From nobody Fri Dec 12 12:55:09 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763778450193962.301194474432; Fri, 21 Nov 2025 18:27:30 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 742A944030; Fri, 21 Nov 2025 21:27:29 -0500 (EST) Received: from [172.19.199.56] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 1990343F92; Fri, 21 Nov 2025 21:26:07 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 3D67143FE6; Fri, 21 Nov 2025 21:22:45 -0500 (EST) Received: from SN4PR0501CU005.outbound.protection.outlook.com (mail-southcentralusazon11011049.outbound.protection.outlook.com [40.93.194.49]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 7BD4843FE7 for ; Fri, 21 Nov 2025 21:21:02 -0500 (EST) Received: from PH7PR12MB6834.namprd12.prod.outlook.com (2603:10b6:510:1b4::18) by CY1PR12MB9559.namprd12.prod.outlook.com (2603:10b6:930:fd::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9343.11; Sat, 22 Nov 2025 02:20:59 +0000 Received: from PH7PR12MB6834.namprd12.prod.outlook.com ([fe80::f432:162b:b94e:d2cb]) by PH7PR12MB6834.namprd12.prod.outlook.com ([fe80::f432:162b:b94e:d2cb%6]) with mapi id 15.20.9343.011; Sat, 22 Nov 2025 02:20:59 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LGgpg00PmytX54Kjp3c18FqFQeYnetlGGOsBNwDOTrgwDku7aYVoB5ePY37HMin5XgZigEZwG+OLj29IQdQfgVVY8/oMTemXMsmkjysBh7hJi4zz3cp9dtelF8j6eTjSJiiLUYWBpwihq3wLISaFtC/1uaCTFBYmA9zM5eTtm3RUOWC4KDhJpGdgZgGjEZlInispHKuJFmb/eK1CpRm233hkc395d5InvCKzsE7FctrzTQDvS7Xiz+kzIVoR6ouFCN94ZQQ9DcgqeEbzX2dUkJZ7aWi+Xwh8tZe+5hCqXoxbr16vOJvvVngzFWIB78JUmbIk2lZwzqUNgzHNuyyysg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Oxqnj+PsFKmCP3cbgl+ThwSgJFOyfQpM8JntzUiIvj4=; b=NFE3kVrZZztyZS2J7fL6+5LjhpTeVtwoGCT4JKgo7XhxmB32Fo1+Xd+UM1PuXqn5Oz8pBb4NKvK4V3jfMCit2Ygn3rVuGnw/tNyIUglM3JEePL4sczxFxj5rBwFlE65ETTLLQ1TpfzV9gCuCfY6ur6mQwnIXATcW3AKoYII1/HDGfB+kg6K0YROPcuyQDlA3MrxXiPTJFmu3BGTQedCc3bSgr1ub2qWS7m67K68brn4QqhMJRDI0TM+Hv+XNOT8Iv7UNS0xBq/WNazofECVnsG3hb71pBG98yMuIw5LT9fdALPDKseWyLP7SY5RTVnb0FU4hm4uXYeQ0oku5ZYtoiQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Oxqnj+PsFKmCP3cbgl+ThwSgJFOyfQpM8JntzUiIvj4=; b=tVdLhPCzY/rMELYXu4aczZDe8kVnmRKfELii7KtkI9B1uBRwSWNBOFOS3Bcx6mqTQ3k4WYbvSP4gx5xmQ9/9VBRujLbrlYLPkFeYB5iAvuBoV3zn3Bkwu0jbnF+Z0GLHgpfkfib4wLKn1RodFu/Zw4tM6HB99p2YaQLdGb2QhmowjOSieGGQ3a0Nw6+spkoEaGn87q8sC6rG6RNSiYH78XWsPVCkgYJ0wSXyM3qhABvspc3gqs0CbDwrcrWyEZkGjtTSRlIAtYPpgJHlR5xhj0ioFVGwWO7tbvtp7PtNJ6mSOmPvD8JB9KA0xQqkxBEdi0DRHbrX82az6BH6CAlDcQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v2 1/5] qemu: Implement support for associating iommufd to hostdev Date: Fri, 21 Nov 2025 18:20:53 -0800 Message-ID: <20251122022057.3440459-2-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251122022057.3440459-1-nathanc@nvidia.com> References: <20251122022057.3440459-1-nathanc@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BYAPR11CA0038.namprd11.prod.outlook.com (2603:10b6:a03:80::15) To PH7PR12MB6834.namprd12.prod.outlook.com (2603:10b6:510:1b4::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH7PR12MB6834:EE_|CY1PR12MB9559:EE_ X-MS-Office365-Filtering-Correlation-Id: 179cd0ec-c66a-44c7-8ab7-08de296dc69f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?hXjak7kwJQ+DPcalALiORr1oQ4CVXC5hU6HISBy044VfIb9YfcarrafRQXAV?= =?us-ascii?Q?e0OIEbnnwq2Pbku7GPuUFa8UfE1yiiYJVrobvgBCZgjs/TiZfe+260EhM4dr?= =?us-ascii?Q?AMtvRRPoMx8BwXXW7ooZBn7Pc4xuS64GzNYks0A9TlTPXAyfpktbiwGHVBMw?= =?us-ascii?Q?/S9DrCrFG7V9evF1YqJyI3xZShA2xeucKCztn3+GXYAgik/VCZVCmjr3Smka?= =?us-ascii?Q?LGEF3ub9emBsXpXQEsr6II4+w33aYa5ofuz6aBlyN7ZyC+hhatn4AadcY3Pa?= =?us-ascii?Q?piB8Uwc8i3k3GdadADOT5T4eDCpiVEYhPO8cIb3CVvb3DlG4FQTWBWYorPoJ?= =?us-ascii?Q?w+VYvKflgyl/DMmgDTtBB2+BIBN9rJyH5eX3WPaqcwsGD4Crk8b2rp7l3Dgk?= =?us-ascii?Q?7/Dlkko31TGAWKK6riK7XvRj4za3RqsUWhvkgGiqeSkdFv8VXo2+H42V057X?= =?us-ascii?Q?i+nQlFAeC83sPS2BGZqYvLMbZdgefksiBQMNYAqTC2qz4uUSwCjvGRxLC7Vd?= =?us-ascii?Q?Zp8nrhMMNWVpSflCNdfavXuOYmfxQVsxNerHZVc4YCGqCGmWDW+o1KCWrd81?= =?us-ascii?Q?c8lNT8S5yoJwjM3lmFNrLyOk5EzYhsas0cQzpjrq9MXFEzZUxOtRaLeGEq36?= =?us-ascii?Q?DSGqvQxJD6Ho7i5K1I1OvbWd6gWF/8ZxUx6zcnezNIr/Lo6dCejHpl4f2APz?= =?us-ascii?Q?jJZJkmz1u5tPMmM8N+aIqjJ5GAbnwTB9ZgFFKCBatoE2A8DhPNxhT5ByNwnj?= =?us-ascii?Q?mpK1mbBlUK5qnkvgSZNAEzv94wT4l7CTueurmRxo3D8eIO28MBqbb+iXOj0c?= =?us-ascii?Q?WMRNZzO+/ZlV9jY6zJufhCylwTu7JPLPpVZNPpafqT0RHjqhdSVPXagS1rIn?= =?us-ascii?Q?KfIBWpsl4I8BL/i+NHMoiDF7WyuOuRUIqoZQp1PKknLaKqFDwWL0mM/G4DKF?= =?us-ascii?Q?5GaD93RX652fRW+32jOnrJZljhyveNuMYp4KTdxAUNXjktcnFw1E5Z+Zz2u+?= =?us-ascii?Q?HTxiXfy4ajQOR+AQoBQZe+7XXOiN34nQVT7hj65zgK55R0rPC01zJ66wHfAr?= =?us-ascii?Q?yNWxrRVrVE+vzDsO4IkyV2O7STJFJbP4sfO/ILKiAYH+V1gbcDTrm30OmZ+0?= =?us-ascii?Q?y9kjorj26hlgqs1zwUUbXkR7quJpAbmepm1+yJRTP8ll36zQcqnLgeCZSHV4?= =?us-ascii?Q?j5PBONjRTewWdvgMbzAcIN6hzVfit0sk/hb4ljwP0Suu5ITJg+l5/o2/iKzL?= =?us-ascii?Q?U1b5yV6MeuRepBC8Q2V+jiZYj4xuO7mLurTPdjd3qtd1hmB92UGr37Kaqadt?= =?us-ascii?Q?Asqd/SROXEx7Q6DXDKG2j3MxcPOTVHtJgjQbjVEafMhEIfnVbGQcmgxRvfNJ?= =?us-ascii?Q?UJErpJcKUmFHWvdsnEZJqY5w63RxbIVJzD9lmG5V6nUxyl8WhHPsrCX737Be?= =?us-ascii?Q?iwszkC5mW82SdBTYVfxKJNcBQ91x+6D2?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR12MB6834.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?nMqwAZfO+2fUrhlzJfR6NroWoXagxEvnAqBwAkkYbnWwWA8fH1foCnQkRaEg?= =?us-ascii?Q?PrtLA0YEfA2NlMsoDzC1eHqhlQgreVegTFSiAL3e++Cy8ex0365GstiCd8Hf?= =?us-ascii?Q?dyjhSbwGWDOUOjF7VvCFpO5Uuz09PgBu64Ah1Pp4TV6eQ8951m2vVcXJrRJv?= =?us-ascii?Q?JjLF5d+WilJcqwSY949DxrqTz5ENHVHklSArnTKmNevTiRwtOyGwhJiNFjvq?= =?us-ascii?Q?do9jT4WyRl6tN7F+5kJiTWPpsgASsZrPQSMnAwbztjfP5Oy/Q1qYE/UL/ZFu?= =?us-ascii?Q?eLVfHk2LG3eQNH3++lOe2O5ePiz8CX4ZdTGhRVZ7sZGiOyZCfc+8odXSJ/dd?= =?us-ascii?Q?7ydd2pM5j/JwtXuSKoDSaUtS/LqrECgfac3aKfAH3+oBbDZ/azpohN2BWcXk?= =?us-ascii?Q?ZWgSibVFYUE7ufX9425YPnr5WA05WEozQoOVSM+6n9wsevNIArPHwLGc6YIa?= =?us-ascii?Q?tZdwkf20SaBAKeacKdJ2fuVM/P7/G9gAkuCwmjlhzJeInWgQp9AZKx3J1BXl?= =?us-ascii?Q?SAPmPijzSPxGeDI0qWAwvIs6IWKWbZ7j5nWUAoUiMDlonIl0Amc0S5zCUljn?= =?us-ascii?Q?AEpKJtOMYeSRYYLT1i2iEvFV9pgXsMzEcfXUT93yfv3yIvSveFBjThK5Apf3?= =?us-ascii?Q?5vLPWsCJEz5dnnNz4Fhe4mu3N+3aceZ37yAUOz2uGKGQ54UdcFTqefrTVzZQ?= =?us-ascii?Q?6UWxwP80zP0dwUBA5+IgaRYRD4IqHhSn+lQZW9CZA/nR4IwTNGkzOp5znt5r?= =?us-ascii?Q?Danj8I6Lokog7tntA4YdRuJ9+LUcdNjjVDIAaZwc3a3sPfocPcgeZJir2a3T?= =?us-ascii?Q?Wr+eyUSPMEWPS7RcDUL2NmlubVlut5a3UbMmtcXpy628KT+FhtP2vjZLk1xX?= =?us-ascii?Q?IFN2ZeeY4Vv0pyKrSbaUSScmpWmakuXLS1lIz0SQ9iMS+o9t/7MejM0lCK2+?= =?us-ascii?Q?2HNNhtCqt0G6S0DFT54GJY48edHXTWeJFFY44WIypCeCUEP7RT3tU6Os9Z8c?= =?us-ascii?Q?sKqpIqIlV7bt4Ivar8jDGO0fK13uBWQa7pif2IpFoGRMMlJ6wIqXQyBBeNQv?= =?us-ascii?Q?Ekp/lEWofHNmV+ppAPymmJgTI/oO90n3rk/cmAh3qLHBdgEiGQhmMPvE+8lQ?= =?us-ascii?Q?/aecTv2iaYN4le8ljHf1uH+PAjQv0eCXiqDh9KN/uJjeOAEzMpuEdMaoaIR6?= =?us-ascii?Q?NMFccUsqB86CtaKzjlG1XOo9VDzuORb/P5KpWKAGLwu4vfUXhsVzh3MSguik?= =?us-ascii?Q?Dxj1c5uGywZc5BiX2W/9lu1cYRnaXx5CP0jeVrEmtZS3qllK28soFX1sGRlJ?= =?us-ascii?Q?nWgqzv6SUWOBnTPzQDnazavmXVGJiR+axlAaUANrKpcZMPSdZgjFuY/hr6sZ?= =?us-ascii?Q?tuXzVLAe4ePEjti7uYdrcSwKmOO/bod7yf6acDxW1UCugqD+YI4ooub3Zqqd?= =?us-ascii?Q?kweDNu5QHAQbN0d1KdjLbx+qz1VlUniFJLCJmrWIIX5SvsB6bEWJI12WGNE0?= =?us-ascii?Q?VKUztjsWO9m1QOoXRjL1bGYlnfM1+1h9x+gfqO+QiYmKCK4P6p5kLHAnf4TR?= =?us-ascii?Q?qFMVADu+DstP9AYJAXqwavsgcTQvKP+iM9y3SjoY?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 179cd0ec-c66a-44c7-8ab7-08de296dc69f X-MS-Exchange-CrossTenant-AuthSource: PH7PR12MB6834.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Nov 2025 02:20:59.4926 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nwe5cys0zUnJMDGDTkT29TniNIYTRwQhUB2w2LN+e/MEze9Vk9j/TiKaNIJBoD1bGPjYd61k112+vNSWb5svhQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB9559 Message-ID-Hash: PHMA33LV7ANKLHDW4EIQ7DQW6IEZVDXI X-Message-ID-Hash: PHMA33LV7ANKLHDW4EIQ7DQW6IEZVDXI X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763778452199018900 Content-Type: text/plain; charset="utf-8" Implement a new iommufd attribute under hostdevs' PCI subsystem driver that can be used to specify associated iommufd object when launching a qemu VM. Signed-off-by: Nathan Chen --- docs/formatdomain.rst | 8 ++++++++ src/conf/device_conf.c | 12 ++++++++++++ src/conf/device_conf.h | 1 + src/conf/schemas/basictypes.rng | 5 +++++ src/qemu/qemu_command.c | 19 +++++++++++++++++++ 5 files changed, 45 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 160e7ad9c7..dcb24b1b23 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -4862,6 +4862,7 @@ or: device; if PCI ROM loading is disabled through this attribute, attempts= to tweak the loading process further using the ``bar`` or ``file`` attribu= tes will be rejected. :since:`Since 4.3.0 (QEMU and KVM only)`. + ``address`` The ``address`` element for USB devices has a ``bus`` and ``device`` attribute to specify the USB bus and device number the device appears a= t on @@ -4902,6 +4903,13 @@ or: found is "problematic" in some way, the generic vfio-pci driver similarly be forced. =20 + The ```` element's ``iommufd`` attribute is used to specify + using the iommufd interface to propagate DMA mappings to the kernel, + instead of VFIO alone. When the attribute is present, an iommufd + object will be created by the resulting qemu command. Libvirt will + open the /dev/iommu and VFIO device cdev, passing the associated + file descriptor numbers to the qemu command. + (Note: :since:`Since 1.0.5`, the ``name`` attribute has been described to be used to select the type of PCI device assignment ("vfio", "kvm", or "xen"), but those values have been mostly diff --git a/src/conf/device_conf.c b/src/conf/device_conf.c index c278b81652..7682236d65 100644 --- a/src/conf/device_conf.c +++ b/src/conf/device_conf.c @@ -60,6 +60,8 @@ int virDeviceHostdevPCIDriverInfoParseXML(xmlNodePtr node, virDeviceHostdevPCIDriverInfo *drive= r) { + virTristateBool iommufd; + driver->iommufd =3D false; if (virXMLPropEnum(node, "name", virDeviceHostdevPCIDriverNameTypeFromString, VIR_XML_PROP_NONZERO, @@ -67,6 +69,10 @@ virDeviceHostdevPCIDriverInfoParseXML(xmlNodePtr node, return -1; } =20 + if (virXMLPropTristateBool(node, "iommufd", VIR_XML_PROP_NONE, &iommuf= d) < 0) + return -1; + driver->iommufd =3D iommufd; + driver->model =3D virXMLPropString(node, "model"); return 0; } @@ -93,6 +99,12 @@ virDeviceHostdevPCIDriverInfoFormat(virBuffer *buf, =20 virBufferEscapeString(&driverAttrBuf, " model=3D'%s'", driver->model); =20 + if (driver->iommufd =3D=3D VIR_TRISTATE_BOOL_YES) { + virBufferAddLit(&driverAttrBuf, " iommufd=3D'yes'"); + } else if (driver->iommufd =3D=3D VIR_TRISTATE_BOOL_NO) { + virBufferAddLit(&driverAttrBuf, " iommufd=3D'no'"); + } + virXMLFormatElement(buf, "driver", &driverAttrBuf, NULL); return 0; } diff --git a/src/conf/device_conf.h b/src/conf/device_conf.h index e570f51824..116b959143 100644 --- a/src/conf/device_conf.h +++ b/src/conf/device_conf.h @@ -47,6 +47,7 @@ VIR_ENUM_DECL(virDeviceHostdevPCIDriverName); struct _virDeviceHostdevPCIDriverInfo { virDeviceHostdevPCIDriverName name; char *model; + virTristateBool iommufd; }; =20 typedef enum { diff --git a/src/conf/schemas/basictypes.rng b/src/conf/schemas/basictypes.= rng index 2931e316b7..089fc0f1c2 100644 --- a/src/conf/schemas/basictypes.rng +++ b/src/conf/schemas/basictypes.rng @@ -673,6 +673,11 @@ + + + + + diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 5a834ef842..95d1c2ee98 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -4753,6 +4753,7 @@ qemuBuildPCIHostdevDevProps(const virDomainDef *def, g_autofree char *host =3D virPCIDeviceAddressAsString(&pcisrc->addr); const char *failover_pair_id =3D NULL; const char *driver =3D NULL; + const char *iommufdId =3D NULL; /* 'ramfb' property must be omitted unless it's to be enabled */ bool ramfb =3D pcisrc->ramfb =3D=3D VIR_TRISTATE_SWITCH_ON; =20 @@ -4786,6 +4787,9 @@ qemuBuildPCIHostdevDevProps(const virDomainDef *def, teaming->persistent) failover_pair_id =3D teaming->persistent; =20 + if (pcisrc->driver.iommufd =3D=3D VIR_TRISTATE_BOOL_YES) + iommufdId =3D "iommufd0"; + if (virJSONValueObjectAdd(&props, "s:driver", driver, "s:host", host, @@ -4794,6 +4798,7 @@ qemuBuildPCIHostdevDevProps(const virDomainDef *def, "S:failover_pair_id", failover_pair_id, "S:display", qemuOnOffAuto(pcisrc->display), "B:ramfb", ramfb, + "S:iommufd", iommufdId, NULL) < 0) return NULL; =20 @@ -5210,6 +5215,9 @@ qemuBuildHostdevCommandLine(virCommand *cmd, virQEMUCaps *qemuCaps) { size_t i; + g_autoptr(virJSONValue) props =3D NULL; + int iommufd =3D 0; + const char * iommufdId =3D "iommufd0"; =20 for (i =3D 0; i < def->nhostdevs; i++) { virDomainHostdevDef *hostdev =3D def->hostdevs[i]; @@ -5238,6 +5246,17 @@ qemuBuildHostdevCommandLine(virCommand *cmd, if (hostdev->info->type =3D=3D VIR_DOMAIN_DEVICE_ADDRESS_TYPE_U= NASSIGNED) continue; =20 + if (subsys->u.pci.driver.iommufd =3D=3D VIR_TRISTATE_BOOL_YES = && iommufd =3D=3D 0) { + iommufd =3D 1; + if (qemuMonitorCreateObjectProps(&props, "iommufd", + iommufdId, + NULL) < 0) + return -1; + + if (qemuBuildObjectCommandlineFromJSON(cmd, props) < 0) + return -1; + } + if (qemuCommandAddExtDevice(cmd, hostdev->info, def, qemuCaps)= < 0) return -1; =20 --=20 2.43.0 From nobody Fri Dec 12 12:55:09 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763778674287103.53788204711577; Fri, 21 Nov 2025 18:31:14 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 99AF444039; Fri, 21 Nov 2025 21:31:13 -0500 (EST) Received: from [172.19.199.56] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 3EE4944663; Fri, 21 Nov 2025 21:27:31 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id CFAB941905; Fri, 21 Nov 2025 21:22:46 -0500 (EST) Received: from SN4PR0501CU005.outbound.protection.outlook.com (mail-southcentralusazon11011012.outbound.protection.outlook.com [40.93.194.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 7C1FE44046 for ; Fri, 21 Nov 2025 21:21:03 -0500 (EST) Received: from PH7PR12MB6834.namprd12.prod.outlook.com (2603:10b6:510:1b4::18) by CY1PR12MB9559.namprd12.prod.outlook.com (2603:10b6:930:fd::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9343.11; Sat, 22 Nov 2025 02:21:00 +0000 Received: from PH7PR12MB6834.namprd12.prod.outlook.com ([fe80::f432:162b:b94e:d2cb]) by PH7PR12MB6834.namprd12.prod.outlook.com ([fe80::f432:162b:b94e:d2cb%6]) with mapi id 15.20.9343.011; Sat, 22 Nov 2025 02:21:00 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=d35LqNKoyrYJ+RPFfLbkDcTEg5sJi24ec/uBr3aYsB6LQtY69s0Lz4tIpaubakw729+oiWBjQoO83rOiCTG37fz26NmSP7+SK5rXbiORb+IjOgBm3FoX7CPUmbvtDi9Dv2zmWYCnxw6m8rgWcdYfddGCF7wLZkwXqqlbK+H4ta0qVKKJjERFLq/CReRTJn6I3U/DIRGbL6jIaCcacTpOVMxN14/ijmC2e6xbPY1Jd6+k165afy18zMqJFHMtB22xOiEmY3EaI6e4vao8RQwsSp+3D65aBzRNYvhvOXE146fo+xCv6XBnuhYQNvHpk5rBMYxijf2Ci3uEiqgNrE0AbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=elNgwEEsjh+EZgUxjnw6wf0fEMBQF3YVjqkL92YWRVY=; b=B5dnCl+kfWI+MfULjNXKNUV+I3JjoTl3uul9GrjTFRLcOwTMDPT0j2ytGxSgw9qFI/WIBqfyLiMFDiiXu5yxFFfF4N+T/OGQXw+C0M8JpQd78wZZUk+T2Kd997cEvx4+siUiOv+iydLKK4XiIgpllMmHW2RSKRLb8BD+sRk8sK1Kn03pRQXNuM5V/MfvkmVozxMBtTojQ+GJMcU0tMNKn9S/bFY3j9z4E5ozxDr7bKOMzjq39taf4t1MMdrE7XBkeGOOOadJNjkC0hDxBeShdsLahviCZXaUn31aegW7gtSgGN5+QVgc4R+VhNAMu7py8zLPHxhtDLm4pgjCuPB72w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=elNgwEEsjh+EZgUxjnw6wf0fEMBQF3YVjqkL92YWRVY=; b=pQRje6eMvjJREfBe0DwpcG4ebO0e/2IQsWLq5wXP117K7Iph/JWjQxma8XznJaw+b+YYzO50pCWrnPeaCEa+OagRzVbtm1CXmnbVd5qn0m+YmWMsiM3s1oUlnDr0TYce8ccwwGDjUJo+2YuCPYbmtlGjW79+qGfSoX7IbKBI4/gbUqeLhvmskU0jNAprcBUTKAuQHVsqOPxe0OVHCTwK6FN9+D4nPix+Ek/Btc9tS12XxsL8B6qcA2b513Gy0HOyXMGuBkiuUVAzsFOK97mmAwQ+MYS72bxvPkxtjzJZpalTLQDdqBoJPfeYGqOqHOnT3Z9A4YMWUF0sB5aGoZaxHg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v2 2/5] qemu: open VFIO FDs from libvirt backend Date: Fri, 21 Nov 2025 18:20:54 -0800 Message-ID: <20251122022057.3440459-3-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251122022057.3440459-1-nathanc@nvidia.com> References: <20251122022057.3440459-1-nathanc@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BY5PR04CA0027.namprd04.prod.outlook.com (2603:10b6:a03:1d0::37) To PH7PR12MB6834.namprd12.prod.outlook.com (2603:10b6:510:1b4::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH7PR12MB6834:EE_|CY1PR12MB9559:EE_ X-MS-Office365-Filtering-Correlation-Id: be57b359-fd24-4d12-a575-08de296dc73a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?lSQRyGHwvCT3zFnOVWbm7ibwHgs6G0JVo+AZ/ezCYsVuXbDRmLws44cA/k9N?= =?us-ascii?Q?zTNDMDQ8p+PHFVTpEHZF/pd+YOpxjNlxrFPbemf4l2hmgpGH5w2MxfQVGbXf?= =?us-ascii?Q?gg/TyUlNHqLj6eDDIvFQmB706iSvCagzwEqjtuZW63BuJ9/kKonwW8UGnDzC?= =?us-ascii?Q?FCtlRfGG8pZ7HBSdxXnL/PIDpS2DfaVZZm54IfoLcpMlsmyiAx8d9gPCxNom?= =?us-ascii?Q?LYM7Iql3OQXHTovjlLxs090jp/oMuo05tJ7NtflwIuCFDd7DrxD2sde5aR4s?= =?us-ascii?Q?FFM1clJmZpvW4IgTn4L7EwY8V/GOa/DjWZeB7eSl+5IB+A/enp9jajEgNjkj?= =?us-ascii?Q?GNfuZz3e3xVc1ndu7iSzBYXp53OaRO4zcfSXPTQjJzTUULvbO0LyPGp5vn2L?= =?us-ascii?Q?zTkJ6aYuvcIGoS9y82f0nq4u1JxR1+F1MO4Z1BLF6BTyiYUUZm35bODzVwEs?= =?us-ascii?Q?Qs/N7Nvcg/XRBXDdBknkIWSQabVoAOlnDVRXZ+PqDLX74MfhLiQnRHokTvxa?= =?us-ascii?Q?P+K2b009S/jEo8gxL4pXw6/9j3Si3kth9czVxTW6qX0ppHEJ49Zd8GmPilBv?= =?us-ascii?Q?s6KZH71phHCb98Vgn3IKbPr0dCcZTOwGpqidTCulXsrS2dQjzYN+XYU/gLh1?= =?us-ascii?Q?ywGEDYK+0Nr+3AcxqkBP3VxRQqvpgOXZNdrj7xVHL0CtqUA9HkeM9Vd1MLJJ?= =?us-ascii?Q?UpZ3TAXL/gvbUVnJ3dtCbNfXM8eTBE8Wnt20zuJqu5e5oXl+9bNN81U5Hm45?= =?us-ascii?Q?wF0o/yuQ72I9PaPPomyE7yk8VdFJP9gS7YldqwgzFul3bBeUQkm6sVeO1Bd+?= =?us-ascii?Q?WKL6MvNOOmAeZiM46IZJLoq/36i0LEZt+kMi24i/epqBjYkEG3wIWun7erIx?= =?us-ascii?Q?uT4HwOCdHEK6CNWQJvtOjhj78V4Eu47JscEdohRDZtgkP9YQ/lsaR+w124f2?= =?us-ascii?Q?mghI/G9DT3ir0yDp8nZNIU7q1g+lBje8yIi71SC4QzoSafW5Ze2t5uu4XoUr?= =?us-ascii?Q?ajtf5/ExXKCJuUnsekpmKuRnWsttzHH51Felzjp6rwcuQyhdPCPk8WsaGkk/?= =?us-ascii?Q?kyYds7mVHEH/dY5XRXutZx+Pkw7ugwR5JSNOH8hCg3as0/LTY8kOXonzIzpY?= =?us-ascii?Q?fuVIhomvTqePth+zphJF6BWlIGTNPhl7cAUoBam6V0nsSyT1fGVPVtmL1371?= =?us-ascii?Q?PYVbHM8TjHS1H1ut8Vfw9mlmUB2fpoWu2i+aU78fj5c/bycORopwaMYXPhdc?= =?us-ascii?Q?4xoyGNlbymabGIwGdqcN2toLt78Xe/OXksR6dp50Q3UZ28St2CGLqjT4E0KZ?