introduce-spapr-backend-and-target-interf.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-switch-to-spapr-IOMMU-BE-add-del_section_.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Move-prereg_listener-into-spapr-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Move-hostwin_list-into-spapr-container.patch [RHEL-19302 RHEL-21057] - kvm-backends-iommufd-Introduce-the-iommufd-object.patch [RHEL-19302 RHEL-21057] - kvm-util-char_dev-Add-open_cdev.patch [RHEL-19302 RHEL-21057] - kvm-vfio-common-return-early-if-space-isn-t-empty.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Implement-the-iommufd-backend.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Relax-assert-check-for-iommufd-backend.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Add-support-for-iova_ranges-and-pgsizes.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Extract-out-a-helper-vfio_pci_get_pci_hot_r.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Introduce-a-vfio-pci-hot-reset-interface.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Enable-pci-hot-reset-through-iommufd-cd.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Allow-the-selection-of-a-given-iommu-backen.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Make-vfio-cdev-pre-openable-by-passing-a-fi.patch [RHEL-19302 RHEL-21057] - kvm-vfio-platform-Allow-the-selection-of-a-given-iommu-b.patch [RHEL-19302 RHEL-21057] - kvm-vfio-platform-Make-vfio-cdev-pre-openable-by-passing.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ap-Allow-the-selection-of-a-given-iommu-backend.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ap-Make-vfio-cdev-pre-openable-by-passing-a-fil.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ccw-Allow-the-selection-of-a-given-iommu-backen.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ccw-Make-vfio-cdev-pre-openable-by-passing-a-fi.patch [RHEL-19302 RHEL-21057] - kvm-vfio-Make-VFIOContainerBase-poiner-parameter-const-i.patch [RHEL-19302 RHEL-21057] - kvm-hw-arm-Activate-IOMMUFD-for-virt-machines.patch [RHEL-19302 RHEL-21057] - kvm-kconfig-Activate-IOMMUFD-for-s390x-machines.patch [RHEL-19302 RHEL-21057] - kvm-hw-i386-Activate-IOMMUFD-for-q35-machines.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Move-VFIODevice-initializations-in-vfio_ins.patch [RHEL-19302 RHEL-21057] - kvm-vfio-platform-Move-VFIODevice-initializations-in-vfi.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ap-Move-VFIODevice-initializations-in-vfio_ap_i.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ccw-Move-VFIODevice-initializations-in-vfio_ccw.patch [RHEL-19302 RHEL-21057] - kvm-vfio-Introduce-a-helper-function-to-initialize-VFIOD.patch [RHEL-19302 RHEL-21057] - kvm-docs-devel-Add-VFIO-iommufd-backend-documentation.patch [RHEL-19302 RHEL-21057] - kvm-hw-ppc-Kconfig-Imply-VFIO_PCI.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Extend-VFIOIOMMUOps-with-a-release-handle.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-vfio_legacy_setup-for-furth.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Initialize-VFIOIOMMUOps-under-vfio_in.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-a-VFIOIOMMU-QOM-interface.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-a-VFIOIOMMU-legacy-QOM-inte.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Intoduce-a-new-VFIOIOMMUClass-setup-h.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Introduce-a-sPAPR-VFIOIOMMU-QOM-interface.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Introduce-a-VFIOIOMMU-iommufd-QOM-inter.