* [PATCH v2 0/2] amd_iommu: Cleanups and fixes (PART 2)
@ 2025-10-13 5:00 Sairaj Kodilkar
2025-10-13 5:00 ` [PATCH v2 1/2] amd_iommu: Fix handling device on buses != 0 Sairaj Kodilkar
2025-10-13 5:00 ` [PATCH v2 2/2] amd_iommu: Support 64 bit address for IOTLB lookup Sairaj Kodilkar
0 siblings, 2 replies; 5+ messages in thread
From: Sairaj Kodilkar @ 2025-10-13 5:00 UTC (permalink / raw)
To: qemu-devel, alejandro.j.jimenez
Cc: mst, pbonzini, richard.henderson, philmd, suravee.suthikulpanit,
vasant.hegde, marcel.apfelbaum, eduardo, aik, Sairaj Kodilkar
This series provide fixes for following two issues:
1. AMD IOMMU fails to detect the devices when they are attached to PCI bus with
bus id != 0.
e.g. With following command line, dhclient command fails inside the guest
-device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x5 \
-netdev user,id=USER0,hostfwd=tcp::3333-:22 \
-device virtio-net-pci,id=vnet0,iommu_platform=on,disable-legacy=on,romfile=,netdev=USER0,bus=pci.1,addr=0 \
2. Current AMD IOMMU supports IOVAs upto 60 bit which cause failure while
setting up the devices when guest is booted with command line
"iommu.forcedac=1".
One example of the failure is when there are two virtio ethernet devices
attached to the guest with command line
-netdev user,id=USER0 \
-netdev user,id=USER1 \
-device virtio-net-pci,id=vnet0,iommu_platform=on,disable-legacy=on,romfile=,netdev=USER0 \
-device virtio-net-pci,id=vnet1,iommu_platform=on,disable-legacy=on,romfile=,netdev=USER1 \
In this case dhclient fails for second device with following dmesg
[ 24.802644] virtio_net virtio0 enp0s1: TX timeout on queue: 0, sq: output.0, vq: 0x1, name: output.0, 5664000 usecs ago
[ 29.856716] virtio_net virtio0 enp0s1: NETDEV WATCHDOG: CPU: 59: transmit queue 0 timed out 10720 ms
[ 29.858585] virtio_net virtio0 enp0s1: TX timeout on queue: 0, sq: output.0, vq: 0x1, name: output.0, 10720000 usecs ago
-------------------------------------------------------------------------------
Change log:
----------
P1:
- Use fixed type uint8_t for devfn
- Use uintptr_t instead of uint64_t
- Build hash key using lower 56 bits of bus pointer and 8 bits of devfn
- Use gboolean instead of int for amdvi_find_as_by_devid
- Update comments
- Use IOMMU_NOTIFIER_NONE instead of IOMMU_NONE
P2:
- Reword commit message
- Correctly initialize `struct amdvi_iotlb_key`
- Remove unused macro
-------------------------------------------------------------------------------
Base commit: (qemu uptream) eb7abb4a719f
-------------------------------------------------------------------------------
Sairaj Kodilkar (2):
amd_iommu: Fix handling device on buses != 0
amd_iommu: Support 64 bit address for IOTLB lookup
hw/i386/amd_iommu.c | 179 +++++++++++++++++++++++++++-----------------
hw/i386/amd_iommu.h | 6 +-
2 files changed, 113 insertions(+), 72 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2 1/2] amd_iommu: Fix handling device on buses != 0
2025-10-13 5:00 [PATCH v2 0/2] amd_iommu: Cleanups and fixes (PART 2) Sairaj Kodilkar
@ 2025-10-13 5:00 ` Sairaj Kodilkar
2025-10-13 8:15 ` Michael S. Tsirkin
2025-10-13 5:00 ` [PATCH v2 2/2] amd_iommu: Support 64 bit address for IOTLB lookup Sairaj Kodilkar
1 sibling, 1 reply; 5+ messages in thread
From: Sairaj Kodilkar @ 2025-10-13 5:00 UTC (permalink / raw)
To: qemu-devel, alejandro.j.jimenez
Cc: mst, pbonzini, richard.henderson, philmd, suravee.suthikulpanit,
vasant.hegde, marcel.apfelbaum, eduardo, aik, Sairaj Kodilkar
The AMD IOMMU is set up at boot time and uses PCI bus numbers + devfn
for indexing into DTE. The problem is that before the guest started,
all PCI bus numbers are 0 as no PCI discovery happened yet (BIOS or/and
kernel will do that later) so relying on the bus number is wrong.
The immediate effect is emulated devices cannot do DMA when places on
a bus other that 0.
Replace static array of address_space with hash table which uses devfn and
PCIBus* for key as it is not going to change after the guest is booted.
