From: Zhenzhong Duan <zhenzhong.duan@intel.com>
To: qemu-devel@nongnu.org
Cc: alex.williamson@redhat.com, clg@redhat.com,
eric.auger@redhat.com, mst@redhat.com, jasowang@redhat.com,
peterx@redhat.com, ddutile@redhat.com, jgg@nvidia.com,
nicolinc@nvidia.com, skolothumtho@nvidia.com,
joao.m.martins@oracle.com, clement.mathieu--drif@eviden.com,
kevin.tian@intel.com, yi.l.liu@intel.com, chao.p.peng@intel.com,
Zhenzhong Duan <zhenzhong.duan@intel.com>,
Yi Sun <yi.y.sun@linux.intel.com>
Subject: [PATCH v6 15/22] intel_iommu: Bind/unbind guest page table to host
Date: Thu, 18 Sep 2025 04:57:54 -0400 [thread overview]
Message-ID: <20250918085803.796942-16-zhenzhong.duan@intel.com> (raw)
In-Reply-To: <20250918085803.796942-1-zhenzhong.duan@intel.com>
This captures the guest PASID table entry modifications and propagates
the changes to host to attach a hwpt with type determined per guest IOMMU
PGTT configuration.
When PGTT=PT, attach RID_PASID to a second stage HWPT(GPA->HPA).
When PGTT=FST, attach RID_PASID to nested HWPT with nesting parent
HWPT coming from VFIO.
Co-Authored-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Yi Sun <yi.y.sun@linux.intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
include/hw/i386/intel_iommu.h | 1 +
hw/i386/intel_iommu.c | 152 +++++++++++++++++++++++++++++++++-
hw/i386/trace-events | 3 +
3 files changed, 154 insertions(+), 2 deletions(-)
diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
index ff01e5c82d..86614fbb31 100644
--- a/include/hw/i386/intel_iommu.h
+++ b/include/hw/i386/intel_iommu.h
@@ -104,6 +104,7 @@ struct VTDAddressSpace {
PCIBus *bus;
uint8_t devfn;
uint32_t pasid;
+ uint32_t fs_hwpt;
AddressSpace as;
IOMMUMemoryRegion iommu;
MemoryRegion root; /* The root container of the device */
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 5908368c44..bfe229d0dc 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -20,6 +20,7 @@
*/
#include "qemu/osdep.h"
+#include CONFIG_DEVICES /* CONFIG_IOMMUFD */
#include "qemu/error-report.h"
#include "qemu/main-loop.h"
#include "qapi/error.h"
@@ -41,6 +42,9 @@
#include "migration/vmstate.h"
#include "trace.h"
#include "system/iommufd.h"
+#ifdef CONFIG_IOMMUFD
+#include <linux/iommufd.h>
+#endif
/* context entry operations */
#define RID_PASID 0
@@ -2398,6 +2402,125 @@ static void vtd_context_global_invalidate(IntelIOMMUState *s)
vtd_iommu_replay_all(s);
}
+#ifdef CONFIG_IOMMUFD
+static int vtd_create_fs_hwpt(HostIOMMUDeviceIOMMUFD *idev,
+ VTDPASIDEntry *pe, uint32_t *fs_hwpt,
+ Error **errp)
+{
+ struct iommu_hwpt_vtd_s1 vtd = {};
+
+ vtd.flags = (VTD_SM_PASID_ENTRY_SRE_BIT(pe) ? IOMMU_VTD_S1_SRE : 0) |
+ (VTD_SM_PASID_ENTRY_WPE_BIT(pe) ? IOMMU_VTD_S1_WPE : 0) |
+ (VTD_SM_PASID_ENTRY_EAFE_BIT(pe) ? IOMMU_VTD_S1_EAFE : 0);
+ vtd.addr_width = vtd_pe_get_fs_aw(pe);
+ vtd.pgtbl_addr = (uint64_t)vtd_pe_get_fspt_base(pe);
+
+ return !iommufd_backend_alloc_hwpt(idev->iommufd, idev->devid,
+ idev->hwpt_id, 0, IOMMU_HWPT_DATA_VTD_S1,
+ sizeof(vtd), &vtd, fs_hwpt, errp);
+}
+
+static void vtd_destroy_old_fs_hwpt(HostIOMMUDeviceIOMMUFD *idev,
+ VTDAddressSpace *vtd_as)
+{
+ if (!vtd_as->fs_hwpt) {
+ return;
+ }
+ iommufd_backend_free_id(idev->iommufd, vtd_as->fs_hwpt);
+ vtd_as->fs_hwpt = 0;
+}
+
+static int vtd_device_attach_iommufd(VTDHostIOMMUDevice *vtd_hiod,
+ VTDAddressSpace *vtd_as, Error **errp)
+{
+ HostIOMMUDeviceIOMMUFD *idev = HOST_IOMMU_DEVICE_IOMMUFD(vtd_hiod->hiod);
+ VTDPASIDEntry *pe = &vtd_as->pasid_cache_entry.pasid_entry;
+ uint32_t hwpt_id;
+ bool ret;
+
+ /*
+ * We can get here only if flts=on, the supported PGTT is FST and PT.