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Only-compile-sPAPR-IOMMU-support-when-nee.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Remove-CONFIG_IOMMUFD-usage.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Replace-basename-with-g_path_get_base.patch [RHEL-19302 RHEL-21057] - kvm-hw-vfio-fix-iteration-over-global-VFIODevice-list.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Remove-the-use-of-stat-to-check-file-ex.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Rename-vfio_init_container-to-vfio_se.patch [RHEL-19302 RHEL-21057] - kvm-vfio-migration-Add-helper-function-to-set-state-or-r.patch [RHEL-19302 RHEL-21057] - kvm-backends-iommufd-Remove-check-on-number-of-backend-u.patch [RHEL-19302 RHEL-21057] - kvm-backends-iommufd-Remove-mutex.patch [RHEL-19302 RHEL-21057] - kvm-Compile-IOMMUFD-object-on-aarch64.patch [RHEL-19302 RHEL-21057] - kvm-Compile-IOMMUFD-on-s390x.patch [RHEL-19302 RHEL-21057] - kvm-Compile-IOMMUFD-on-x86_64.patch [RHEL-19302 RHEL-21057] - kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch [RHEL-18212] - kvm-nbd-server-avoid-per-NBDRequest-nbd_client_get-put.patch [RHEL-15965] - kvm-nbd-server-only-traverse-NBDExport-clients-from-main.patch [RHEL-15965] - kvm-nbd-server-introduce-NBDClient-lock-to-protect-field.patch [RHEL-15965] - kvm-block-file-posix-set-up-Linux-AIO-and-io_uring-in-th.patch [RHEL-15965] - kvm-virtio-blk-add-lock-to-protect-s-rq.patch [RHEL-15965] - kvm-virtio-blk-don-t-lock-AioContext-in-the-completion-c.patch [RHEL-15965] - kvm-virtio-blk-don-t-lock-AioContext-in-the-submission-c.patch [RHEL-15965] - kvm-scsi-only-access-SCSIDevice-requests-from-one-thread.patch [RHEL-15965] - kvm-virtio-scsi-don-t-lock-AioContext-around-virtio_queu.patch [RHEL-15965] - kvm-scsi-don-t-lock-AioContext-in-I-O-code-path.patch [RHEL-15965] - kvm-dma-helpers-don-t-lock-AioContext-in-dma_blk_cb.patch [RHEL-15965] - kvm-virtio-scsi-replace-AioContext-lock-with-tmf_bh_lock.patch [RHEL-15965] - kvm-scsi-assert-that-callbacks-run-in-the-correct-AioCon.patch [RHEL-15965] - kvm-tests-remove-aio_context_acquire-tests.patch [RHEL-15965] - kvm-aio-make-aio_context_acquire-aio_context_release-a-n.patch [RHEL-15965] - kvm-graph-lock-remove-AioContext-locking.patch [RHEL-15965] - kvm-block-remove-AioContext-locking.patch [RHEL-15965] - kvm-block-remove-bdrv_co_lock.patch [RHEL-15965] - kvm-scsi-remove-AioContext-locking.patch [RHEL-15965] - kvm-aio-wait-draw-equivalence-between-AIO_WAIT_WHILE-and.patch [RHEL-15965] - kvm-aio-remove-aio_context_acquire-aio_context_release-A.patch [RHEL-15965] - kvm-docs-remove-AioContext-lock-from-IOThread-docs.patch [RHEL-15965] - kvm-scsi-remove-outdated-AioContext-lock-comment.patch [RHEL-15965] - kvm-job-remove-outdated-AioContext-locking-comments.patch [RHEL-15965] - kvm-block-remove-outdated-AioContext-locking-comments.patch [RHEL-15965] - kvm-block-coroutine-wrapper-use-qemu_get_current_aio_con.patch [RHEL-15965] - kvm-s390x-pci-avoid-double-enable-disable-of-aif.patch [RHEL-21169] - kvm-s390x-pci-refresh-fh-before-disabling-aif.patch [RHEL-21169] - kvm-s390x-pci-drive-ISM-reset-from-subsystem-reset.patch [RHEL-21169] - kvm-include-ui-rect.h-fix-qemu_rect_init-mis-assignment.patch [RHEL-21570] - kvm-virtio-gpu-block-migration-of-VMs-with-blob-true.patch [RHEL-7565] - kvm-spec-Enable-zstd.patch [RHEL-7361] - Resolves: RHEL-19738 (Enable properties allowing to disable high memory regions) - Resolves: RHEL-19302 (NVIDIA:Grace-Hopper