Co-developed-by: Alexey Kardashevskiy <aik@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
Signed-off-by: Sairaj Kodilkar <sarunkod@amd.com>
---
hw/i386/amd_iommu.c | 134 ++++++++++++++++++++++++++------------------
hw/i386/amd_iommu.h | 2 +-
2 files changed, 79 insertions(+), 57 deletions(-)
diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 378e0cb55eab..b194e3294dd7 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -59,7 +59,7 @@ const char *amdvi_mmio_high[] = {
};
struct AMDVIAddressSpace {
- uint8_t bus_num; /* bus number */
+ PCIBus *bus; /* PCIBus (for bus number) */
uint8_t devfn; /* device function */
AMDVIState *iommu_state; /* AMDVI - one per machine */
MemoryRegion root; /* AMDVI Root memory map region */
@@ -101,6 +101,11 @@ typedef enum AMDVIFaultReason {
AMDVI_FR_PT_ENTRY_INV, /* Failure to read PTE from guest memory */
} AMDVIFaultReason;
+typedef struct amdvi_as_key {
+ PCIBus *bus;
+ uint8_t devfn;
+} amdvi_as_key;
+
uint64_t amdvi_extended_feature_register(AMDVIState *s)
{
uint64_t feature = AMDVI_DEFAULT_EXT_FEATURES;
@@ -382,6 +387,44 @@ static guint amdvi_uint64_hash(gconstpointer v)
return (guint)*(const uint64_t *)v;
}
+static gboolean amdvi_as_equal(gconstpointer v1, gconstpointer v2)
+{
+ const struct amdvi_as_key *key1 = v1;
+ const struct amdvi_as_key *key2 = v2;
+
+ return key1->bus == key2->bus && key1->devfn == key2->devfn;
+}
+
+static guint amdvi_as_hash(gconstpointer v)
+{
+ const struct amdvi_as_key *key = v;
+ guint bus = (guint)(uintptr_t)key->bus;
+
+ return (guint)(bus << 8 | (uint)key->devfn);
+}
+
+static AMDVIAddressSpace *amdvi_as_lookup(AMDVIState *s, PCIBus *bus,
+ uint8_t devfn)
+{
+ amdvi_as_key key = { .bus = bus, .devfn = devfn };
+ return g_hash_table_lookup(s->address_spaces, &key);
+}
+
+gboolean amdvi_find_as_by_devid(gpointer key, gpointer value,
+ gpointer user_data)
+{
+ amdvi_as_key *as = (struct amdvi_as_key *)key;
+ uint16_t devid = *((uint16_t *)user_data);
+
+ return devid == PCI_BUILD_BDF(pci_bus_num(as->bus), as->devfn);
+}
+
+static AMDVIAddressSpace *amdvi_get_as_by_devid(AMDVIState *s, uint16_t devid)
+{
+ return g_hash_table_find(s->address_spaces,
+ amdvi_find_as_by_devid, &devid);
+}
+
static AMDVIIOTLBEntry *amdvi_iotlb_lookup(AMDVIState *s, hwaddr addr,
uint64_t devid)
{
@@ -551,7 +594,7 @@ static inline uint64_t amdvi_get_pte_entry(AMDVIState *s, uint64_t pte_addr,
static int amdvi_as_to_dte(AMDVIAddressSpace *as, uint64_t *dte)
{
- uint16_t devid = PCI_BUILD_BDF(as->bus_num, as->devfn);
+ uint16_t devid = PCI_BUILD_BDF(pci_bus_num(as->bus), as->devfn);
AMDVIState *s = as->iommu_state;
if (!amdvi_get_dte(s, devid, dte)) {
@@ -1011,25 +1054,15 @@ static void amdvi_switch_address_space(AMDVIAddressSpace *amdvi_as)
*/
static void amdvi_reset_address_translation_all(AMDVIState *s)
{
- AMDVIAddressSpace **iommu_as;
-
- for (int bus_num = 0; bus_num < PCI_BUS_MAX; bus_num++) {
+ AMDVIAddressSpace *iommu_as;
+ GHashTableIter as_it;
- /* Nothing to do if there are no devices on the current bus */
- if (!s->address_spaces[bus_num]) {
- continue;
- }
- iommu_as = s->address_spaces[bus_num];
+ g_hash_table_iter_init(&as_it, s->address_spaces);
- for (int devfn = 0; devfn < PCI_DEVFN_MAX; devfn++) {
-
- if (!iommu_as[devfn]) {
- continue;
- }
- /* Use passthrough as default mode after reset */
- iommu_as[devfn]->addr_translation = false;
- amdvi_switch_address_space(iommu_as[devfn]);
- }
+ while (g_hash_table_iter_next(&as_it, NULL, (void **)&iommu_as)) {
+ /* Use passhthrough as default mode after reset */
+ iommu_as->addr_translation = false;
+ amdvi_switch_address_space(iommu_as);
}
}
@@ -1089,27 +1122,15 @@ static void enable_nodma_mode(AMDVIAddressSpace *as)
*/
static void amdvi_update_addr_translation_mode(AMDVIState *s, uint16_t devid)
{
- uint8_t bus_num, devfn, dte_mode;
+ uint8_t dte_mode;
AMDVIAddressSpace *as;
uint64_t dte[4] = { 0 };
int ret;
- /*
- * Convert the devid encoded in the command to a bus and devfn in
- * order to retrieve the corresponding address space.