= =?us-ascii?Q?vQP5jRKdtEcO6s1i+/s4jLaVUuAT+lpT6RkygtTU4lxNM1RJqOOQdd/s5GLW?= =?us-ascii?Q?NRcP9geEdV1b+ByEo7xvM2LOyPU4tUOVaWh6eqiHC2TR+gLIjQCXXpdBKf1h?= =?us-ascii?Q?a+2xSxd/INTDk2uT2kHC5PNocJmLE+Ot?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR12MB6834.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?Ys7WohNyYx2/eEfqPZb/qiJL5qOmQnuxAW+/99CjHJXTSMmYC0uezwK3qGsf?= =?us-ascii?Q?xRb84tMHFM7/a85JpsAJfuuM1yDEu62hVEpe3Hyxsn7ZfzzeWifexvnA42m7?= =?us-ascii?Q?7enmuKCBdSLmOTDKBqXhwX0yciRFrNXEQe9ithFG26fqW//11dwC73Fw2Amk?= =?us-ascii?Q?/VSVFoaq/zD7ul5HFpgCLIUQlwtSRdmbG8KbD/+zdZFcDaQS8u4zo0av7UoE?= =?us-ascii?Q?IiieTsYhFOgn4Y+htIov2jTyAOPW3R3pWpGv+7dpqYzpgcyll4dk4y9ChzPj?= =?us-ascii?Q?fhXksrliHHkny3kMTvKP9w3HIuARRB5xUUyrorWr/uDIT3aAx1b3n4Z6kEuU?= =?us-ascii?Q?kj7FR3xS4NKtbccmEkeeSx5BvdPUM8Oejwbr6jFlo7PaSny3ssKfJAmKZk0L?= =?us-ascii?Q?KTu+KsIIpuIbWj5rp7Rc8FaA+roz4fojS8hKh6fsfwx3IgxSITLUZUkLYoaQ?= =?us-ascii?Q?O6AuMRK0118cnj1DWKosGW1yz/4lllYyIE9esXPt/ap1efifsSKotDe/llyX?= =?us-ascii?Q?YuSCCeBNDGNQdGUriM1U3jz2H7fVsIRSNIk3pMKQd6opGNEzU0Oyfo2YRA1N?= =?us-ascii?Q?gstvoi8TfYHLClX+Dt6SExWdBBB8kyo3pvgHshW16xUsZ505/fiSTo3Ls9kv?= =?us-ascii?Q?Rg+kqhhXDCDE9waeYiDp7YMegrE9AYi6Q40SIHbp8RR/zs8L+3BDraIVUWTk?= =?us-ascii?Q?LHn2kl+Zd1a9NunPqrvJDsXs5qBxqm9I7DxAs1ybBL5Ua//BdlX++d6GMhv/?= =?us-ascii?Q?050oRfLIiLkWa2ncGLaVi/2lmklzvUzr17TLuLhyMm0xUmDRrQIARpzn3E7e?= =?us-ascii?Q?sbVwJ6o6Mkq95fNyswyNzYdQA7dfs2Us4kJpxd9Esxiyvukj0rNIasql4GHX?= =?us-ascii?Q?Vdo9FfpVWVuCEkZaHv3NFIByZWSDyt5+v/RhS9VnAGza830gUcLDc0PZR/3x?= =?us-ascii?Q?xkgztucWsYrspFVqnJ8U7TD4XR/Gn9kr6VLacWAop9zQTCoIrWJUSliTAYFn?= =?us-ascii?Q?FF0Xw2VeWa9AZ02mK5tI54PaQxoaQ43l6mh9JpGCJkkCL4RzAF7F0VRRqs40?= =?us-ascii?Q?MynXDHJOiK4qRnuFP4nOpOALr0zDuyQg0gnZLl/we7GrZxYvl+Esxse2b9gy?= =?us-ascii?Q?IYIxHx11FX9YBUQx9U1QvvbPDiPvVHr/W3PH/056cQPFjUtCUWG7sIpCICbJ?= =?us-ascii?Q?kaELUx+/9tE21QycDeOrTUDj/NKfSQkxY8B8Wyasxnsr3hMbA5WdxKU/8no/?= =?us-ascii?Q?77r6pRsMlBW9WjUtfEQ+yDKg8mlN1oz6PyINkDFtVXK5KjTbBnMLNSx0/xk7?= =?us-ascii?Q?TeLwZvYIyf0SF98Q+jjo2KTFX6qcOdwYtMDDsHoEDli9tGXqBFmFczQGx1tx?= =?us-ascii?Q?GnhJqhHgL1hpV7xLSQuAOUAvfFpO2ol9cGYruWKylBiY+OHPdZnMBoqCfcY+?= =?us-ascii?Q?wioWNSwz+I/RelQH0dzkMFosOULYkltPc3hj3tOUYk9bI0/PuHiLzIMQNCkQ?= =?us-ascii?Q?FVLfiLPMoI29aaXauQ6TMMKRA4s8GiY6ImM0zGJbLHebmtpud97pDtaR7rlr?= =?us-ascii?Q?cghLpVwa6cX77NBnVk8KpSTT+5u4p34n9xsL0eMz?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: be57b359-fd24-4d12-a575-08de296dc73a X-MS-Exchange-CrossTenant-AuthSource: PH7PR12MB6834.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Nov 2025 02:21:00.5271 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: mIQ8ZnqGUWLGg6ov3PQRG5dq5RF6xlHFV0aaiXexqW49FSgOL1bw4IGASNSE6A71bTN4N/fwXT0/++LdFm0rXA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB9559 Message-ID-Hash: RN77QZ2ZWMUZVHKHD3VYO3O2PCRTFQ32 X-Message-ID-Hash: RN77QZ2ZWMUZVHKHD3VYO3O2PCRTFQ32 X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763778675135018900 Content-Type: text/plain; charset="utf-8" Open VFIO FDs from libvirt backend without exposing these FDs to XML users, i.e. one per iommufd hostdev for /dev/vfio/devices/vfioX, and pass the FD to qemu command line. Signed-off-by: Nathan Chen --- src/conf/domain_conf.h | 2 + src/libvirt_private.syms | 1 + src/qemu/qemu_command.c | 26 ++++++++ src/qemu/qemu_domain.c | 39 ++++++++++++ src/qemu/qemu_domain.h | 17 +++++ src/qemu/qemu_process.c | 130 +++++++++++++++++++++++++++++++++++++++ src/util/virpci.c | 69 +++++++++++++++++++++ src/util/virpci.h | 2 + 8 files changed, 286 insertions(+) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 4fd8342950..da4ce9fc86 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -364,6 +364,8 @@ struct _virDomainHostdevDef { */ virDomainNetDef *parentnet; =20 + virObject *privateData; + virDomainHostdevMode mode; virDomainStartupPolicy startupPolicy; bool managed; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 4e57e4a8f6..ed2b0d381e 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -3159,6 +3159,7 @@ virPCIDeviceGetStubDriverName; virPCIDeviceGetStubDriverType; virPCIDeviceGetUnbindFromStub; virPCIDeviceGetUsedBy; +virPCIDeviceGetVfioPath; virPCIDeviceGetVPD; virPCIDeviceHasPCIExpressLink; virPCIDeviceIsAssignable; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 95d1c2ee98..9b08f66175 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -4756,6 +4756,12 @@ qemuBuildPCIHostdevDevProps(const virDomainDef *def, const char *iommufdId =3D NULL; /* 'ramfb' property must be omitted unless it's to be enabled */ bool ramfb =3D pcisrc->ramfb =3D=3D VIR_TRISTATE_SWITCH_ON; + bool useIommufd =3D false; + + if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_VFIO= && + pcisrc->driver.iommufd =3D=3D VIR_TRISTATE_BOOL_YES) { + useIommufd =3D true; + } =20 /* caller has to assign proper passthrough driver name */ switch (pcisrc->driver.name) { @@ -4802,6 +4808,17 @@ qemuBuildPCIHostdevDevProps(const virDomainDef *def, NULL) < 0) return NULL; =20 + if (useIommufd && dev->privateData) { + qemuDomainHostdevPrivate *hostdevPriv =3D QEMU_DOMAIN_HOSTDEV_PRIV= ATE(dev); + + if (hostdevPriv->vfioDeviceFd >=3D 0) { + if (virJSONValueObjectAdd(&props, + "S:fd", g_strdup_printf("%d", hostde= vPriv->vfioDeviceFd), + NULL) < 0) + return NULL; + } + } + if (qemuBuildDeviceAddressProps(props, def, dev->info) < 0) return NULL; =20 @@ -5260,6 +5277,15 @@ qemuBuildHostdevCommandLine(virCommand *cmd, if (qemuCommandAddExtDevice(cmd, hostdev->info, def, qemuCaps)= < 0) return -1; =20 + if (subsys->u.pci.driver.iommufd =3D=3D VIR_TRISTATE_BOOL_YES)= { + qemuDomainHostdevPrivate *hostdevPriv =3D QEMU_DOMAIN_HOST= DEV_PRIVATE(hostdev); + + if (hostdevPriv && hostdevPriv->vfioDeviceFd >=3D 0) { + virCommandPassFD(cmd, hostdevPriv->vfioDeviceFd, + VIR_COMMAND_PASS_FD_CLOSE_PARENT); + } + } + if (!(devprops =3D qemuBuildPCIHostdevDevProps(def, hostdev))) return -1; =20 diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index ac56fc7cb4..7601bdbb2b 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1238,6 +1238,45 @@ qemuDomainNetworkPrivateFormat(const virDomainNetDef= *net, } =20 =20 +static virClass *qemuDomainHostdevPrivateClass; + +static void +qemuDomainHostdevPrivateDispose(void *obj) +{ + qemuDomainHostdevPrivate *priv =3D obj; + + VIR_FORCE_CLOSE(priv->vfioDeviceFd); +} + + +static int +qemuDomainHostdevPrivateOnceInit(void) +{ + if (!VIR_CLASS_NEW(qemuDomainHostdevPrivate, virClassForObject())) + return -1; + + return 0; +} + +VIR_ONCE_GLOBAL_INIT(qemuDomainHostdevPrivate); + +virObject * +qemuDomainHostdevPrivateNew(void) +{ + qemuDomainHostdevPrivate *priv; + + if (qemuDomainHostdevPrivateInitialize() < 0) + return NULL; + + if (!(priv =3D virObjectNew(qemuDomainHostdevPrivateClass))) + return NULL; + + priv->vfioDeviceFd =3D -1; + + return (virObject *) priv; +} + + /* qemuDomainSecretInfoSetup: * @priv: pointer to domain private object * @alias: alias of the secret diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 3396f929fd..4736f1ede5 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -461,6 +461,17 @@ struct _qemuDomainTPMPrivate { }; =20 =20 +#define QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev) \ + ((qemuDomainHostdevPrivate *) (hostdev)->privateData) + +typedef struct _qemuDomainHostdevPrivate qemuDomainHostdevPrivate; +struct _qemuDomainHostdevPrivate { + virObject parent; + + /* VFIO device file descriptor for iommufd passthrough */ + int vfioDeviceFd; +}; + void qemuDomainNetworkPrivateClearFDs(qemuDomainNetworkPrivate *priv); =20 @@ -1174,3 +1185,9 @@ qemuDomainCheckCPU(virArch arch, bool qemuDomainMachineSupportsFloppy(const char *machine, virQEMUCaps *qemuCaps); + +virObject * +qemuDomainHostdevPrivateNew(void); + +int qemuProcessOpenVfioFds(virDomainObj *vm); +void qemuProcessCloseVfioFds(virDomainObj *vm); diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 45fc32a663..bf245ee8af 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -106,6 +106,7 @@ =20 #include "logging/log_manager.h" #include "logging/log_protocol.h" +#include "util/virpci.h" =20 #define VIR_FROM_THIS VIR_FROM_QEMU =20 @@ -8091,6 +8092,9 @@ qemuProcessLaunch(virConnectPtr conn, if (qemuExtDevicesStart(driver, vm, incomingMigrationExtDevices) < 0) goto cleanup; =20 + if (qemuProcessOpenVfioFds(vm) < 0) + goto cleanup; + if (!(cmd =3D qemuBuildCommandLine(vm, incoming ? "defer" : NULL, vmop, @@ -10267,3 +10271,129 @@ qemuProcessHandleNbdkitExit(qemuNbdkitProcess *nb= dkit, qemuProcessEventSubmit(vm, QEMU_PROCESS_EVENT_NBDKIT_EXITED, 0, 0, nbd= kit); virObjectUnlock(vm); } + +/** + * qemuProcessOpenVfioDeviceFd: + * @hostdev: host device definition + * @vfioFd: returned file descriptor + * + * Opens the VFIO device file descriptor for a hostdev. + * + * Returns: 0 on success, -1 on failure + */ +static int +qemuProcessOpenVfioDeviceFd(virDomainHostdevDef *hostdev, + int *vfioFd) +{ + g_autofree char *vfioPath =3D NULL; + int fd =3D -1; + + + if (hostdev->mode !