Re: [PATCH] hw/virtio/vhost: Disable IOTLB callbacks when IOMMU gets disabled

[Peter Xu <peterx@redhat.com>]

Hello, Jason, Eric,

On Fri, Jan 24, 2025 at 11:30:56AM +0800, Jason Wang wrote:
> It might be because neither virtio bus nor virtio-net provides a
> shutdown method.
> 
> There used to be requests to provide those to unbreak the kexec.
> 
> A quick try might be to provide a .driver.shutdown to
> virtio_net_driver structure and reset the device there as a start.

I didn't check virtio driver path, but if that's missing it's reasonable to
support it indeed.

OTOH, even with that, vhost can still hit such DMA issue if it's a
hard-reset, am I right?  IOW, when using QMP command "system-reset".  If my
memory is correct, that's the problem I was working on the VFIO series,
rather than a clean reboot.  And that won't give guest driver chance to run
anything, IIUC.

I am wildly suspecting a VT-d write to GCMD to disable it can also appear
if there's a hard reset, then when bootloading the VM the bios (or whatever
firmware at early stage) may want to make sure the VT-d device is
completely off by writting to GCMD. But that's a pure guess.. and that may
or may not matter much on how we fix this problem.

IOW, I suspect we need to fix both of them,

  (a) for soft-reset, by making sure drivers properly quiesce DMAs
  proactively when VM gracefully shuts down.

  (b) for hard-reset, by making sure QEMU reset in proper order.

One thing to mention is for problem (b) VFIO used to have an extra
challenge on !FLR devices, I discussed it in patch 4's comment there.
Quotting from patch 4 of series:

https://lore.kernel.org/all/20240117091559.144730-1-peterx@redhat.com

     * (1) Device depth-first reset hierachy doesn't yet work for vIOMMUs
     *     (reference: resettable_cold_reset_fn())
     *
     *     Currently, vIOMMU devices are created as normal '-device'
     *     cmdlines.  It means in many ways it has the same attributes with
     *     most of the rest devices, even if the rest devices should
     *     logically be under control of the vIOMMU unit.
     *
     *     One side effect of it is vIOMMU devices will be currently put
     *     randomly under qdev tree hierarchy, which is the source of
     *     device reset ordering in current QEMU (depth-first traversal).
     *     It means vIOMMU now can be reset before some devices.  For fully
     *     emulated devices that's not a problem, because the traversal
     *     holds BQL for the whole process.  However it is a problem if DMA
     *     can happen without BQL, like VFIO, vDPA or remote device process.
     *
     *     TODO: one ideal solution can be that we make vIOMMU the parent
     *     of the whole pci host bridge.  Hence vIOMMU can be reset after
     *     all the devices are reset and quiesced.
     *
     * (2) Some devices register its own reset functions
     *
     *     Even if above issue solved, if devices register its own reset
     *     functions for some reason via QEMU reset hooks, vIOMMU can still
     *     be reset before the device. One example is vfio_reset_handler()
     *     where FLR is not supported on the device.
     *
     *     TODO: merge relevant reset functions into the device tree reset
     *     framework.

So maybe vhost doesn't have problem (2) listed above, and maybe it means
it's still worthwhile thinking more about problem (1), which is to change
the QOM tree to provide a correct topology representation when vIOMMU is
present: so far it should be still a pretty much orphaned object there.. if
QEMU relies on QOM tree topology for reset order, we may need to move it to
the right place sooner or later.

Thanks,

-- 
Peter Xu