- */
- bus_num = PCI_BUS_NUM(devid);
- devfn = devid & 0xff;
-
- /*
- * The main buffer of size (AMDVIAddressSpace *) * (PCI_BUS_MAX) has already
- * been allocated within AMDVIState, but must be careful to not access
- * unallocated devfn.
- */
- if (!s->address_spaces[bus_num] || !s->address_spaces[bus_num][devfn]) {
+ as = amdvi_get_as_by_devid(s, devid);
+ if (!as) {
return;
}
- as = s->address_spaces[bus_num][devfn];
ret = amdvi_as_to_dte(as, dte);
@@ -1783,7 +1804,7 @@ static void amdvi_do_translate(AMDVIAddressSpace *as, hwaddr addr,
bool is_write, IOMMUTLBEntry *ret)
{
AMDVIState *s = as->iommu_state;
- uint16_t devid = PCI_BUILD_BDF(as->bus_num, as->devfn);
+ uint16_t devid = PCI_BUILD_BDF(pci_bus_num(as->bus), as->devfn);
AMDVIIOTLBEntry *iotlb_entry = amdvi_iotlb_lookup(s, addr, devid);
uint64_t entry[4];
int dte_ret;
@@ -1858,7 +1879,7 @@ static IOMMUTLBEntry amdvi_translate(IOMMUMemoryRegion *iommu, hwaddr addr,
}
amdvi_do_translate(as, addr, flag & IOMMU_WO, &ret);
- trace_amdvi_translation_result(as->bus_num, PCI_SLOT(as->devfn),
+ trace_amdvi_translation_result(pci_bus_num(as->bus), PCI_SLOT(as->devfn),
PCI_FUNC(as->devfn), addr, ret.translated_addr);
return ret;
}
@@ -2222,30 +2243,28 @@ static AddressSpace *amdvi_host_dma_iommu(PCIBus *bus, void *opaque, int devfn)
{
char name[128];
AMDVIState *s = opaque;
- AMDVIAddressSpace **iommu_as, *amdvi_dev_as;
- int bus_num = pci_bus_num(bus);
+ AMDVIAddressSpace *amdvi_dev_as;
+ amdvi_as_key *key;
- iommu_as = s->address_spaces[bus_num];
+ amdvi_dev_as = amdvi_as_lookup(s, bus, devfn);
/* allocate memory during the first run */
- if (!iommu_as) {
- iommu_as = g_new0(AMDVIAddressSpace *, PCI_DEVFN_MAX);
- s->address_spaces[bus_num] = iommu_as;
- }
-
- /* set up AMD-Vi region */
- if (!iommu_as[devfn]) {
+ if (!amdvi_dev_as) {
snprintf(name, sizeof(name), "amd_iommu_devfn_%d", devfn);
- iommu_as[devfn] = g_new0(AMDVIAddressSpace, 1);
- iommu_as[devfn]->bus_num = (uint8_t)bus_num;
- iommu_as[devfn]->devfn = (uint8_t)devfn;
- iommu_as[devfn]->iommu_state = s;
- iommu_as[devfn]->notifier_flags = IOMMU_NOTIFIER_NONE;
- iommu_as[devfn]->iova_tree = iova_tree_new();
- iommu_as[devfn]->addr_translation = false;
+ amdvi_dev_as = g_new0(AMDVIAddressSpace, 1);
+ key = g_new0(amdvi_as_key, 1);
- amdvi_dev_as = iommu_as[devfn];
+ amdvi_dev_as->bus = bus;
+ amdvi_dev_as->devfn = (uint8_t)devfn;
+ amdvi_dev_as->iommu_state = s;
+ amdvi_dev_as->notifier_flags = IOMMU_NOTIFIER_NONE;
+ amdvi_dev_as->iova_tree = iova_tree_new();
+ amdvi_dev_as->addr_translation = false;
+ key->bus = bus;
+ key->devfn = devfn;
+
+ g_hash_table_insert(s->address_spaces, key, amdvi_dev_as);
/*
* Memory region relationships looks like (Address range shows
@@ -2288,7 +2307,7 @@ static AddressSpace *amdvi_host_dma_iommu(PCIBus *bus, void *opaque, int devfn)
amdvi_switch_address_space(amdvi_dev_as);
}
- return &iommu_as[devfn]->as;
+ return &amdvi_dev_as->as;
}
static const PCIIOMMUOps amdvi_iommu_ops = {
@@ -2329,7 +2348,7 @@ static int amdvi_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
if (!s->dma_remap && (new & IOMMU_NOTIFIER_MAP)) {
error_setg_errno(errp, ENOTSUP,
"device %02x.%02x.%x requires dma-remap=1",
- as->bus_num, PCI_SLOT(as->devfn), PCI_FUNC(as->devfn));
+ pci_bus_num(as->bus), PCI_SLOT(as->devfn), PCI_FUNC(as->devfn));
return -ENOTSUP;
}
@@ -2510,6 +2529,9 @@ static void amdvi_sysbus_realize(DeviceState *dev, Error **errp)
s->iotlb = g_hash_table_new_full(amdvi_uint64_hash,
amdvi_uint64_equal, g_free, g_free);
+ s->address_spaces = g_hash_table_new_full(amdvi_as_hash,
+ amdvi_as_equal, g_free, g_free);
+
/* set up MMIO */