=3D VIR_DOMAIN_HOSTDEV_MODE_SUBSYS || + hostdev->source.subsys.type !=3D VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PC= I) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("VFIO FD only supported for PCI hostdevs")); + return -1; + } + + if (virPCIDeviceGetVfioPath(&hostdev->source.subsys.u.pci.addr, &vfioP= ath) < 0) + return -1; + + VIR_DEBUG("Opening VFIO device %s", vfioPath); + + if ((fd =3D open(vfioPath, O_RDWR | O_CLOEXEC)) < 0) { + if (errno =3D=3D ENOENT) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("VFIO device %1$s not found - ensure device i= s bound to vfio-pci driver"), + vfioPath); + } else { + virReportSystemError(errno, + _("cannot open VFIO device %1$s"), vfioPa= th); + } + return -1; + } + + *vfioFd =3D fd; + VIR_DEBUG("Opened VFIO device FD %d for %s", *vfioFd, vfioPath); + return 0; +} + +/** + * qemuProcessOpenVfioFds: + * @vm: domain object + * + * Opens all necessary VFIO file descriptors for the domain. + * + * Returns: 0 on success, -1 on failure + */ +int +qemuProcessOpenVfioFds(virDomainObj *vm) +{ + size_t i; + + /* Check if we have any hostdevs that need VFIO FDs */ + for (i =3D 0; i < vm->def->nhostdevs; i++) { + virDomainHostdevDef *hostdev =3D vm->def->hostdevs[i]; + qemuDomainHostdevPrivate *hostdevPriv =3D NULL; + + if (hostdev->mode =3D=3D VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && + hostdev->source.subsys.type =3D=3D VIR_DOMAIN_HOSTDEV_SUBSYS_T= YPE_PCI) { + + if (hostdev->source.subsys.u.pci.driver.name =3D=3D VIR_DEVICE= _HOSTDEV_PCI_DRIVER_NAME_VFIO && + hostdev->source.subsys.u.pci.driver.iommufd =3D=3D VIR_TRI= STATE_BOOL_YES) { + + if (!hostdev->privateData) { + if (!(hostdev->privateData =3D qemuDomainHostdevPrivat= eNew())) + goto error; + } + + hostdevPriv =3D QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev); + + /* Open VFIO device FD */ + if (qemuProcessOpenVfioDeviceFd(hostdev, &hostdevPriv->vfi= oDeviceFd) < 0) + goto error; + + VIR_DEBUG("Stored VFIO FD %d in hostdev %04x:%02x:%02x.%d = private data", + hostdevPriv->vfioDeviceFd, + hostdev->source.subsys.u.pci.addr.domain, + hostdev->source.subsys.u.pci.addr.bus, + hostdev->source.subsys.u.pci.addr.slot, + hostdev->source.subsys.u.pci.addr.function); + } + } + } + + return 0; + + error: + qemuProcessCloseVfioFds(vm); + return -1; +} + +/** + * qemuProcessCloseVfioFds: + * @vm: domain object + * + * Closes all VFIO file descriptors for the domain. + */ +void +qemuProcessCloseVfioFds(virDomainObj *vm) +{ + size_t i; + + /* Close all VFIO device FDs */ + for (i =3D 0; i < vm->def->nhostdevs; i++) { + virDomainHostdevDef *hostdev =3D vm->def->hostdevs[i]; + qemuDomainHostdevPrivate *hostdevPriv; + + if (!hostdev->privateData) + continue; + + hostdevPriv =3D QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev); + + if (hostdevPriv->vfioDeviceFd >=3D 0) { + VIR_DEBUG("Closing VFIO device FD %d", hostdevPriv->vfioDevice= Fd); + VIR_FORCE_CLOSE(hostdevPriv->vfioDeviceFd); + } + } +} diff --git a/src/util/virpci.c b/src/util/virpci.c index 90617e69c6..da62ece0f6 100644 --- a/src/util/virpci.c +++ b/src/util/virpci.c @@ -3320,3 +3320,72 @@ virPCIDeviceAddressFree(virPCIDeviceAddress *address) { g_free(address); } + +/** + * virPCIDeviceGetVfioPath: + * @addr: host device PCI address + * @vfioPath: returned VFIO device path + * + * Constructs the VFIO device path for a PCI hostdev. + * + * Returns: 0 on success, -1 on failure + */ +int +virPCIDeviceGetVfioPath(virPCIDeviceAddress *addr, + char **vfioPath) +{ + g_autofree char *addrStr =3D NULL; + + *vfioPath =3D NULL; + addrStr =3D virPCIDeviceAddressAsString(addr); + + /* First try: Direct lookup in device's vfio-dev subdirectory */ + { + g_autofree char *sysfsPath =3D NULL; + g_autoptr(DIR) dir =3D NULL; + struct dirent *entry =3D NULL; + + sysfsPath =3D g_strdup_printf("/sys/bus/pci/devices/%s/vfio-dev/",= addrStr); + + if (virDirOpen(&dir, sysfsPath) =3D=3D 1) { + while (virDirRead(dir, &entry, sysfsPath) > 0) { + if (STRPREFIX(entry->d_name, "vfio")) { + *vfioPath =3D g_strdup_printf("/dev/vfio/devices/%s", = entry->d_name); + return 0; + } + } + } + } + + /* Second try: Scan /sys/class/vfio-dev */ + { + g_autofree char *sysfsPath =3D g_strdup("/sys/class/vfio-dev"); + g_autoptr(DIR) dir =3D NULL; + struct dirent *entry =3D NULL; + + if (virDirOpen(&dir, sysfsPath) =3D=3D 1) { + while (virDirRead(dir, &entry, sysfsPath) > 0) { + g_autofree char *devLink =3D NULL; + g_autofree char *target =3D NULL; + + if (!STRPREFIX(entry->d_name, "vfio")) + continue; + + devLink =3D g_strdup_printf("/sys/class/vfio-dev/%s/device= ", entry->d_name); + + if (virFileResolveLink(devLink, &target) < 0) + continue; + + if (strstr(target, addrStr)) { + *vfioPath =3D g_strdup_printf("/dev/vfio/devices/%s", = entry->d_name); + return 0; + } + } + } + } + + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot find VFIO device for PCI device %1$s"), + addrStr); + return -1; +} diff --git a/src/util/virpci.h b/src/util/virpci.h index fc538566e1..24ede10755 100644 --- a/src/util/virpci.h +++ b/src/util/virpci.h @@ -296,6 +296,8 @@ void virPCIEDeviceInfoFree(virPCIEDeviceInfo *dev); =20 void virPCIDeviceAddressFree(virPCIDeviceAddress *address); =20 +int virPCIDeviceGetVfioPath(virPCIDeviceAddress *addr, char **vfioPath); + G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIDevice, virPCIDeviceFree); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIDeviceAddress, virPCIDeviceAddressFree= ); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIEDeviceInfo, virPCIEDeviceInfoFree); --=20 2.43.0 From nobody Fri Dec 12 12:55:09 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763778770438276.95253134108805; Fri, 21 Nov 2025 18:32:50 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id CDBAD443DE; Fri, 21 Nov 2025 21:32:49 -0500 (EST) Received: from [172.19.199.56] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 8DEDA41842; Fri, 21 Nov 2025 21:27:38 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 98E9641905; Fri, 21 Nov 2025 21:22:47 -0500 (EST) Received: from SN4PR0501CU005.outbound.protection.outlook.com (mail-southcentralusazon11011012.outbound.protection.outlook.com [40.93.194.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id BB37E43FC3 for ; Fri, 21 Nov 2025 21:21:03 -0500 (EST) Received: from PH7PR12MB6834.namprd12.prod.outlook.com (2603:10b6:510:1b4::18) by CY1PR12MB9559.namprd12.prod.outlook.com (2603:10b6:930:fd::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9343.11; Sat, 22 Nov 2025 02:21:01 +0000 Received: from PH7PR12MB6834.namprd12.prod.outlook.com ([fe80::f432:162b:b94e:d2cb]) by PH7PR12MB6834.namprd12.prod.outlook.com ([fe80::f432:162b:b94e:d2cb%6]) with mapi id 15.20.9343.011; Sat, 22 Nov 2025 02:21:01 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=RqdlXZDA3Ii3WUHyyFESj+CJsfbB5tXB+v4WvQPd8SlG9dwDb/itsaZ4z6yMgiccsHXl/iHvo0cBqpuuKVdd7/FoiCh1kdKNaRGo4OU3LXFZJSJhtwW2um9GanMfuJCyX2y2iYWaOPFgtRMuwMB9tT5s41CeehdZN7F1qWDqxtJe9ZKAvB21LJ+bXW4o9pSpC86ETr54XY2OaQXI4tuSPD8G8YC6FbcxVYZb9lLAdFAAqkj82flnEKYjnURZNPr/ZBpXRp6QaG1JmunxzXAMQTkbDcRbeCw5m9sRzdQhcRBEFDrtXbrWMrWWl1gDTEf3HTUMoTZp3rSf1i6rdglOmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ctSzIFbEIRjoYM9rE1+OQTT5Ms1F2IocHFf2Y/mfjKg=; b=SNnfFCegaJdKfbKWAHmTMqojU8b6Y6hBOZJa/gTxI3S8LpeV62QXlX1NcSySnZTD6WraB4Ps/0v5dECurBfZmaAN90LbUamdyPOAB21BbiTRu9T/jTJV4nYYxfl86yePKbcssUiIP4hfPXR1byjZyM5+EjdsgcWEkUai82QQVNFhmwtA1Y//yZ/+y+EqKPToG7yyv2Tjgbz7qq4c93TT/rFOJ/JOdVtrE7LzZj5IStqTaPnUiwtLbupm50hXM9b7UYj1cHEGstmLQUuWRblMq49E7GjgDKcSv/65ptrvQ4YOQ4qAudL4ASE/nyptOepclig0J2RwSx8PPYBOcvfWDw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ctSzIFbEIRjoYM9rE1+OQTT5Ms1F2IocHFf2Y/mfjKg=; b=BUyxxokMfh/JXK8CsQKrkvZ7aJbb3UvxfR6e8MS7dsR0SOfePZn50IU6IMaVzMkjhM60hDly3yDerPpIAg0ruehuRQzLekx3kBdM76hLtgU/xvKTfJMbfKPiAs//yKSo9dTpSwRZicETkEs2+609YcV26+tH/aNm8UNZayQci7pbkqtxCGsTj1UO0gUEWndxnAGKQskBeyCLcXh9DJROWP/QKw0dhZrO4guD7Gt8kMijtNqLsD/Nt6MWFqlgAxUcFU69tS+y5kOooIc1Y/ja4XUvwKso40p4KqdbFGMdBSLFlT4jcgW6nXBjRRr7EDfnUQ0YYFc9MtLks1MQssshGQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v2 3/5] qemu: open iommufd FD from libvirt backend Date: Fri, 21 Nov 2025 18:20:55 -0800 Message-ID: <20251122022057.3440459-4-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251122022057.3440459-1-nathanc@nvidia.com> References: <20251122022057.3440459-1-nathanc@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BYAPR11CA0067.namprd11.prod.outlook.com (2603:10b6:a03:80::44) To PH7PR12MB6834.namprd12.prod.outlook.com (2603:10b6:510:1b4::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH7PR12MB6834:EE_|CY1PR12MB9559:EE_ X-MS-Office365-Filtering-Correlation-Id: c6268c4b-d49f-4d8f-c7d7-08de296dc7e3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?xYTuORcWSUBUjugM+ssU8G8+Tt0MZCdvQchF4FqzYuiACFEsrPVuaOlQ+joR?= =?us-ascii?Q?GTbAGWQF2F4kLdfG4GchIfCk6O6LgjR1cCRf/rLNS3RT6b5ai9YEd7kisMHJ?