+ * Catch invalid PGTT when processing invalidation request to avoid
+ * attaching to wrong hwpt.
+ */
+ if (!vtd_pe_pgtt_is_fst(pe) && !vtd_pe_pgtt_is_pt(pe)) {
+ error_setg(errp, "Invalid PGTT type");
+ return -EINVAL;
+ }
+
+ if (vtd_pe_pgtt_is_pt(pe)) {
+ hwpt_id = idev->hwpt_id;
+ } else if (vtd_create_fs_hwpt(idev, pe, &hwpt_id, errp)) {
+ return -EINVAL;
+ }
+
+ ret = host_iommu_device_iommufd_attach_hwpt(idev, hwpt_id, errp);
+ trace_vtd_device_attach_hwpt(idev->devid, vtd_as->pasid, hwpt_id, !ret);
+ if (ret) {
+ /* Destroy old fs_hwpt if it's a replacement */
+ vtd_destroy_old_fs_hwpt(idev, vtd_as);
+ if (vtd_pe_pgtt_is_fst(pe)) {
+ vtd_as->fs_hwpt = hwpt_id;
+ }
+ } else if (vtd_pe_pgtt_is_fst(pe)) {
+ iommufd_backend_free_id(idev->iommufd, hwpt_id);
+ }
+
+ return !ret;
+}
+
+static int vtd_device_detach_iommufd(VTDHostIOMMUDevice *vtd_hiod,
+ VTDAddressSpace *vtd_as, Error **errp)
+{
+ HostIOMMUDeviceIOMMUFD *idev = HOST_IOMMU_DEVICE_IOMMUFD(vtd_hiod->hiod);
+ IntelIOMMUState *s = vtd_as->iommu_state;
+ uint32_t pasid = vtd_as->pasid;
+ bool ret;
+
+ if (s->dmar_enabled && s->root_scalable) {
+ ret = host_iommu_device_iommufd_detach_hwpt(idev, errp);
+ trace_vtd_device_detach_hwpt(idev->devid, pasid, !ret);
+ } else {
+ /*
+ * If DMAR remapping is disabled or guest switches to legacy mode,
+ * we fallback to the default HWPT which contains shadow page table.
+ * So guest DMA could still work.
+ */
+ ret = host_iommu_device_iommufd_attach_hwpt(idev, idev->hwpt_id, errp);
+ trace_vtd_device_reattach_def_hwpt(idev->devid, pasid, idev->hwpt_id,
+ !ret);
+ }
+
+ if (ret) {
+ vtd_destroy_old_fs_hwpt(idev, vtd_as);
+ }
+
+ return !ret;
+}
+
+static int vtd_bind_guest_pasid(VTDAddressSpace *vtd_as, Error **errp)
+{
+ VTDPASIDCacheEntry *pc_entry = &vtd_as->pasid_cache_entry;
+ VTDHostIOMMUDevice *vtd_hiod = vtd_find_hiod_iommufd(vtd_as);
+ int ret;
+
+ assert(vtd_hiod);
+
+ if (pc_entry->valid) {
+ ret = vtd_device_attach_iommufd(vtd_hiod, vtd_as, errp);
+ } else {
+ ret = vtd_device_detach_iommufd(vtd_hiod, vtd_as, errp);
+ }
+
+ return ret;
+}
+#else
+static int vtd_bind_guest_pasid(VTDAddressSpace *vtd_as, Error **errp)
+{
+ return 0;
+}
+#endif
+
/* Do a context-cache device-selective invalidation.
* @func_mask: FM field after shifting
*/
@@ -3131,6 +3254,11 @@ static inline int vtd_dev_get_pe_from_pasid(VTDAddressSpace *vtd_as,
return vtd_ce_get_pasid_entry(s, &ce, pe, vtd_as->pasid);
}
+static int vtd_pasid_entry_compare(VTDPASIDEntry *p1, VTDPASIDEntry *p2)
+{
+ return memcmp(p1, p2, sizeof(*p1));
+}
+
/*
* For each IOMMUFD backed device, update or invalidate pasid cache based on
* the value in memory.