memory_region_init_io(&s->mr_mmio, OBJECT(s), &mmio_mem_ops, s,
"amdvi-mmio", AMDVI_MMIO_SIZE);
diff --git a/hw/i386/amd_iommu.h b/hw/i386/amd_iommu.h
index daf82fc85f96..38471b95d153 100644
--- a/hw/i386/amd_iommu.h
+++ b/hw/i386/amd_iommu.h
@@ -408,7 +408,7 @@ struct AMDVIState {
bool mmio_enabled;
/* for each served device */
- AMDVIAddressSpace **address_spaces[PCI_BUS_MAX];
+ GHashTable *address_spaces;
/* list of address spaces with registered notifiers */
QLIST_HEAD(, AMDVIAddressSpace) amdvi_as_with_notifiers;
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2 2/2] amd_iommu: Support 64 bit address for IOTLB lookup
2025-10-13 5:00 [PATCH v2 0/2] amd_iommu: Cleanups and fixes (PART 2) Sairaj Kodilkar
2025-10-13 5:00 ` [PATCH v2 1/2] amd_iommu: Fix handling device on buses != 0 Sairaj Kodilkar
@ 2025-10-13 5:00 ` Sairaj Kodilkar
2025-10-13 8:19 ` Michael S. Tsirkin
1 sibling, 1 reply; 5+ messages in thread
From: Sairaj Kodilkar @ 2025-10-13 5:00 UTC (permalink / raw)
To: qemu-devel, alejandro.j.jimenez
Cc: mst, pbonzini, richard.henderson, philmd, suravee.suthikulpanit,
vasant.hegde, marcel.apfelbaum, eduardo, aik, Sairaj Kodilkar
Physical AMD IOMMU supports up to 64 bits of DMA address. When device tries
to read or write from a given DMA address, IOMMU translates the address
using page table assigned to that device. Since IOMMU uses per device page
tables, the emulated IOMMU should use the cache tag of 68 bits
(64 bit address - 12 bit page alignment + 16 bit device ID).
Current emulated AMD IOMMU uses GLib hash table to create software iotlb
and uses 64 bit key to store the IOVA and deviceID, which limits the IOVA
to 60 bits. This causes failure while setting up the device when guest is
booted with "iommu.forcedac=1".
To solve this problem, Use 64 bit IOVA and 16 bit devid as key to store
entries in IOTLB; Use upper 52 bits of IOVA (GFN) and lower 12 bits of
the device ID to construct the 64 bit hash key in order avoid the
truncation as much as possible (reducing hash collisions).
Fixes: d29a09ca6842 ("hw/i386: Introduce AMD IOMMU")
Signed-off-by: Sairaj Kodilkar <sarunkod@amd.com>
---
hw/i386/amd_iommu.c | 57 ++++++++++++++++++++++++++++++---------------
hw/i386/amd_iommu.h | 4 ++--
2 files changed, 40 insertions(+), 21 deletions(-)
diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index b194e3294dd7..a218d147e53d 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -106,6 +106,11 @@ typedef struct amdvi_as_key {
uint8_t devfn;
} amdvi_as_key;
+typedef struct amdvi_iotlb_key {
+ uint64_t gfn;
+ uint16_t devid;
+} amdvi_iotlb_key;
+
uint64_t amdvi_extended_feature_register(AMDVIState *s)
{
uint64_t feature = AMDVI_DEFAULT_EXT_FEATURES;
@@ -377,16 +382,6 @@ static void amdvi_log_pagetab_error(AMDVIState *s, uint16_t devid,
PCI_STATUS_SIG_TARGET_ABORT);
}
-static gboolean amdvi_uint64_equal(gconstpointer v1, gconstpointer v2)
-{
- return *((const uint64_t *)v1) == *((const uint64_t *)v2);
-}
-
-static guint amdvi_uint64_hash(gconstpointer v)
-{
- return (guint)*(const uint64_t *)v;
-}
-
static gboolean amdvi_as_equal(gconstpointer v1, gconstpointer v2)
{
const struct amdvi_as_key *key1 = v1;
@@ -425,11 +420,30 @@ static AMDVIAddressSpace *amdvi_get_as_by_devid(AMDVIState *s, uint16_t devid)
amdvi_find_as_by_devid, &devid);
}
+static gboolean amdvi_iotlb_equal(gconstpointer v1, gconstpointer v2)
+{
+ const amdvi_iotlb_key *key1 = v1;
+ const amdvi_iotlb_key *key2 = v2;
+
+ return key1->devid == key2->devid && key1->gfn == key2->gfn;
+}
+
+static guint amdvi_iotlb_hash(gconstpointer v)
+{
+ const amdvi_iotlb_key *key = v;
+ /* Use GPA and DEVID to find the bucket */
+ return (guint)(key->gfn << AMDVI_PAGE_SHIFT_4K |