= =?us-ascii?Q?NxpTIuCDAurOJmXuIG0tDA5K9CATsBD8xgLc4fHdi9pmSOE1/xv6UdcHPqDk?= =?us-ascii?Q?kRVtEfCbuQhFh6Lk6nEcyOgOF4Ph/eOs8Eyw+kBvLAeE/hpA9SZLZsjZiqaW?= =?us-ascii?Q?HnxaV2SsNJ+G+KBoPo2ZmT2R+YXy1z3Tzk8ZyzKFZmTnAhSiTQV/TuTDfz9n?= =?us-ascii?Q?BIBFY+tyGSz7OIU1e5WJ9Lu0px+JV+60xL67VopNQipnaVT3eRBF8g9An4DZ?= =?us-ascii?Q?xEG2ycNDuadYcWk3Q52xMMkV2dkPmIzxmhziGxYoDjO+S6QKhGCDpgifewMN?= =?us-ascii?Q?uJxyX6RSXredSrzAbRIptrejiw4s8BTO8qXL+835Oy8g/VULkmxgZYTZPOmr?= =?us-ascii?Q?kOhOOrOw6nKhcB8pIFDjD1YQwn45YdHj05+EjnpbYBoA24FNQnGx9tPoxWdd?= =?us-ascii?Q?ZcK5dhtMi+LaDIFakH3HXIr9evBMO8laXl3nfBzVxyu5YUsejkD4gXvzdpO6?= =?us-ascii?Q?btHvm5Z4RZw47MRAo1DCUxvTtzlnVKA0/QPzYr7dZsm96NBS64OeuL9nOOpW?= =?us-ascii?Q?8mPnpq4gnJKcSAZIzz95CsdXMVr1WYp19q9mz7jrk5iSNpySBZxLPaC0819L?= =?us-ascii?Q?YWw1z9ubv0ouJg/OPnXi2TMWNwt83u4CRxYPyfwQqsj3Nl/9t8iTlA7qYaB5?= =?us-ascii?Q?zTWgkhDhD1UpY6hn9MaHD0fk3/qmpjbLUEQLd8mMwy9cLANQhBdmW7IcjZPT?= =?us-ascii?Q?9rDYICa1dfIhCITinoyizjyhna2YJGSidpI4WabSMuUbbpqa14I1roaO1lyn?= =?us-ascii?Q?JXe3Zl8pr5I0tMNp6r+pGn6bTQL6OudUY26CzUZdewMtdtKkjRrDzcq7xCYq?= =?us-ascii?Q?p0SzhceuzpPDR3Cwu1X6ptMDuljDH+qEMY/y2p3L8/kkqV3yAno++S1Do6Dd?= =?us-ascii?Q?0hy85raj46U+wVn+yPenFFuqUECQn7P42//8V3hmUpLvR60+s3tUgIlKOEXN?= =?us-ascii?Q?0I29dpWNbenLqloUndlxCOS0dIWbHGD2+xoq6FnB10U7H30m722fRJe7sIuR?= =?us-ascii?Q?80PpP5SM6/aAwY4VtwQZ8Ua+iAoCqY0GXLp5yHhOapr9fhDJaM45c8Z1dAiV?= =?us-ascii?Q?IhrPUVeKwm0rj7DQCAxhnprvfJsUrGJZj2oEfZEDfHcYUrJa2KgTigP6Vp58?= =?us-ascii?Q?AWvGp7MqTEssb/UfPgG6WTKlYoVnEKhUp0KYuIRg/Xug2JZhSA1EWD6wq1mW?= =?us-ascii?Q?hcdJUOhjEWe50bF/BddXfCBljnwluZ06wykY0tkOtSvqh/4DIRXitjx+nLG9?= =?us-ascii?Q?n1ZMRrWKbNZFiP+BLsrFd/0oeiFs5tj9gyFWnntauhQfJhUjo66MdNrlV+Dz?= =?us-ascii?Q?rblzoqfdl+tmiveX+Ut/Zok0J2L232lV?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR12MB6834.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?sue3yvxKN9A0Vy7tKzLMaY8/TVZeM4OdKoqKMhUZX649uKn+vgBHnkD2ygSL?= =?us-ascii?Q?y4YeH3m/2PnVp4TJpDaxzbLVsbKs0nJ9HtH0cH2MTKiiqZIDUlcmucE4Ghc1?= =?us-ascii?Q?Beb6VT004Gu7h79YFvKxcb/9sI5o6WSEimMeptPcr/DNIfEwjsO9Drk3rRcK?= =?us-ascii?Q?cekZFJG2em6UQEkfk1KfBrJOKu7QKRRLMJp2kL9YcgtKqa0KkYflusjboCqX?= =?us-ascii?Q?Cqo8zkj1AcfmPArTU7S2P9S0yFDFz+CHl135lHAMTYPclM7mXc/bhoLBOSFq?= =?us-ascii?Q?jJZKwEESaHS9+vY2jGf1KmaDJq15o3OQJgng179Qf6aEZMvUPHO7YYpYoK9B?= =?us-ascii?Q?275srh3eXaaXhIHwR7yEoGdnOLtUd+R2LtFjFBeHpvH1hPCcsbf7RYSoRa6c?= =?us-ascii?Q?MlBOIpNKV+zrAPTSkgCeMKF7uBG/8T7SwZkJIQcNmykwNBnftWjPVT3RT5k7?= =?us-ascii?Q?59Zzd+bsY1pcTYHaY78tzj3q2T3uViu60z6AH+AI8Of55rNjYjujfIBa7nIh?= =?us-ascii?Q?eYj2p3fvX+6Qwt/T17I2airhqtzweSJHpvIzrEwJaTNpRQyRK/7mxtRENxWk?= =?us-ascii?Q?XL07/ELmu+jn6GWWr7molhp6lvk5l0bRjEkXVEr/r5MwIY9ed6tT1Nglgiyz?= =?us-ascii?Q?eSfRGO7WncURDNSSS1hQE6RG7wORZ10gyHgBCdxYSvsOjmov47iqeP1b2WqP?= =?us-ascii?Q?NejS35mJl0IjD5CFUmkSLvlcU5rvAZG0jXejk0v1HTGSCFSxk9/32rx1xRzd?= =?us-ascii?Q?cDg1Qnh3/PS5EnZsouxyUuUd1PCXqP5/ArQPwD814ClEbGbaDaiDp0FlZuYS?= =?us-ascii?Q?/bTgsmfjJxMM5LMdFY7SEcZ8oziwBPC/IUXcRYkalxMYBPtxiXfCpPDEjkfC?= =?us-ascii?Q?GANkYCN7m8B4cVTRnidAklpblZnanQJWiIrUx8sbmWQEa1KYfsE1j/AD3RUL?= =?us-ascii?Q?M//RYNesNq9AJWP3PBez8k61FSrh2s6Fqmt/iax4wiSrofLwYbE72tlDJcDv?= =?us-ascii?Q?Pvd5RTY5fbm4yrKghlskML0Iih3V/JrpUeWy8DndJpmzJnAJ+M0BkJfkAEDF?= =?us-ascii?Q?VOb+HmpZIbUk0ebFXbK10wCoECIinqwP8ADNpzYvOJskWb6438w/SOstyodv?= =?us-ascii?Q?YJBvwBBMhx08KUA5Iva9Gai63lQ565CSGiwE0dSDV8P/y8aN+YsBL3f2kPi6?= =?us-ascii?Q?GJqTRvI7+mLVQ2ZGaMm3i3Fb9zKSCuC+y3KbfhU3zPRQzrqP0/bm4hgDbMOi?= =?us-ascii?Q?Qo5zlJ52v2JlXDbtak7erUefw2bR+zmXzwhQsPb6kyVxjEHJkpoRjFarwgTZ?= =?us-ascii?Q?X/JxoLpIGzYrthFrKZusCDACQ7P3Se3rGjEQd3Mdccd6iOOR9tc6tdNigu/s?= =?us-ascii?Q?3VHoMQFQ1WUOj5YEkkTSq4A2F4QUFyEFzKIMuRW9v8/qyC9crfaMLWq/lBA2?= =?us-ascii?Q?HDuyN+CT/K8AcMptSfW5K9HQjW4GSp1KMPvpUGTq2VPy0s0+sIWxsZh8hKRC?= =?us-ascii?Q?kFDPllKKeqKFvO9cH2t95R28Byf8JRV+LDF61i2XbLW4C/061PT4lKpBPNQL?= =?us-ascii?Q?On8l6nHifaQ1Yu9K93u8QcwVsbgG8Hi3njsqpiZt?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: c6268c4b-d49f-4d8f-c7d7-08de296dc7e3 X-MS-Exchange-CrossTenant-AuthSource: PH7PR12MB6834.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Nov 2025 02:21:01.5926 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Xt+bov6x6Hs63/Nm6eFX7XY/hOptzZe9ZBXCg/q1SJFDpNtWr2VhDlcVw4I9UX/b3/41GLjZY7kqgOp5GlRwLg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB9559 Message-ID-Hash: P7Z3T3QKZH2I5MWIQESHDROTMHQJGVSE X-Message-ID-Hash: P7Z3T3QKZH2I5MWIQESHDROTMHQJGVSE X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763778771169018900 Content-Type: text/plain; charset="utf-8" Open iommufd FD from libvirt backend without exposing these FDs to XML users, i.e. one per domain for /dev/iommu, and pass the FD to qemu command line. Signed-off-by: Nathan Chen --- src/qemu/qemu_command.c | 8 ++++-- src/qemu/qemu_domain.c | 1 + src/qemu/qemu_domain.h | 2 ++ src/qemu/qemu_process.c | 56 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 65 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 9b08f66175..99c310cf31 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5229,12 +5229,14 @@ qemuBuildAcpiNodesetProps(virCommand *cmd, static int qemuBuildHostdevCommandLine(virCommand *cmd, const virDomainDef *def, - virQEMUCaps *qemuCaps) + virQEMUCaps *qemuCaps, + virDomainObj *vm) { size_t i; g_autoptr(virJSONValue) props =3D NULL; int iommufd =3D 0; const char * iommufdId =3D "iommufd0"; + qemuDomainObjPrivate *priv =3D vm->privateData; =20 for (i =3D 0; i < def->nhostdevs; i++) { virDomainHostdevDef *hostdev =3D def->hostdevs[i]; @@ -5265,8 +5267,10 @@ qemuBuildHostdevCommandLine(virCommand *cmd, =20 if (subsys->u.pci.driver.iommufd =3D=3D VIR_TRISTATE_BOOL_YES = && iommufd =3D=3D 0) { iommufd =3D 1; + virCommandPassFD(cmd, priv->iommufd, VIR_COMMAND_PASS_FD_C= LOSE_PARENT); if (qemuMonitorCreateObjectProps(&props, "iommufd", iommufdId, + "S:fd", g_strdup_printf("= %d", priv->iommufd), NULL) < 0) return -1; =20 @@ -10967,7 +10971,7 @@ qemuBuildCommandLine(virDomainObj *vm, if (qemuBuildRedirdevCommandLine(cmd, def, qemuCaps) < 0) return NULL; =20 - if (qemuBuildHostdevCommandLine(cmd, def, qemuCaps) < 0) + if (qemuBuildHostdevCommandLine(cmd, def, qemuCaps, vm) < 0) return NULL; =20 if (migrateURI) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 7601bdbb2b..d569dd5ad9 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -2042,6 +2042,7 @@ qemuDomainObjPrivateAlloc(void *opaque) priv->blockjobs =3D virHashNew(virObjectUnref); priv->fds =3D virHashNew(g_object_unref); =20 + priv->iommufd =3D -1; priv->pidMonitored =3D -1; =20 /* agent commands block by default, user can choose different behavior= */ diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 4736f1ede5..e55ba1c968 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -264,6 +264,8 @@ struct _qemuDomainObjPrivate { /* named file descriptor groups associated with the VM */ GHashTable *fds; =20 + int iommufd; + char *memoryBackingDir; }; =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index bf245ee8af..83b8a586a1 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -10272,6 +10272,38 @@ qemuProcessHandleNbdkitExit(qemuNbdkitProcess *nbd= kit, virObjectUnlock(vm); } =20 +/** + * qemuProcessOpenIommuFd: + * @vm: domain object + * @iommuFd: returned file descriptor + * + * Opens /dev/iommu file descriptor for the VM. + * + * Returns: 0 on success, -1 on failure + */ +static int +qemuProcessOpenIommuFd(virDomainObj *vm, int *iommuFd) +{ + int fd =3D -1; + + VIR_DEBUG("Opening IOMMU FD for domain %s", vm->def->name); + + if ((fd =3D open("/dev/iommu", O_RDWR | O_CLOEXEC)) < 0) { + if (errno =3D=3D ENOENT) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("IOMMU FD support requires /dev/iommu device"= )); + } else { + virReportSystemError(errno, "%s", + _("cannot open /dev/iommu")); + } + return -1; + } + + *iommuFd =3D fd; + VIR_DEBUG("Opened IOMMU FD %d for domain %s", fd, vm->def->name); + return 0; +} + /** * qemuProcessOpenVfioDeviceFd: * @hostdev: host device definition @@ -10329,6 +10361,8 @@ qemuProcessOpenVfioDeviceFd(virDomainHostdevDef *ho= stdev, int qemuProcessOpenVfioFds(virDomainObj *vm) { + qemuDomainObjPrivate *priv =3D vm->privateData; + bool needsIommuFd =3D false; size_t i; =20 /* Check if we have any hostdevs that need VFIO FDs */ @@ -10342,6 +10376,8 @@ qemuProcessOpenVfioFds(virDomainObj *vm) if (hostdev->source.subsys.u.pci.driver.name =3D=3D VIR_DEVICE= _HOSTDEV_PCI_DRIVER_NAME_VFIO && hostdev->source.subsys.u.pci.driver.iommufd =3D=3D VIR_TRI= STATE_BOOL_YES) { =20 + needsIommuFd =3D true; + if (!hostdev->privateData) { if (!