@@ -3143,6 +3271,8 @@ static void vtd_pasid_cache_sync_locked(gpointer key, gpointer value,
VTDPASIDCacheEntry *pc_entry = &vtd_as->pasid_cache_entry;
VTDPASIDEntry pe;
uint16_t did;
+ const char *err_prefix;
+ Error *local_err = NULL;
/* Ignore emulated device or legacy VFIO backed device */
if (!vtd_find_hiod_iommufd(vtd_as)) {
@@ -3153,13 +3283,18 @@ static void vtd_pasid_cache_sync_locked(gpointer key, gpointer value,
assert(vtd_as->pasid == PCI_NO_PASID);
if (pc_info->reset || vtd_dev_get_pe_from_pasid(vtd_as, &pe)) {
+ if (!pc_entry->valid) {
+ return;
+ }
+
/*
* No valid pasid entry in guest memory. e.g. pasid entry was modified
* to be either all-zero or non-present. Either case means existing
* pasid cache should be invalidated.
*/
pc_entry->valid = false;
- return;
+ err_prefix = "Detaching from HWPT failed: ";
+ goto do_bind_unbind;
}
/*
@@ -3184,7 +3319,20 @@ static void vtd_pasid_cache_sync_locked(gpointer key, gpointer value,
}
pc_entry->pasid_entry = pe;
- pc_entry->valid = true;
+ if (!pc_entry->valid) {
+ pc_entry->valid = true;
+ err_prefix = "Attaching to HWPT failed: ";
+ } else if (vtd_pasid_entry_compare(&pe, &pc_entry->pasid_entry)) {
+ err_prefix = "Replacing HWPT attachment failed: ";
+ } else {
+ return;
+ }
+
+do_bind_unbind:
+ /* TODO: Fault event injection into guest, report error to QEMU for now */
+ if (vtd_bind_guest_pasid(vtd_as, &local_err)) {
+ error_reportf_err(local_err, "%s", err_prefix);
+ }
}
static void vtd_pasid_cache_sync(IntelIOMMUState *s, VTDPASIDCacheInfo *pc_info)
diff --git a/hw/i386/trace-events b/hw/i386/trace-events
index b704f4f90c..5a3ee1cf64 100644
--- a/hw/i386/trace-events
+++ b/hw/i386/trace-events
@@ -73,6 +73,9 @@ vtd_warn_invalid_qi_tail(uint16_t tail) "tail 0x%"PRIx16
vtd_warn_ir_vector(uint16_t sid, int index, int vec, int target) "sid 0x%"PRIx16" index %d vec %d (should be: %d)"
vtd_warn_ir_trigger(uint16_t sid, int index, int trig, int target) "sid 0x%"PRIx16" index %d trigger %d (should be: %d)"
vtd_reset_exit(void) ""
+vtd_device_attach_hwpt(uint32_t dev_id, uint32_t pasid, uint32_t hwpt_id, int ret) "dev_id %d pasid %d hwpt_id %d, ret: %d"
+vtd_device_detach_hwpt(uint32_t dev_id, uint32_t pasid, int ret) "dev_id %d pasid %d ret: %d"
+vtd_device_reattach_def_hwpt(uint32_t dev_id, uint32_t pasid, uint32_t hwpt_id, int ret) "dev_id %d pasid %d hwpt_id %d, ret: %d"
# amd_iommu.c
amdvi_evntlog_fail(uint64_t addr, uint32_t head) "error: fail to write at addr 0x%"PRIx64" + offset 0x%"PRIx32
--
2.47.1
next prev parent reply other threads:[~2025-09-18 9:00 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-18 8:57 [PATCH v6 00/22] intel_iommu: Enable first stage translation for passthrough device Zhenzhong Duan
2025-09-18 8:57 ` [PATCH v6 01/22] intel_iommu: Rename vtd_ce_get_rid2pasid_entry to vtd_ce_get_pasid_entry Zhenzhong Duan
2025-09-18 8:57 ` [PATCH v6 02/22] intel_iommu: Delete RPS capability related supporting code Zhenzhong Duan
2025-09-30 13:49 ` Eric Auger
2025-10-09 10:10 ` Duan, Zhenzhong
2025-10-12 12:30 ` Yi Liu
2025-09-18 8:57 ` [PATCH v6 03/22] intel_iommu: Update terminology to match VTD spec Zhenzhong Duan
2025-09-30 7:45 ` Eric Auger
2025-10-12 12:30 ` Yi Liu
2025-10-13 6:20 ` Duan, Zhenzhong
2025-09-18 8:57 ` [PATCH v6 04/22] hw/pci: Export pci_device_get_iommu_bus_devfn() and return bool Zhenzhong Duan
2025-09-18 8:57 ` [PATCH v6 05/22] hw/pci: Introduce pci_device_get_viommu_flags() Zhenzhong Duan
2025-09-23 18:47 ` Nicolin Chen