+ (key->devid & ~AMDVI_PAGE_MASK_4K));
+}
+
+
static AMDVIIOTLBEntry *amdvi_iotlb_lookup(AMDVIState *s, hwaddr addr,
uint64_t devid)
{
- uint64_t key = (addr >> AMDVI_PAGE_SHIFT_4K) |
- ((uint64_t)(devid) << AMDVI_DEVID_SHIFT);
+ amdvi_iotlb_key key = {
+ .gfn = AMDVI_GET_IOTLB_GFN(addr)
+ .devid = devid,
+ };
return g_hash_table_lookup(s->iotlb, &key);
}
@@ -451,8 +465,10 @@ static gboolean amdvi_iotlb_remove_by_devid(gpointer key, gpointer value,
static void amdvi_iotlb_remove_page(AMDVIState *s, hwaddr addr,
uint64_t devid)
{
- uint64_t key = (addr >> AMDVI_PAGE_SHIFT_4K) |
- ((uint64_t)(devid) << AMDVI_DEVID_SHIFT);
+ amdvi_iotlb_key key = {
+ .gfn = AMDVI_GET_IOTLB_GFN(addr)
+ .devid = devid,
+ };
g_hash_table_remove(s->iotlb, &key);
}
@@ -463,8 +479,10 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t devid,
/* don't cache erroneous translations */
if (to_cache.perm != IOMMU_NONE) {
AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);
- uint64_t *key = g_new(uint64_t, 1);
- uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;
+ amdvi_iotlb_key *key = g_new(amdvi_iotlb_key, 1);
+
+ key->gfn = AMDVI_GET_IOTLB_GFN(gpa);
+ key->devid = devid;
trace_amdvi_cache_update(domid, PCI_BUS_NUM(devid), PCI_SLOT(devid),
PCI_FUNC(devid), gpa, to_cache.translated_addr);
@@ -477,7 +495,8 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t devid,
entry->perms = to_cache.perm;
entry->translated_addr = to_cache.translated_addr;
entry->page_mask = to_cache.addr_mask;
- *key = gfn | ((uint64_t)(devid) << AMDVI_DEVID_SHIFT);
+ entry->devid = devid;
+
g_hash_table_replace(s->iotlb, key, entry);
}
}
@@ -2526,8 +2545,8 @@ static void amdvi_sysbus_realize(DeviceState *dev, Error **errp)
}
}
- s->iotlb = g_hash_table_new_full(amdvi_uint64_hash,
- amdvi_uint64_equal, g_free, g_free);
+ s->iotlb = g_hash_table_new_full(amdvi_iotlb_hash,
+ amdvi_iotlb_equal, g_free, g_free);
s->address_spaces = g_hash_table_new_full(amdvi_as_hash,
amdvi_as_equal, g_free, g_free);
diff --git a/hw/i386/amd_iommu.h b/hw/i386/amd_iommu.h
index 38471b95d153..302ccca5121f 100644
--- a/hw/i386/amd_iommu.h
+++ b/hw/i386/amd_iommu.h
@@ -220,8 +220,8 @@
#define PAGE_SIZE_PTE_COUNT(pgsz) (1ULL << ((ctz64(pgsz) - 12) % 9))
/* IOTLB */
-#define AMDVI_IOTLB_MAX_SIZE 1024
-#define AMDVI_DEVID_SHIFT 36
+#define AMDVI_IOTLB_MAX_SIZE 1024
+#define AMDVI_GET_IOTLB_GFN(addr) (addr >> AMDVI_PAGE_SHIFT_4K)
/* default extended feature */
#define AMDVI_DEFAULT_EXT_FEATURES \
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/2] amd_iommu: Fix handling device on buses != 0
2025-10-13 5:00 ` [PATCH v2 1/2] amd_iommu: Fix handling device on buses != 0 Sairaj Kodilkar
@ 2025-10-13 8:15 ` Michael S. Tsirkin
0 siblings, 0 replies; 5+ messages in thread
From: Michael S. Tsirkin @ 2025-10-13 8:15 UTC (permalink / raw)
To: Sairaj Kodilkar
Cc: qemu-devel, alejandro.j.jimenez, pbonzini, richard.henderson,
philmd, suravee.suthikulpanit, vasant.hegde, marcel.apfelbaum,
eduardo, aik
On Mon, Oct 13, 2025 at 10:30:45AM +0530, Sairaj Kodilkar wrote:
> The AMD IOMMU is set up at boot time and uses PCI bus numbers + devfn
> for indexing into DTE. The problem is that before the guest started,
> all PCI bus numbers are 0 as no PCI discovery happened yet (BIOS or/and
> kernel will do that later) so relying on the bus number is wrong.
> The immediate effect is emulated devices cannot do DMA when places on
> a bus other that 0.
>
> Replace static array of address_space with hash table which uses devfn and
> PCIBus* for key as it is not going to change after the guest is booted.
I am curious whether this has any measureable impact on
performance.