(hostdev->privateData =3D qemuDomainHostdevPrivat= eNew())) goto error; @@ -10363,6 +10399,18 @@ qemuProcessOpenVfioFds(virDomainObj *vm) } } =20 + /* Open IOMMU FD if needed */ + if (needsIommuFd) { + int iommuFd =3D -1; + + if (qemuProcessOpenIommuFd(vm, &iommuFd) < 0) + goto error; + + priv->iommufd =3D iommuFd; + + VIR_DEBUG("Stored IOMMU FD %d", priv->iommufd); + } + return 0; =20 error: @@ -10379,6 +10427,7 @@ qemuProcessOpenVfioFds(virDomainObj *vm) void qemuProcessCloseVfioFds(virDomainObj *vm) { + qemuDomainObjPrivate *priv =3D vm->privateData; size_t i; =20 /* Close all VFIO device FDs */ @@ -10396,4 +10445,11 @@ qemuProcessCloseVfioFds(virDomainObj *vm) VIR_FORCE_CLOSE(hostdevPriv->vfioDeviceFd); } } + + /* Close IOMMU FD */ + if (priv->iommufd >=3D 0) { + VIR_DEBUG("Closing IOMMU FD %d", priv->iommufd); + VIR_FORCE_CLOSE(priv->iommufd); + priv->iommufd =3D -1; + } } --=20 2.43.0 From nobody Fri Dec 12 12:55:09 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763778533491182.0737150910836; Fri, 21 Nov 2025 18:28:53 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id D4B4843FFC; Fri, 21 Nov 2025 21:28:52 -0500 (EST) Received: from [172.19.199.56] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 2C1B74441F; Fri, 21 Nov 2025 21:27:16 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 927A941905; Fri, 21 Nov 2025 21:22:45 -0500 (EST) Received: from SN4PR0501CU005.outbound.protection.outlook.com (mail-southcentralusazon11011028.outbound.protection.outlook.com [40.93.194.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 58BF644039 for ; Fri, 21 Nov 2025 21:21:05 -0500 (EST) Received: from PH7PR12MB6834.namprd12.prod.outlook.com (2603:10b6:510:1b4::18) by CY1PR12MB9559.namprd12.prod.outlook.com (2603:10b6:930:fd::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9343.11; Sat, 22 Nov 2025 02:21:02 +0000 Received: from PH7PR12MB6834.namprd12.prod.outlook.com ([fe80::f432:162b:b94e:d2cb]) by PH7PR12MB6834.namprd12.prod.outlook.com ([fe80::f432:162b:b94e:d2cb%6]) with mapi id 15.20.9343.011; Sat, 22 Nov 2025 02:21:02 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SFVyobRriGKBDEHS8eS9dx13+PYp7RlRV4JAEW5sfH6tbUVizG50QtpVkjmW+nQO8lQtVr2azM3yvVA55c/sgI+AIr7i0+2oOn/qJAnCrgt6c28pVT+M2c7la0N+Pm8mZSMjnEPYuudMwntghDi1u9t1yZhfTxAGI02QxlPiCgP1VgktSYsvNh6rvRPSEyo+hfWBzMrvtHc2qj4/XCJYK/43HvFcgTAJJQyGX5te9V7lbGapF681jmSxH6lNLSOtkyptMPmx1brqlhxzycAcGx4wphtfK6Fa6JjdPBf044ibCjldBLvF3/EskF85/KDP4SsyFS+e9nidnhLkg0RTSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FODaVEbacfCtldfjGwnGbRnAk9BbHrc1xSxv4+fgdUc=; b=cfpYqqS0BN8KBW0XcvA7WxVtqpnCDSj6CdVy4PE+S5D5L21vjS7zLM2WpFNctkR2h8oR7PpNTmEM2UApGNI/LSW4SJP1QRDfuHjckdDT1djkzT9GCG0lnoZQHexzBYEc9uymNg46YawSHt14exbKIYDG4sca6xA/KrP+9VjYMVa3A9Lc0q2yGayIs+5nKFhCJ4qLWg//buvkfwYHRSVSiULzDlgPTfJkvmJS5wq7d4Tem5XIyL1oktSh7WOd6pXsHjLRgbXFOHVbNw8ymhijJYzSfswr2B3xTzYMv7hwvrBVPsngBrQFBrYdEsEKUnLWv9CWjf2qj4mbCkkTerHpcg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FODaVEbacfCtldfjGwnGbRnAk9BbHrc1xSxv4+fgdUc=; b=U0YW8NwkeUYaLYXm0QPqfiCCXzsBEmh4R2Wos1HaXlovSGdY5XmVg24vudPJJk57YyHTO6otsABaVWuPgBaw9iuuWZZ23UX4l+JLH1lbCgjVd8orDqFSKe0qorduQ47gaOfTKWljMWEF2iGg3oIJMq8SIpTA0OiOTgNwPvFF08Xh47spSn/CX7C7cWouonZF5I5sexT1Jy0QqN/zOuuN0x2p4hZtnb5be3eUxIr+F1BCqPopZksf8rfX5HzbKm6g71Sef3vlws152Hv9WyojqEdwTPUoT6C/dvfIYF7Y/69WmQH7/qa34awWLpWam3/lT50AXaU4SF/EXUqTbshfoQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v2 4/5] qemu: Update Cgroup, namespace, and seclabel for iommufd Date: Fri, 21 Nov 2025 18:20:56 -0800 Message-ID: <20251122022057.3440459-5-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251122022057.3440459-1-nathanc@nvidia.com> References: <20251122022057.3440459-1-nathanc@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SJ0PR03CA0374.namprd03.prod.outlook.com (2603:10b6:a03:3a1::19) To PH7PR12MB6834.namprd12.prod.outlook.com (2603:10b6:510:1b4::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH7PR12MB6834:EE_|CY1PR12MB9559:EE_ X-MS-Office365-Filtering-Correlation-Id: c2b1520e-a669-4e69-2148-08de296dc880 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?inaEQq1T/++XMe2RtSvtfq+FBzF6G0cp3lTymfI2jTBkxcQzZ9DEqjx+ND3I?= =?us-ascii?Q?qBw+mac+dGELT5y4mfb6ke6Dkn+hGaWkP2BJJvOIPbopEhjztB4bEtLzslGt?= =?us-ascii?Q?aYEvoTjo9yvw5ZUBv0ei1Y/BYJoqlfRTuK8ObhGi+RXnmu/7cs7zQ3UtA27x?= =?us-ascii?Q?5VNcJgE7bxRA196yQUMUiLhCRvHcChTkM5haU2UIPmtVWs+riaIVzXOl8u5Z?= =?us-ascii?Q?fCXhtMwYwAWIQrYCyb5IiFtg8V7oW7nHla1+HK4h4Qo49i1M36+FRcN/rq3T?= =?us-ascii?Q?2XT4m6rPgznMNlTA9v1bcVywqVitBKsqeAfC5F4hSm5sAt3dNnAdHQjjo5FE?= =?us-ascii?Q?hshMmJOq/2AJN+R+BwdW5JIPY1VUxcLM7vJvtCnGzXr/bjI7N4OnMIsy5f4K?= =?us-ascii?Q?XHxUb4g5fwlttbV7taYukJ0DEYgJ7IYwfGsHL8gGILud6dMN2EMgRDkbXNm7?= =?us-ascii?Q?usLv4J4efeA373sBbVM58REiA/B4U86haqawkr57900q6jd6ZC2zsU1PmrRN?= =?us-ascii?Q?z6AU18DC+whjDQWpvYKH6ggl7G8XuDT07mQXb86K5O3FmoztIgXFngxu5Jl9?= =?us-ascii?Q?UhoH1DAkxv78iv44EVr1dKVxxuG+IJJMhia0VbVOi9n2/qWF6yNsU68TCNXM?= =?us-ascii?Q?x8uSZTrMtERZx7klrtH9Tj345a6f+LqaGm4ioosJaN+ICWBYHLpkdAlFE0k7?= =?us-ascii?Q?Zx0p4AT1srFIpY3i5vyJFqAtRKjLgYU3Ew3AWls3RJfGNcD8xs+KQD0XJUgC?= =?us-ascii?Q?Dj0KCDWIZySsNXw/3/9Lzi68dRT7QJ8BCZki0gCoaGdbGVSOq2BgQWWYro+q?= =?us-ascii?Q?q5MfxwAVTbGxn3QEjmoiiK8fdmDHqBWn+IQ0Ug2REvKJ53cHH12KC9okDVxK?= =?us-ascii?Q?WVDfgrNhsui/iH18KdFjiJMDi+bDuirAQ5coNUOYQje2hVtAx75YrEOptuik?= =?us-ascii?Q?oqZCYPGmY29hVk2gvKoSVpUchIHlXbMSg6j55l0j1Lv9+hSJ3zuuhVzvXL8b?= =?us-ascii?Q?5+RKEZni/GREgxyaFrqXay5+1XDChe2f8Ced8YDtMfkF9Y7GDDLU+sqi9uOm?= =?us-ascii?Q?WKLYsbeXYKe33cJgmA0eAMumvzVFqUTDhTjQALqZsGaSsb+5dwNnyBYpHXGZ?= =?us-ascii?Q?K6b8Qq2w9vzLIb4nYVpnuDtaL/fb68Dyo7QId3efKtQFCBJHiwJPf7v4mDmj?= =?us-ascii?Q?cPJq3QdbXCsIypQH0Hfsl/9995VynwC0mODNGqrCV6U2OTZgM74UqftYppj3?= =?us-ascii?Q?GaQBqbGWXR5YwuC5lkrY7ejFsBud7DWH++pJu66NL/TCPVZz349xpY9mjYNx?= =?us-ascii?Q?dVr1+VQYSXaN02t0dpvoY7v6pNcr1xEbrEfPg0LTN+KKF41kxGWAbtOPOOTX?= =?us-ascii?Q?boAsrkwYgLGZawooEXGkFUvk78vSRIF9H2vyXduhrtxIBgx3u50wRA7V4Tri?= =?us-ascii?Q?jNmFCNmJniv4hZSkxPNZmwh0L9jIwznT?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR12MB6834.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?Q5tc1H4X0SkeEMgSMgbgS8drEkbPxJlto+sQsFGCMAoqiwPtWigPMITXCLsu?= =?us-ascii?Q?rCClZpyRDD89h4NKvf1pNMadiGK2kiQOfYKxZKYkJZa/73bwGI9AGwLxDXjp?= =?us-ascii?Q?RUqBqMu66x6hUB+X11JT/GvwtWBkWlP2QHfQoT9UwGwebjMB5FwCra8DB6n7?= =?us-ascii?Q?k4O97FEu4uv+Pt34VlZRUCm1FVr2MsGKMsfT8vOsajFKD+29BtYRpOP+v2dK?= =?us-ascii?Q?0ctscymwWys1OlbZlxtp+xJ6Vni62om/u6XbW2AUo6WnuqYKAYFnK1tECPh2?= =?us-ascii?Q?8ONfItmbDC+s/2V/Vl7p+IyCKE027QyXVRU60AoiujLRMK6EmAW/PAQWxKUD?= =?us-ascii?Q?SB8nAwb0X7c8r6cnl2lyY/PTh5PrmQgooBHADmX6bD37dIvW4Z/WEDUnYis3?= =?us-ascii?Q?8CRYYbAkzcRig4ssQL8KYU33R8vA2ARCI3/PTAH6BAOVQfzwMzTnnui1qwm0?= =?us-ascii?Q?J5ZEPN68QAKJRaE5HLEhvAZlmboVDRoPTzaXlaQV2pjksL/gnjv2uDrCGVjP?= =?us-ascii?Q?JVjyuW02cFDMVfgqCXCsgtTolecULDwpACeHNwqW5TjCt1v7AOijVjAY/GLB?= =?us-ascii?Q?Jr/gTnaC6Hz8BP+OuJTg9Evigjo8pQFkdmqki0L+/OihtU3xrK76HF///X5d?= =?us-ascii?Q?bthwgPZ8uDRtrzUmBo6W/b/oqVZQtS8C1KJHsPn6u9xnGTotaWFhrDLopT7J?= =?us-ascii?Q?79z4EwFHW9VNS85rRa2QDPTtCVIq68/TdHH1qm2al8S0ygzvwuLWgKeCIHiw?= =?us-ascii?Q?UfiJZUHWp5QCTWEE6DPQBJ+qjzaMAVVCC3HfooyJ68px+xU0Raz8zeK2LyAk?= =?us-ascii?Q?LHkHem3Ykj16hBrWKOs/g76yjoZWpRsXK/gK1icdS1rCGRurZyHYfVq6Cemz?= =?us-ascii?Q?rng9VgUY52qyBVACRT7rdCza4+6C0mNbPQMUkVJujof3Q14XTBkfkT5kpFI+?= =?us-ascii?Q?PSTmMAQDtRTl66+DZzvm1XMGuSGA1WrCt5tFTqsYME81KHI8fspb/pMJ1xj1?= =?us-ascii?Q?s149H73dlIVrRfknDEgGzvx6UNLZRJUzYCP1lGsoD+mGfyrMAgw+wdubFUhl?= =?us-ascii?Q?o+z2POhcCTpNDcsNR+EktXL/UsSF4/8HzYm5RcPfdbLI5qeoktdBF1uOPjTg?= =?us-ascii?Q?S5J45JmfLuKyvIwEjtXoumct7gVh0/Ay0DJ2HbE8CRk/wG0glKUzKhAXOTff?= =?us-ascii?Q?FGCRof4xTnmACtoSjf4wQmMPBMddHeUBzTAIsHWpd9raFJVi/d8+jWxZnmqa?= =?us-ascii?Q?J4dFzdbLSzeZp+5TbHD9qq4jJZrrBrxXBBPm5YJ1Q7B59In8SOldf6eaMXUS?= =?us-ascii?Q?5Hq9WzUat/z47XQnBV9nHjCp6Z8HEANaT22qG2Fnk0Td1cAtBmVO+dae/zUf?= =?us-ascii?Q?RFMhUO79w8B5IQo9CMCl8w+RDFanDqSJYAg3dfN7sk4F7a7M8RiGmyl8OzQP?= =?us-ascii?Q?NaI4CVLjim06Wz+rZHGR6ub0cPGcm1SNC/Kd47vItMpztQVRk6jO8jJNtkWa?= =?us-ascii?Q?VWlVYJioytp2e1+BabNXsyD42SGfR5lC9WzchfM54aRUjfBPHiL7Y41XUIUU?= =?us-ascii?Q?PHZkGiUwAyo2wIviBQJk+hNnjthY2AbJPBemJbky?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: c2b1520e-a669-4e69-2148-08de296dc880 X-MS-Exchange-CrossTenant-AuthSource: PH7PR12MB6834.