Backport QEMU IOMMUFD Backend) - Resolves: RHEL-21057 (Request backport of 9353b6da430f90e47f352dbf6dc31120c8914da6) - Resolves: RHEL-18212 ([RHEL9][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption) - Resolves: RHEL-15965 ( [qemu-kvm] Remove AioContext lock (no response with QMP command block_resize)) - Resolves: RHEL-21169 ([s390x] VM fails to start with ISM passed through QEMU 8.2) - Resolves: RHEL-21570 (Critical performance degradation for input devices in virtio vnc session) - Resolves: RHEL-7565 (qemu crashed when migrate guest with blob resources enabled) - Resolves: RHEL-7361 ([qemu-kvm] Enable zstd support for qcow2 files)
229 lines
8.5 KiB
Diff
229 lines
8.5 KiB
Diff
From 71aa0219f7c84cbf175eb2a091d48d5fd5daa40b Mon Sep 17 00:00:00 2001
|
|
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
|
Date: Tue, 21 Nov 2023 16:44:26 +0800
|
|
Subject: [PATCH 047/101] docs/devel: Add VFIO iommufd backend documentation
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
RH-Author: Eric Auger <eric.auger@redhat.com>
|
|
RH-MergeRequest: 211: IOMMUFD backend backport
|
|
RH-Jira: RHEL-19302 RHEL-21057
|
|
RH-Acked-by: Cédric Le Goater <clg@redhat.com>
|
|
RH-Acked-by: Sebastian Ott <sebott@redhat.com>
|
|
RH-Commit: [46/67] 6cf49d00e87788f894d690a985bb6798eae24505 (eauger1/centos-qemu-kvm)
|
|
|
|
Suggested-by: Cédric Le Goater <clg@redhat.com>
|
|
Signed-off-by: Eric Auger <eric.auger@redhat.com>
|
|
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
|
|
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
|
Tested-by: Nicolin Chen <nicolinc@nvidia.com>
|
|
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
|
(cherry picked from commit 98dad2b01931f6064c6c4b48ca3c2a1d9f542cd8)
|
|
Signed-off-by: Eric Auger <eric.auger@redhat.com>
|
|
---
|
|
MAINTAINERS | 1 +
|
|
docs/devel/index-internals.rst | 1 +
|
|
docs/devel/vfio-iommufd.rst | 166 +++++++++++++++++++++++++++++++++
|
|
3 files changed, 168 insertions(+)
|
|
create mode 100644 docs/devel/vfio-iommufd.rst
|
|
|
|
diff --git a/MAINTAINERS b/MAINTAINERS
|
|
index ca70bb4e64..0ddb20a35f 100644
|
|
--- a/MAINTAINERS
|
|
+++ b/MAINTAINERS
|
|
@@ -2176,6 +2176,7 @@ F: backends/iommufd.c
|
|
F: include/sysemu/iommufd.h
|
|
F: include/qemu/chardev_open.h
|
|
F: util/chardev_open.c
|
|
+F: docs/devel/vfio-iommufd.rst
|
|
|
|
vhost
|
|
M: Michael S. Tsirkin <mst@redhat.com>
|
|
diff --git a/docs/devel/index-internals.rst b/docs/devel/index-internals.rst
|
|
index 6f81df92bc..3def4a138b 100644
|
|
--- a/docs/devel/index-internals.rst
|
|
+++ b/docs/devel/index-internals.rst
|
|
@@ -18,5 +18,6 @@ Details about QEMU's various subsystems including how to add features to them.
|
|
s390-dasd-ipl
|
|
tracing
|
|
vfio-migration
|
|
+ vfio-iommufd
|
|
writing-monitor-commands
|
|
virtio-backends
|
|
diff --git a/docs/devel/vfio-iommufd.rst b/docs/devel/vfio-iommufd.rst
|
|
new file mode 100644
|
|
index 0000000000..3d1c11f175
|
|
--- /dev/null
|
|
+++ b/docs/devel/vfio-iommufd.rst
|
|
@@ -0,0 +1,166 @@
|
|
+===============================
|
|
+IOMMUFD BACKEND usage with VFIO
|
|
+===============================
|
|
+
|
|
+(Same meaning for backend/container/BE)
|
|
+
|
|
+With the introduction of iommufd, the Linux kernel provides a generic
|
|
+interface for user space drivers to propagate their DMA mappings to kernel
|
|
+for assigned devices. While the legacy kernel interface is group-centric,
|
|
+the new iommufd interface is device-centric, relying on device fd and iommufd.