> Co-developed-by: Alexey Kardashevskiy <aik@amd.com>
> Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
> Signed-off-by: Sairaj Kodilkar <sarunkod@amd.com>
love the patch! yet something to improve:
> ---
> hw/i386/amd_iommu.c | 134 ++++++++++++++++++++++++++------------------
> hw/i386/amd_iommu.h | 2 +-
> 2 files changed, 79 insertions(+), 57 deletions(-)
>
> diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
> index 378e0cb55eab..b194e3294dd7 100644
> --- a/hw/i386/amd_iommu.c
> +++ b/hw/i386/amd_iommu.c
> @@ -59,7 +59,7 @@ const char *amdvi_mmio_high[] = {
> };
>
> struct AMDVIAddressSpace {
> - uint8_t bus_num; /* bus number */
> + PCIBus *bus; /* PCIBus (for bus number) */
> uint8_t devfn; /* device function */
> AMDVIState *iommu_state; /* AMDVI - one per machine */
> MemoryRegion root; /* AMDVI Root memory map region */
> @@ -101,6 +101,11 @@ typedef enum AMDVIFaultReason {
> AMDVI_FR_PT_ENTRY_INV, /* Failure to read PTE from guest memory */
> } AMDVIFaultReason;
>
> +typedef struct amdvi_as_key {
> + PCIBus *bus;
> + uint8_t devfn;
> +} amdvi_as_key;
> +
> uint64_t amdvi_extended_feature_register(AMDVIState *s)
> {
> uint64_t feature = AMDVI_DEFAULT_EXT_FEATURES;
Pls fix structure and typedef names according to the QEMU
coding style. Thanks!
> @@ -382,6 +387,44 @@ static guint amdvi_uint64_hash(gconstpointer v)
> return (guint)*(const uint64_t *)v;
> }
>
> +static gboolean amdvi_as_equal(gconstpointer v1, gconstpointer v2)
> +{
> + const struct amdvi_as_key *key1 = v1;
> + const struct amdvi_as_key *key2 = v2;
> +
> + return key1->bus == key2->bus && key1->devfn == key2->devfn;
> +}
> +
> +static guint amdvi_as_hash(gconstpointer v)
> +{
> + const struct amdvi_as_key *key = v;
> + guint bus = (guint)(uintptr_t)key->bus;
> +
> + return (guint)(bus << 8 | (uint)key->devfn);
> +}
> +
> +static AMDVIAddressSpace *amdvi_as_lookup(AMDVIState *s, PCIBus *bus,
> + uint8_t devfn)
> +{
> + amdvi_as_key key = { .bus = bus, .devfn = devfn };
> + return g_hash_table_lookup(s->address_spaces, &key);
> +}
> +
> +gboolean amdvi_find_as_by_devid(gpointer key, gpointer value,
> + gpointer user_data)
> +{
> + amdvi_as_key *as = (struct amdvi_as_key *)key;
this assignment does not need a cast I think.
> + uint16_t devid = *((uint16_t *)user_data);
would be better like this:
uint16_t * devidp = user_data;
then just use *devidp instead of devid.
> +
> + return devid == PCI_BUILD_BDF(pci_bus_num(as->bus), as->devfn);
> +}
> +
> +static AMDVIAddressSpace *amdvi_get_as_by_devid(AMDVIState *s, uint16_t devid)
> +{
> + return g_hash_table_find(s->address_spaces,
> + amdvi_find_as_by_devid, &devid);
> +}
> +
> static AMDVIIOTLBEntry *amdvi_iotlb_lookup(AMDVIState *s, hwaddr addr,
> uint64_t devid)
> {
> @@ -551,7 +594,7 @@ static inline uint64_t amdvi_get_pte_entry(AMDVIState *s, uint64_t pte_addr,
>
> static int amdvi_as_to_dte(AMDVIAddressSpace *as, uint64_t *dte)
> {
> - uint16_t devid = PCI_BUILD_BDF(as->bus_num, as->devfn);
> + uint16_t devid = PCI_BUILD_BDF(pci_bus_num(as->bus), as->devfn);
> AMDVIState *s = as->iommu_state;
>
> if (!amdvi_get_dte(s, devid, dte)) {
> @@ -1011,25 +1054,15 @@ static void amdvi_switch_address_space(AMDVIAddressSpace *amdvi_as)
> */
> static void amdvi_reset_address_translation_all(AMDVIState *s)
> {
> - AMDVIAddressSpace **iommu_as;
> -
> - for (int bus_num = 0; bus_num < PCI_BUS_MAX; bus_num++) {
> + AMDVIAddressSpace *iommu_as;
> + GHashTableIter as_it;
>
> - /* Nothing to do if there are no devices on the current bus */
> - if (!s->address_spaces[bus_num]) {
> - continue;
> - }
> - iommu_as = s->address_spaces[bus_num];
> + g_hash_table_iter_init(&as_it, s->address_spaces);
>
> - for (int devfn = 0; devfn < PCI_DEVFN_MAX; devfn++) {
> -
> - if (!iommu_as[devfn]) {
> - continue;
> - }
> - /* Use passthrough as default mode after reset */
> - iommu_as[devfn]->addr_translation = false;
> - amdvi_switch_address_space(iommu_as[devfn]);
> - }
> + while (g_hash_table_iter_next(&as_it, NULL, (void **)&iommu_as)) {
> + /* Use passhthrough as default mode after reset */
> + iommu_as->addr_translation = false;
> + amdvi_switch_address_space(iommu_as);
> }
> }
>
> @@ -1089,27 +1122,15 @@ static void enable_nodma_mode(AMDVIAddressSpace *as)
> */
> static void amdvi_update_addr_translation_mode(AMDVIState *s, uint16_t devid)
> {
> - uint8_t bus_num, devfn, dte_mode;
> + uint8_t dte_mode;
> AMDVIAddressSpace *as;
> uint64_t dte[4] = { 0 };
> int ret;
>
> - /*
> - * Convert the devid encoded in the command to a bus and devfn in
> - * order to retrieve the corresponding address space.