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Nov 2025 02:21:02.6140 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: sXfzV1dpfRxt8DO3m//wK85VOq7mF5F5YlnwxX7W/QBnM/FGUWVysmtyAk0cxYeiuRFbeOrFyO+tZF6DYNTVHw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB9559 Message-ID-Hash: IZPFODDZZYWOZ2EJN2P2ERUKWUJF44YT X-Message-ID-Hash: IZPFODDZZYWOZ2EJN2P2ERUKWUJF44YT X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763778534394018900 Content-Type: text/plain; charset="utf-8" When launching a qemu VM with the iommufd feature enabled for VFIO hostdevs: - Do not allow access to /dev/vfio/vfio and /dev/vfio/ used by VFIO without iommufd enabled - Allow access to /dev/iommu and /dev/vfio/devices/vfio* Signed-off-by: Nathan Chen --- src/qemu/qemu_cgroup.c | 26 ++++++++++++++------------ src/qemu/qemu_namespace.c | 16 +++++++++------- src/security/security_apparmor.c | 18 +++++++++++------- src/security/security_dac.c | 28 ++++++++++++++++++---------- src/security/security_selinux.c | 28 ++++++++++++++++++---------- src/security/virt-aa-helper.c | 11 +++++++++-- 6 files changed, 79 insertions(+), 48 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 46a7dc1d8b..b3610b31ca 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -479,21 +479,23 @@ qemuSetupHostdevCgroup(virDomainObj *vm, g_autofree char *path =3D NULL; int perms; =20 - if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE= S)) - return 0; + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_BOOL_YES= ) { + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DE= VICES)) + return 0; =20 - if (qemuDomainGetHostdevPath(dev, &path, &perms) < 0) - return -1; + if (qemuDomainGetHostdevPath(dev, &path, &perms) < 0) + return -1; =20 - if (path && - qemuCgroupAllowDevicePath(vm, path, perms, false) < 0) { - return -1; - } + if (path && + qemuCgroupAllowDevicePath(vm, path, perms, false) < 0) { + return -1; + } =20 - if (virHostdevNeedsVFIO(dev) && - qemuCgroupAllowDevicePath(vm, QEMU_DEV_VFIO, - VIR_CGROUP_DEVICE_RW, false) < 0) { - return -1; + if (virHostdevNeedsVFIO(dev) && + qemuCgroupAllowDevicePath(vm, QEMU_DEV_VFIO, + VIR_CGROUP_DEVICE_RW, false) < 0) { + return -1; + } } =20 return 0; diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index 932777505b..489b13261b 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -343,15 +343,17 @@ qemuDomainSetupHostdev(virDomainObj *vm, { g_autofree char *path =3D NULL; =20 - if (qemuDomainGetHostdevPath(hostdev, &path, NULL) < 0) - return -1; + if (hostdev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_BOOL= _YES) { + if (qemuDomainGetHostdevPath(hostdev, &path, NULL) < 0) + return -1; =20 - if (path) - *paths =3D g_slist_prepend(*paths, g_steal_pointer(&path)); + if (path) + *paths =3D g_slist_prepend(*paths, g_steal_pointer(&path)); =20 - if (virHostdevNeedsVFIO(hostdev) && - (!hotplug || !qemuDomainNeedsVFIO(vm->def))) - *paths =3D g_slist_prepend(*paths, g_strdup(QEMU_DEV_VFIO)); + if (virHostdevNeedsVFIO(hostdev) && + (!hotplug || !qemuDomainNeedsVFIO(vm->def))) + *paths =3D g_slist_prepend(*paths, g_strdup(QEMU_DEV_VFIO)); + } =20 return 0; } diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 68ac39611f..d66f035e52 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -848,14 +848,18 @@ AppArmorSetSecurityHostdevLabel(virSecurityManager *m= gr, goto done; =20 if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_= VFIO) { - char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev(pci); - - if (!vfioGroupDev) { - virPCIDeviceFree(pci); - goto done; + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { + char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev(pci); + + if (!vfioGroupDev) { + virPCIDeviceFree(pci); + goto done; + } + ret =3D AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr= ); + VIR_FREE(vfioGroupDev); + } else { + ret =3D 0; } - ret =3D AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr); - VIR_FREE(vfioGroupDev); } else { ret =3D virPCIDeviceFileIterate(pci, AppArmorSetSecurityPCILab= el, ptr); } diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 2f788b872a..93a9268389 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1282,14 +1282,18 @@ virSecurityDACSetHostdevLabel(virSecurityManager *m= gr, return -1; =20 if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_= VFIO) { - g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev= (pci); + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { + g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGrou= pDev(pci); =20 - if (!vfioGroupDev) - return -1; + if (!vfioGroupDev) + return -1; =20 - ret =3D virSecurityDACSetHostdevLabelHelper(vfioGroupDev, - false, - &cbdata); + ret =3D virSecurityDACSetHostdevLabelHelper(vfioGroupDev, + false, + &cbdata); + } else { + ret =3D 0; + } } else { ret =3D virPCIDeviceFileIterate(pci, virSecurityDACSetPCILabel, @@ -1443,13 +1447,17 @@ virSecurityDACRestoreHostdevLabel(virSecurityManage= r *mgr, return -1; =20 if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_= VFIO) { - g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev= (pci); + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { + g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGrou= pDev(pci); =20 - if (!vfioGroupDev) - return -1; + if (!vfioGroupDev) + return -1; =20 - ret =3D virSecurityDACRestoreFileLabelInternal(mgr, NULL, + ret =3D virSecurityDACRestoreFileLabelInternal(mgr, NULL, vfioGroupDev, fal= se); + } else { + ret =3D 0; + } } else { ret =3D virPCIDeviceFileIterate(pci, virSecurityDACRestorePCIL= abel, mgr); } diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 2f3cc274a5..af6b938641 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2256,14 +2256,18 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurity= Manager *mgr, return -1; =20 if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_= VFIO) { - g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev= (pci); + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { + g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGrou= pDev(pci); =20 - if (!vfioGroupDev) - return -1; + if (!vfioGroupDev) + return -1; =20 - ret =3D virSecuritySELinuxSetHostdevLabelHelper(vfioGroupDev, - false, - &data); + ret =3D virSecuritySELinuxSetHostdevLabelHelper(vfioGroupD= ev, + false, + &data); + } else { + ret =3D 0; + } } else { ret =3D virPCIDeviceFileIterate(pci, virSecuritySELinuxSetPCIL= abel, &data); } @@ -2491,12 +2495,16 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecu= rityManager *mgr, return -1; =20 if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_= VFIO) { - g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev= (pci); + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { + g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGrou= pDev(pci); =20 - if (!vfioGroupDev) - return -1; + if (!vfioGroupDev) + return -1; =20 - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfioGroupDev, = false, false); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfioGroupD= ev, false, false); + } else { + ret =3D 0; + } } else { ret =3D virPCIDeviceFileIterate(pci, virSecuritySELinuxRestore= PCILabel, mgr); } diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index de0a826063..ea05f2c5f7 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -878,7 +878,7 @@ get_files(vahControl * ctl) size_t i; g_autofree char *uuid =3D NULL; char uuidstr[VIR_UUID_STRING_BUFLEN]; - bool needsVfio =3D false, needsvhost =3D false, needsgl =3D false; + bool needsVfio =3D false, needsvhost =3D false, needsgl =3D false, nee= dsIommufd =3D false; =20 /* verify uuid is same as what we were given on the command line */ virUUIDFormat(ctl->def->uuid, uuidstr); @@ -1119,6 +1119,9 @@ get_files(vahControl * ctl) needsVfio =3D true; } =20 + if (dev->source.subsys.u.pci.driver.iommufd =3D=3D VIR_TRISTAT= E_BOOL_YES) + needsIommufd =3D true; + if (pci =3D=3D NULL) continue; =20 @@ -1344,10 +1347,14 @@ get_files(vahControl * ctl) if (needsvhost) virBufferAddLit(&buf, " \"/dev/vhost-net\" rw,\n"); =20 - if (needsVfio) { + if (needsIommufd) { + virBufferAddLit(&buf, " \"/dev/iommu\" rwm,\n"); + virBufferAddLit(&buf, " \"/dev/vfio/devices/vfio[0-9]*\" rwm,\n"); + } else if (needsVfio) { virBufferAddLit(&buf, " \"/dev/vfio/vfio\" rw,\n"); virBufferAddLit(&buf, " \"/dev/vfio/[0-9]*\" rw,\n"); } + if (needsgl) { /* if using gl all sorts of further dri related paths will be need= ed */ virBufferAddLit(&buf, " # DRI/Mesa/(e)GL config and driver paths\= n"); --=20 2.43.0 From nobody Fri Dec 12 12:55:09 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763778932956504.75244132139164; Fri, 21 Nov 2025 18:35:32 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 3F54841905; Fri, 21 Nov 2025 21:35:32 -0500 (EST) Received: from [172.19.199.56] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id D14BF44888; Fri, 21 Nov 2025 21:27:43 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 9A5DE41827; Fri, 21 Nov 2025 21:22:48 -0500 (EST) Received: from SN4PR0501CU005.outbound.protection.outlook.com (mail-southcentralusazon11011000.outbound.protection.outlook.com [40.93.194.0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 8DABD440A2 for ; Fri, 21 Nov 2025 21:21:06 -0500 (EST) Received: from PH7PR12MB6834.namprd12.prod.outlook.com (2603:10b6:510:1b4::18) by CY1PR12MB9559.namprd12.prod.outlook.com (2603:10b6:930:fd::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9343.11; Sat, 22 Nov 2025 02:21:03 +0000 Received: from PH7PR12MB6834.namprd12.prod.outlook.com ([fe80::f432:162b:b94e:d2cb]) by PH7PR12MB6834.namprd12.prod.outlook.com ([fe80::f432:162b:b94e:d2cb%6]) with mapi id 15.20.9343.011; Sat, 22 Nov 2025 02:21:03 