|
|
+
|
|
+To support both interfaces in the QEMU VFIO device, introduce a base container
|
|
+to abstract the common part of VFIO legacy and iommufd container. So that the
|
|
+generic VFIO code can use either container.
|
|
+
|
|
+The base container implements generic functions such as memory_listener and
|
|
+address space management whereas the derived container implements callbacks
|
|
+specific to either legacy or iommufd. Each container has its own way to setup
|
|
+secure context and dma management interface. The below diagram shows how it
|
|
+looks like with both containers.
|
|
+
|
|
+::
|
|
+
|
|
+ VFIO AddressSpace/Memory
|
|
+ +-------+ +----------+ +-----+ +-----+
|
|
+ | pci | | platform | | ap | | ccw |
|
|
+ +---+---+ +----+-----+ +--+--+ +--+--+ +----------------------+
|
|
+ | | | | | AddressSpace |
|
|
+ | | | | +------------+---------+
|
|
+ +---V-----------V-----------V--------V----+ /
|
|
+ | VFIOAddressSpace | <------------+
|
|
+ | | | MemoryListener
|
|
+ | VFIOContainerBase list |
|
|
+ +-------+----------------------------+----+
|
|
+ | |
|
|
+ | |
|
|
+ +-------V------+ +--------V----------+
|
|
+ | iommufd | | vfio legacy |
|
|
+ | container | | container |
|
|
+ +-------+------+ +--------+----------+
|
|
+ | |
|
|
+ | /dev/iommu | /dev/vfio/vfio
|
|
+ | /dev/vfio/devices/vfioX | /dev/vfio/$group_id
|
|
+ Userspace | |
|
|
+ ============+============================+===========================
|
|
+ Kernel | device fd |
|
|
+ +---------------+ | group/container fd
|
|
+ | (BIND_IOMMUFD | | (SET_CONTAINER/SET_IOMMU)
|
|
+ | ATTACH_IOAS) | | device fd
|
|
+ | | |
|
|
+ | +-------V------------V-----------------+
|
|
+ iommufd | | vfio |
|
|
+ (map/unmap | +---------+--------------------+-------+
|
|
+ ioas_copy) | | | map/unmap
|
|
+ | | |
|
|
+ +------V------+ +-----V------+ +------V--------+
|
|
+ | iommfd core | | device | | vfio iommu |
|
|
+ +-------------+ +------------+ +---------------+
|
|
+
|
|
+* Secure Context setup
|
|
+
|
|
+ - iommufd BE: uses device fd and iommufd to setup secure context
|
|
+ (bind_iommufd, attach_ioas)
|
|
+ - vfio legacy BE: uses group fd and container fd to setup secure context
|
|
+ (set_container, set_iommu)
|
|
+
|
|
+* Device access
|
|
+
|
|
+ - iommufd BE: device fd is opened through ``/dev/vfio/devices/vfioX``
|
|
+ - vfio legacy BE: device fd is retrieved from group fd ioctl
|
|
+
|
|
+* DMA Mapping flow
|
|
+
|
|
+ 1. VFIOAddressSpace receives MemoryRegion add/del via MemoryListener
|
|
+ 2. VFIO populates DMA map/unmap via the container BEs
|
|
+ * iommufd BE: uses iommufd
|
|
+ * vfio legacy BE: uses container fd
|
|
+
|
|
+Example configuration
|
|
+=====================
|
|
+
|
|
+Step 1: configure the host device
|
|
+---------------------------------
|
|
+
|
|
+It's exactly same as the VFIO device with legacy VFIO container.