> - */
> - bus_num = PCI_BUS_NUM(devid);
> - devfn = devid & 0xff;
> -
> - /*
> - * The main buffer of size (AMDVIAddressSpace *) * (PCI_BUS_MAX) has already
> - * been allocated within AMDVIState, but must be careful to not access
> - * unallocated devfn.
> - */
> - if (!s->address_spaces[bus_num] || !s->address_spaces[bus_num][devfn]) {
> + as = amdvi_get_as_by_devid(s, devid);
> + if (!as) {
> return;
> }
> - as = s->address_spaces[bus_num][devfn];
>
> ret = amdvi_as_to_dte(as, dte);
>
> @@ -1783,7 +1804,7 @@ static void amdvi_do_translate(AMDVIAddressSpace *as, hwaddr addr,
> bool is_write, IOMMUTLBEntry *ret)
> {
> AMDVIState *s = as->iommu_state;
> - uint16_t devid = PCI_BUILD_BDF(as->bus_num, as->devfn);
> + uint16_t devid = PCI_BUILD_BDF(pci_bus_num(as->bus), as->devfn);
> AMDVIIOTLBEntry *iotlb_entry = amdvi_iotlb_lookup(s, addr, devid);
> uint64_t entry[4];
> int dte_ret;
> @@ -1858,7 +1879,7 @@ static IOMMUTLBEntry amdvi_translate(IOMMUMemoryRegion *iommu, hwaddr addr,
> }
>
> amdvi_do_translate(as, addr, flag & IOMMU_WO, &ret);
> - trace_amdvi_translation_result(as->bus_num, PCI_SLOT(as->devfn),
> + trace_amdvi_translation_result(pci_bus_num(as->bus), PCI_SLOT(as->devfn),
> PCI_FUNC(as->devfn), addr, ret.translated_addr);
> return ret;
> }
> @@ -2222,30 +2243,28 @@ static AddressSpace *amdvi_host_dma_iommu(PCIBus *bus, void *opaque, int devfn)
> {
> char name[128];
> AMDVIState *s = opaque;
> - AMDVIAddressSpace **iommu_as, *amdvi_dev_as;
> - int bus_num = pci_bus_num(bus);
> + AMDVIAddressSpace *amdvi_dev_as;
> + amdvi_as_key *key;
>
> - iommu_as = s->address_spaces[bus_num];
> + amdvi_dev_as = amdvi_as_lookup(s, bus, devfn);
>
> /* allocate memory during the first run */
> - if (!iommu_as) {
> - iommu_as = g_new0(AMDVIAddressSpace *, PCI_DEVFN_MAX);
> - s->address_spaces[bus_num] = iommu_as;
> - }
> -
> - /* set up AMD-Vi region */
> - if (!iommu_as[devfn]) {
> + if (!amdvi_dev_as) {
> snprintf(name, sizeof(name), "amd_iommu_devfn_%d", devfn);
>
> - iommu_as[devfn] = g_new0(AMDVIAddressSpace, 1);
> - iommu_as[devfn]->bus_num = (uint8_t)bus_num;
> - iommu_as[devfn]->devfn = (uint8_t)devfn;
> - iommu_as[devfn]->iommu_state = s;
> - iommu_as[devfn]->notifier_flags = IOMMU_NOTIFIER_NONE;
> - iommu_as[devfn]->iova_tree = iova_tree_new();
> - iommu_as[devfn]->addr_translation = false;
> + amdvi_dev_as = g_new0(AMDVIAddressSpace, 1);
> + key = g_new0(amdvi_as_key, 1);
>
> - amdvi_dev_as = iommu_as[devfn];
> + amdvi_dev_as->bus = bus;
> + amdvi_dev_as->devfn = (uint8_t)devfn;
> + amdvi_dev_as->iommu_state = s;
> + amdvi_dev_as->notifier_flags = IOMMU_NOTIFIER_NONE;
> + amdvi_dev_as->iova_tree = iova_tree_new();
> + amdvi_dev_as->addr_translation = false;
> + key->bus = bus;
> + key->devfn = devfn;
> +
> + g_hash_table_insert(s->address_spaces, key, amdvi_dev_as);
>
> /*
> * Memory region relationships looks like (Address range shows
> @@ -2288,7 +2307,7 @@ static AddressSpace *amdvi_host_dma_iommu(PCIBus *bus, void *opaque, int devfn)
>
> amdvi_switch_address_space(amdvi_dev_as);
> }
> - return &iommu_as[devfn]->as;
> + return &amdvi_dev_as->as;
> }
>
> static const PCIIOMMUOps amdvi_iommu_ops = {
> @@ -2329,7 +2348,7 @@ static int amdvi_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
> if (!s->dma_remap && (new & IOMMU_NOTIFIER_MAP)) {
> error_setg_errno(errp, ENOTSUP,
> "device %02x.%02x.%x requires dma-remap=1",
> - as->bus_num, PCI_SLOT(as->devfn), PCI_FUNC(as->devfn));
> + pci_bus_num(as->bus), PCI_SLOT(as->devfn), PCI_FUNC(as->devfn));
> return -ENOTSUP;
> }
>
> @@ -2510,6 +2529,9 @@ static void amdvi_sysbus_realize(DeviceState *dev, Error **errp)
> s->iotlb = g_hash_table_new_full(amdvi_uint64_hash,