2025-09-24 7:05 ` Duan, Zhenzhong
2025-09-24 8:21 ` Nicolin Chen
2025-09-26 2:54 ` Duan, Zhenzhong
2025-09-30 13:55 ` Eric Auger
2025-10-12 12:26 ` Yi Liu
2025-10-13 6:24 ` Duan, Zhenzhong
2025-09-18 8:57 ` [PATCH v6 06/22] intel_iommu: Implement get_viommu_flags() callback Zhenzhong Duan
2025-10-12 12:28 ` Yi Liu
2025-10-13 6:26 ` Duan, Zhenzhong
2025-09-18 8:57 ` [PATCH v6 07/22] intel_iommu: Introduce a new structure VTDHostIOMMUDevice Zhenzhong Duan
2025-09-18 8:57 ` [PATCH v6 08/22] vfio/iommufd: Force creating nesting parent HWPT Zhenzhong Duan
2025-09-30 14:19 ` Eric Auger
2025-10-12 12:33 ` Yi Liu
2025-09-18 8:57 ` [PATCH v6 09/22] intel_iommu: Stick to system MR for IOMMUFD backed host device when x-fls=on Zhenzhong Duan
2025-09-30 15:04 ` Eric Auger
2025-10-09 10:10 ` Duan, Zhenzhong
2025-10-12 12:51 ` Yi Liu
2025-09-18 8:57 ` [PATCH v6 10/22] intel_iommu: Check for compatibility with IOMMUFD backed device when x-flts=on Zhenzhong Duan
2025-10-12 12:55 ` Yi Liu
2025-10-13 6:48 ` Duan, Zhenzhong
2025-09-18 8:57 ` [PATCH v6 11/22] intel_iommu: Fail passthrough device under PCI bridge if x-flts=on Zhenzhong Duan
2025-09-18 8:57 ` [PATCH v6 12/22] intel_iommu: Handle PASID cache invalidation Zhenzhong Duan
2025-10-12 14:58 ` Yi Liu
2025-10-13 7:37 ` Duan, Zhenzhong
2025-10-13 12:53 ` Yi Liu
2025-10-14 6:25 ` Duan, Zhenzhong
2025-09-18 8:57 ` [PATCH v6 13/22] intel_iommu: Reset pasid cache when system level reset Zhenzhong Duan
2025-10-13 10:25 ` Yi Liu
2025-10-14 5:56 ` Duan, Zhenzhong
2025-09-18 8:57 ` [PATCH v6 14/22] intel_iommu: Add some macros and inline functions Zhenzhong Duan
2025-10-13 10:25 ` Yi Liu
2025-10-14 6:15 ` Duan, Zhenzhong
2025-09-18 8:57 ` Zhenzhong Duan [this message]
2025-10-20 13:49 ` [PATCH v6 15/22] intel_iommu: Bind/unbind guest page table to host Yi Liu
2025-10-21 8:26 ` Duan, Zhenzhong
2025-09-18 8:57 ` [PATCH v6 16/22] intel_iommu: Propagate PASID-based iotlb invalidation " Zhenzhong Duan
2025-09-18 8:57 ` [PATCH v6 17/22] intel_iommu: Replay all pasid bindings when either SRTP or TE bit is changed Zhenzhong Duan
2025-09-18 8:57 ` [PATCH v6 18/22] iommufd: Introduce a helper function to extract vendor capabilities Zhenzhong Duan
2025-09-23 19:45 ` Nicolin Chen
2025-09-24 8:05 ` Duan, Zhenzhong
2025-09-24 8:27 ` Nicolin Chen
2025-09-26 2:54 ` Duan, Zhenzhong
2025-09-18 8:57 ` [PATCH v6 19/22] vfio: Add a new element bypass_ro in VFIOContainerBase Zhenzhong Duan
2025-09-26 12:25 ` Cédric Le Goater
2025-09-18 8:57 ` [PATCH v6 20/22] Workaround for ERRATA_772415_SPR17 Zhenzhong Duan
2025-09-18 8:58 ` [PATCH v6 21/22] intel_iommu: Enable host device when x-flts=on in scalable mode Zhenzhong Duan
2025-09-18 8:58 ` [PATCH v6 22/22] docs/devel: Add IOMMUFD nesting documentation Zhenzhong Duan
2025-09-18 10:00 ` Cédric Le Goater
2025-09-19 2:17 ` Duan, Zhenzhong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250918085803.796942-16-zhenzhong.duan@intel.com \
--to=zhenzhong.duan@intel.com \
--cc=alex.williamson@redhat.com \
--cc=chao.p.peng@intel.com \
--cc=clement.mathieu--drif@eviden.com \
--cc=clg@redhat.com \
--cc=ddutile@redhat.com \
--cc=eric.auger@redhat.com \
--cc=jasowang@redhat.com \
--cc=jgg@nvidia.com \
--cc=joao.m.martins@oracle.com \
--cc=kevin.tian@intel.com \
--cc=mst@redhat.com \
--cc=nicolinc@nvidia.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=skolothumtho@nvidia.com \
--cc=yi.l.liu@intel.com \
--cc=yi.y.sun@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).