|
|
+
|
|
+Step 2: configure QEMU
|
|
+----------------------
|
|
+
|
|
+Interactions with the ``/dev/iommu`` are abstracted by a new iommufd
|
|
+object (compiled in with the ``CONFIG_IOMMUFD`` option).
|
|
+
|
|
+Any QEMU device (e.g. VFIO device) wishing to use ``/dev/iommu`` must
|
|
+be linked with an iommufd object. It gets a new optional property
|
|
+named iommufd which allows to pass an iommufd object. Take ``vfio-pci``
|
|
+device for example:
|
|
+
|
|
+.. code-block:: bash
|
|
+
|
|
+ -object iommufd,id=iommufd0
|
|
+ -device vfio-pci,host=0000:02:00.0,iommufd=iommufd0
|
|
+
|
|
+Note the ``/dev/iommu`` and VFIO cdev can be externally opened by a
|
|
+management layer. In such a case the fd is passed, the fd supports a
|
|
+string naming the fd or a number, for example:
|
|
+
|
|
+.. code-block:: bash
|
|
+
|
|
+ -object iommufd,id=iommufd0,fd=22
|
|
+ -device vfio-pci,iommufd=iommufd0,fd=23
|
|
+
|
|
+If the ``fd`` property is not passed, the fd is opened by QEMU.
|
|
+
|
|
+If no ``iommufd`` object is passed to the ``vfio-pci`` device, iommufd
|
|
+is not used and the user gets the behavior based on the legacy VFIO
|
|
+container:
|
|
+
|
|
+.. code-block:: bash
|
|
+
|
|
+ -device vfio-pci,host=0000:02:00.0
|
|
+
|
|
+Supported platform
|
|
+==================
|
|
+
|
|
+Supports x86, ARM and s390x currently.
|
|
+
|
|
+Caveats
|
|
+=======
|
|
+
|
|
+Dirty page sync
|
|
+---------------
|
|
+
|
|
+Dirty page sync with iommufd backend is unsupported yet, live migration is
|
|
+disabled by default. But it can be force enabled like below, low efficient
|
|
+though.
|
|
+
|
|
+.. code-block:: bash
|
|
+
|
|
+ -object iommufd,id=iommufd0
|
|
+ -device vfio-pci,host=0000:02:00.0,iommufd=iommufd0,enable-migration=on
|
|
+
|
|
+P2P DMA
|
|
+-------
|
|
+
|
|
+PCI p2p DMA is unsupported as IOMMUFD doesn't support mapping hardware PCI
|
|
+BAR region yet. Below warning shows for assigned PCI device, it's not a bug.
|
|
+
|
|
+.. code-block:: none
|
|
+
|
|
+ qemu-system-x86_64: warning: IOMMU_IOAS_MAP failed: Bad address, PCI BAR?
|
|
+ qemu-system-x86_64: vfio_container_dma_map(0x560cb6cb1620, 0xe000000021000, 0x3000, 0x7f32ed55c000) = -14 (Bad address)
|
|
+
|
|
+FD passing with mdev
|
|
+--------------------
|
|
+
|
|
+``vfio-pci`` device checks sysfsdev property to decide if backend is a mdev.
|
|
+If FD passing is used, there is no way to know that and the mdev is treated
|
|
+like a real PCI device. There is an error as below if user wants to enable
|
|
+RAM discarding for mdev.
|
|
+
|
|
+.. code-block:: none
|
|
+
|
|
+ qemu-system-x86_64: -device vfio-pci,iommufd=iommufd0,x-balloon-allowed=on,fd=9: vfio VFIO_FD9: x-balloon-allowed only potentially compatible with mdev devices
|
|
+
|
|
+``vfio-ap`` and ``vfio-ccw`` devices don't have same issue as their backend
|
|
+devices are always mdev and RAM discarding is force enabled.
|
|
--
|
|
2.39.3
|
|
|