> amdvi_uint64_equal, g_free, g_free);
>
> + s->address_spaces = g_hash_table_new_full(amdvi_as_hash,
> + amdvi_as_equal, g_free, g_free);
> +
> /* set up MMIO */
> memory_region_init_io(&s->mr_mmio, OBJECT(s), &mmio_mem_ops, s,
> "amdvi-mmio", AMDVI_MMIO_SIZE);
> diff --git a/hw/i386/amd_iommu.h b/hw/i386/amd_iommu.h
> index daf82fc85f96..38471b95d153 100644
> --- a/hw/i386/amd_iommu.h
> +++ b/hw/i386/amd_iommu.h
> @@ -408,7 +408,7 @@ struct AMDVIState {
> bool mmio_enabled;
>
> /* for each served device */
> - AMDVIAddressSpace **address_spaces[PCI_BUS_MAX];
> + GHashTable *address_spaces;
>
> /* list of address spaces with registered notifiers */
> QLIST_HEAD(, AMDVIAddressSpace) amdvi_as_with_notifiers;
> --
> 2.34.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2 2/2] amd_iommu: Support 64 bit address for IOTLB lookup
2025-10-13 5:00 ` [PATCH v2 2/2] amd_iommu: Support 64 bit address for IOTLB lookup Sairaj Kodilkar
@ 2025-10-13 8:19 ` Michael S. Tsirkin
0 siblings, 0 replies; 5+ messages in thread
From: Michael S. Tsirkin @ 2025-10-13 8:19 UTC (permalink / raw)
To: Sairaj Kodilkar
Cc: qemu-devel, alejandro.j.jimenez, pbonzini, richard.henderson,
philmd, suravee.suthikulpanit, vasant.hegde, marcel.apfelbaum,
eduardo, aik
On Mon, Oct 13, 2025 at 10:30:46AM +0530, Sairaj Kodilkar wrote:
> Physical AMD IOMMU supports up to 64 bits of DMA address. When device tries
> to read or write from a given DMA address, IOMMU translates the address
> using page table assigned to that device. Since IOMMU uses per device page
> tables, the emulated IOMMU should use the cache tag of 68 bits
> (64 bit address - 12 bit page alignment + 16 bit device ID).
>
> Current emulated AMD IOMMU uses GLib hash table to create software iotlb
> and uses 64 bit key to store the IOVA and deviceID, which limits the IOVA
> to 60 bits. This causes failure while setting up the device when guest is
> booted with "iommu.forcedac=1".
>
> To solve this problem, Use 64 bit IOVA and 16 bit devid as key to store
> entries in IOTLB; Use upper 52 bits of IOVA (GFN) and lower 12 bits of
> the device ID to construct the 64 bit hash key in order avoid the
> truncation as much as possible (reducing hash collisions).
>
> Fixes: d29a09ca6842 ("hw/i386: Introduce AMD IOMMU")
> Signed-off-by: Sairaj Kodilkar <sarunkod@amd.com>
I am wondering whether we need to limit how much host memory
can the shadow take. Because with so many bits, the sky is the limit ...
OTOH it's not directly caused by this patch, but it's something
we should think about maybe.
Something more to improve:
> ---
> hw/i386/amd_iommu.c | 57 ++++++++++++++++++++++++++++++---------------
> hw/i386/amd_iommu.h | 4 ++--
> 2 files changed, 40 insertions(+), 21 deletions(-)
>
> diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
> index b194e3294dd7..a218d147e53d 100644
> --- a/hw/i386/amd_iommu.c
> +++ b/hw/i386/amd_iommu.c
> @@ -106,6 +106,11 @@ typedef struct amdvi_as_key {
> uint8_t devfn;
> } amdvi_as_key;
>
> +typedef struct amdvi_iotlb_key {
> + uint64_t gfn;
> + uint16_t devid;
> +} amdvi_iotlb_key;
> +
Pls change struct and typedef names to match qemu coding style.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-10-13 8:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-13 5:00 [PATCH v2 0/2] amd_iommu: Cleanups and fixes (PART 2) Sairaj Kodilkar
2025-10-13 5:00 ` [PATCH v2 1/2] amd_iommu: Fix handling device on buses != 0 Sairaj Kodilkar
2025-10-13 8:15 ` Michael S. Tsirkin
2025-10-13 5:00 ` [PATCH v2 2/2] amd_iommu: Support 64 bit address for IOTLB lookup Sairaj Kodilkar
2025-10-13 8:19 ` Michael S. Tsirkin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).