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HPCyOOQsed3Wj+eb06vce2l79PX0qQEIqVAMd20lgYSc1jrs71E9pUAboYC+0VGPc6DkVmqbdrmQ5fPXKGvXg2cg7D8/nQRYgMXIMU2AzFvaa3VJ0m5bKmcT4/wXHHOBvwCEWUF39hp5UIyer66xyyLmzf9VcyFhecQFnwGo5c07lirL0FQAi3DlPd3hvkl8IqVQDyB3IBfpYkG5ogVIsdjXDY0bf5F3dgjvjkSUd8pqAY0MXFvVh1XzqXGcvsMWyFCJqERwLytQSRZvRon9u6GBSfJz8+AuvpewdzQ6jf52ewG38gyCFVNDQqwORMdQ2yHIiOX0l410zhwuXSYpJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HMkDTJy7HBk0ELKChk+CC83+RqzORq0r0UJm2lReUso=; b=sPoJszXV0S6Oe6f5HtCqSvTCpE+UjZCnYPOsI94tdb1dbvG8RWAOb0Zp57aj2xaWLYPn6LkcN6zHlHLI04IPHC9Rd7NkG8vcBWgew7m4/wwa6uItihWcCqHnsIhthwLFuJv+AWbyLkGaRGr1g/3j+Giwxq9czoRrhKX7+8OlQGhjQD6Fn3fPtx0LCthVrvUph5mDanJILzYLrL4vyMadKHw4FvB7l7q8lDhTeFq35UNuqm0kxrIHKkoLAoH5oUhqZVzyQRxxy0ywNGV/CmDkrW9oqao/vy2zZvj/t8/H3fNzfXtwvO7ozdBL00Au0/teYvKiYm2xCpRfLKIFQEaBoQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HMkDTJy7HBk0ELKChk+CC83+RqzORq0r0UJm2lReUso=; b=ZjG63FemSz2dt0AJB4jLEMvVxKuMl30++BuOR4l1B0VJefRzOp/tO0ORjP8hr+1f48iNyRY0xI8AWujNddNpYCrPH3sJVNQ/uZbBwcUYShsGHF8JePxcSBWY7BkusRXvuOX9r+Pn7eyvUMtzRaEJxMCkDCLKXDOuH7Rz+IkFYmO734vgcegohh9EhLrrIUce3ZgOG251jrYAxEqBugO45XxBl53aZD9381ZPjD2lvzplfuo/MMFKXKsuF2NJT/b4RKTCoYE5cUqTrCuPDOAIZOKEzpZZOVrJuVbg8cjKgmpU79L1tpBWaVje/9biOOyQGm8Tsdw4nd/t+VuPDpi86g== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v2 5/5] tests: qemuxmlconfdata: provide iommufd sample XML and CLI args Date: Fri, 21 Nov 2025 18:20:57 -0800 Message-ID: <20251122022057.3440459-6-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251122022057.3440459-1-nathanc@nvidia.com> References: <20251122022057.3440459-1-nathanc@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SJ0PR05CA0128.namprd05.prod.outlook.com (2603:10b6:a03:33d::13) To PH7PR12MB6834.namprd12.prod.outlook.com (2603:10b6:510:1b4::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH7PR12MB6834:EE_|CY1PR12MB9559:EE_ X-MS-Office365-Filtering-Correlation-Id: 834755fe-e36f-4901-378d-08de296dc91a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?os1v9sWNds9p61Ym8OwdfN2CrxnfWtLwkX0xGN60KnN0NQ5H77MIH7UDaaf1?= =?us-ascii?Q?GWN5zpSgV9UKcVnHHVNWe3pU/+NPfCOlxmbLBfPsdOjWDNEbD7tmLktFIq/m?= =?us-ascii?Q?PKiUqpqTq/F1FpVDCpyrwsS4XEvsDT79uuOUrTKMoKwRmh2Z0TYawuODO28y?= =?us-ascii?Q?9EWCQJZCqdyg9Ie3WZXXwqGkhlTyhJ0GibV3m95yWwgqy/kVv9Gp7OH2m2/7?= =?us-ascii?Q?MmfAesU28YJy3SY6Db4v2EwMDwFuQX7cGrSc6PjyPfJpOHp1lMBb1/9qOZ/X?= =?us-ascii?Q?rvgm1PkpE+njkF4OuE/bb829YtFRZrdTSClG0hQIacJiwCTIbm+SWTisk3u2?= =?us-ascii?Q?bWRAyCwvbEgNHKwQQpDDzAtMoybTyhwp5rJJ/+IZGv1Pmjb90nVTfg6+oQTd?= =?us-ascii?Q?aYhmI6LTBhLEY0tJydl+mciU/X5cbY/aW2FwFulNWIZiWRCSpgdKqLzatXY6?= =?us-ascii?Q?JAlESeYCyys8cWFjQjudd32YUwzOPIKktf1oRVZ8UhjPgI7F2bYhVzmu0a6U?= =?us-ascii?Q?YbnyD7+GXcBU73hA+EZ8UbdM7xy09hrUhJnpYL70qzZ4H2yeaEPlhs/Ma7lz?= =?us-ascii?Q?yavKDLyXWZk6+853TXJo8G3/CFEGHKCLhcAdlBlY5ElQ9i5sNmwObE1OFufe?= =?us-ascii?Q?WvUyLOLnEWRqlE+zuf5S6jpgfa2ZQ1sJV5twzAunJJtHDXnNyFaIUTOJea9b?= =?us-ascii?Q?gwygycszB2D6BCqG66t8pYbSlVKwlpEqRDxMQAf810U1hQr9tlL7Q7TJBizJ?= =?us-ascii?Q?6oKvMnE8HbfWBJNhQOSmAz8kCAaCbj1VubH9EFMHwIOgxQGq8oa8FiVdZ8oT?= =?us-ascii?Q?8KaTGqsBfPqBDR4gl8hZ1+rVYspZWrjqnymtNRJRItCutf/+aF6mWa0D6ZDT?= =?us-ascii?Q?cB2nd7YBof6qGgYPfgDZ6U/tBKyuO2xsinxxKndY9Uw1BOMyNBNQ/uNa0kCA?= =?us-ascii?Q?VwAfR4vOBddMP1jgjUjV2xO4AEV1/p8tyMA6NjIuqnIaPkFZwOZJtsTH0CCm?= =?us-ascii?Q?78r6eF1Q0+nJjTpORfvLuoLc50PRDxVab4M07mX/i/pgPWfx85e0Oo2Osx0f?= =?us-ascii?Q?lp1Eq7WBYpsguuqx/vpjAKGBj80+a+kgD7NA0UHZDzKNNW4NE4kjQaX771Gp?= =?us-ascii?Q?wYl82CYSBcOqhlchHSZKNTj+SWypb9wFk43MkA/r1QOZv7Tr4dq1gUdfSsj6?= =?us-ascii?Q?eOy8lvLVBlmau2Sp5jzPyR8k1c639YU0EwQgtbiDnX6Cshil3kSX1dOWdON+?= =?us-ascii?Q?CL2FBvBJ4GKZ/kzPtO9XcVnrWsc3J8Ixm/866rf8JdOwBvUI4+BlmKPieutj?= =?us-ascii?Q?t2W3enVBClhkCiJaMXMHMok1ngs5YjCpm66/GWpnCYfvQLFRS8NdeQbqzFfM?= =?us-ascii?Q?zmq7K2Hj1uYIkuqETAViSCOiuW2munmDJ58HHVYcBzkBzQuexWtlSVw++5YT?= =?us-ascii?Q?qMIzoo3cUVY/1i9P9o+Qn1QeL7qemgtn?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR12MB6834.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?BJFYZgHz31gP25itPbJdnc9LutL4EhHLPxkuY5m0r62j/sRit29O558IdVUp?= =?us-ascii?Q?XzSf/hiMhQI95QOQw/qv+Zui82t+L8ymdUKAw/I4PDLECchDUh2bDuffVI2e?= =?us-ascii?Q?NMZDwjBvfMu5691JpXTWOCNo1SbvO6e+iMvaahkctpdVCXNd24diHvC6OcXG?= =?us-ascii?Q?EKZCctZKtm0GudZtkzDRcUTMVXx3tZddgA0jdMoQjaxrEXDu95ofFEqyF1Gw?= =?us-ascii?Q?Pfw2MMLZ+M2xIIjTTkMFapBXCcxULEq2WXnW9XY86m+uAco9UiqDHVJ/5Xbw?= =?us-ascii?Q?bydQEH91l39dO7t2WOsr0krspLrQr4YcE/+bU19Jx3SH2IClyVyUuMkeO9Ts?= =?us-ascii?Q?+t1crOcxkMkTmRJLzD43BcX/xvYJmKwMxrdeYg3cK3Xhl/lG/CQiUAFTgfEO?= =?us-ascii?Q?SjNlVGY+iabw+QHtWYgy4G078iyhAMPD9b/RA2RX0rck5iFw17vTKhRL8+Va?= =?us-ascii?Q?6/eC9rGTBR+ZCS2pGuCGjd0yPDqfh00Yug5w/qA1RRg23OJ63lo8Z9UaTRuT?= =?us-ascii?Q?iqVkf1B6n6M5cSLrysZTbTvMpfg/a5UqAm39jv+8CaQsQpoEqL/1OIQrtCfP?= =?us-ascii?Q?6i0q7wulP0JqS/gCbqd4ue+NZRtq0gIfY0ZeZhIsy1C9XQsppME7DCgd5hYB?= =?us-ascii?Q?O4VRl7atN1NLxmuadeyqDOdNg+bKCFQhnaz3gZdB3L8knKHt8VpoYZOTxr9p?= =?us-ascii?Q?CbkQ8KN0vv+tnjp0n5xYD/MDqlM/F/xCBgBVCUHShxj2JBrcCNPVCh+vIbtT?= =?us-ascii?Q?DiSP32EzjbsGATLHTafqdWupfgkFY4PFflQ9HfqtkwgznNjpAM7cI/DV3YGI?= =?us-ascii?Q?oY7p6Has2Xuj9IORcETqXEraSqD6XIdp73TN077BWl23jMThYr895KzTRNw8?= =?us-ascii?Q?pUBJlC1CVIEu1HVyfX2UiShpKZTY+ewTi2BrQefmBkKISwrkj2eI/tOVGVdr?= =?us-ascii?Q?4AvNSCQhS0z2D8nW12EpBOdlrsguDgKbGqLCyltaI3qH/rocCTBB+lEr+QGJ?= =?us-ascii?Q?uGTonzmEk4OcFsNOwV/snFQMjybQJ2mgCDgjZnTrG34TVKPcfTBikUmkik2M?= =?us-ascii?Q?wPF+O3MGd16tqNRYkOmNjK77mYw7LA+oCQljCF96AuBC6+Un/KzVSk8SMwX6?= =?us-ascii?Q?BX6AfSS9QqnrB7a+Pw8n+GgBDiuh1y+nk5oud3xLQnNi+VZrnX/WG/GSjLJz?= =?us-ascii?Q?5GjCdFVVePRCRzn7z36wX/drfQHT8qsyoX2llZU/OsMTq70th6XfWngA9sy1?= =?us-ascii?Q?D6/VbqvHbguBSYpBwi9OBlSjnzGBykNVYJXweKlZlMnxAOvJwQBh6i9ON/j5?= =?us-ascii?Q?+rLoMyq3xy3J37R9UzXAtqnhae0qyeFghCEMZBY2plApH16mWNZC9Ja7V2bu?= =?us-ascii?Q?aKUu919SLUU1RmTI5fubl7Q+4fNPtbJoT5HEK80yTu+PMm1ouwpLbO7mIRtS?= =?us-ascii?Q?I6JBKOpkLUDU/UceRNGRHXodmX6U8NxnpmLPe7jPlZkyaEkUQFjIjTRH45wr?= =?us-ascii?Q?WLS/UkRjH7CO59Vn18HAmzlLoCVKsnZJQyaAE/tgBvGAXFgfbb0mrKe+9qY1?= =?us-ascii?Q?e7eR7R4R0JHfRJASWIbGEUK8oBUFYOhdwnrcZZSb?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 834755fe-e36f-4901-378d-08de296dc91a X-MS-Exchange-CrossTenant-AuthSource: PH7PR12MB6834.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Nov 2025 02:21:03.6266 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: baHFIMPl9eneIRCiCNiOtpE3l7HBFvADZoRY6oCU7waqksgnUXb1VjUTFZNoHLl+AJh0CJ0W77zaFuUFKoY2Lw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB9559 Message-ID-Hash: I7HLFAOO6XHCSMJYLMZ6X7Y65PYEBNMU X-Message-ID-Hash: I7HLFAOO6XHCSMJYLMZ6X7Y65PYEBNMU X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763778933661018900 Content-Type: text/plain; charset="utf-8" Provide sample XML and CLI args for the iommufd XML schema for pc, q35, and virt machine types. Signed-off-by: Nathan Chen --- .../iommufd-q35.x86_64-latest.args | 41 +++++++++++++ .../iommufd-q35.x86_64-latest.xml | 60 +++++++++++++++++++ tests/qemuxmlconfdata/iommufd-q35.xml | 38 ++++++++++++ .../iommufd-virt.aarch64-latest.args | 33 ++++++++++ .../iommufd-virt.aarch64-latest.xml | 34 +++++++++++ tests/qemuxmlconfdata/iommufd-virt.xml | 22 +++++++ .../iommufd.x86_64-latest.args | 35 +++++++++++ .../qemuxmlconfdata/iommufd.x86_64-latest.xml | 38 ++++++++++++ tests/qemuxmlconfdata/iommufd.xml | 30 ++++++++++ tests/qemuxmlconftest.c | 33 ++++++++++ 10 files changed, 364 insertions(+) create mode 100644 tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/iommufd-q35.xml create mode 100644 tests/qemuxmlconfdata/iommufd-virt.aarch64-latest.args create mode 100644 tests/qemuxmlconfdata/iommufd-virt.aarch64-latest.xml create mode 100644 tests/qemuxmlconfdata/iommufd-virt.xml create mode 100644 tests/qemuxmlconfdata/iommufd.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/iommufd.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/iommufd.xml diff --git a/tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.args b/tests/q= emuxmlconfdata/iommufd-q35.x86_64-latest.args new file mode 100644 index 0000000000..7d819e141b --- /dev/null +++ b/tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.args @@ -0,0 +1,41 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/var/lib/libvirt/qemu/domain--1-q35-test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/var/lib/libvirt/qemu/domain--1-q35-test/.local/share \ +XDG_CACHE_HOME=3D/var/lib/libvirt/qemu/domain--1-q35-test/.cache \ +XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-q35-test/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3Dq35-test,debug-threads=3Don \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/va= r/lib/libvirt/qemu/domain--1-q35-test/master-key.aes"}' \ +-machine q35,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dpc.ram,acpi= =3Doff \ +-accel tcg \ +-cpu qemu64 \ +-m size=3D2097152k \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":2147483648}= ' \ +-overcommit mem-lock=3Doff \ +-smp 2,sockets=3D2,cores=3D1,threads=3D1 \ +-uuid 11dbdcdd-4c3b-482b-8903-9bdb8c0a2774 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-boot strict=3Don \ +-device '{"driver":"pcie-root-port","port":16,"chassis":1,"id":"pci.1","bu= s":"pcie.0","multifunction":true,"addr":"0x2"}' \ +-device '{"driver":"pcie-root-port","port":17,"chassis":2,"id":"pci.2","bu= s":"pcie.0","addr":"0x2.0x1"}' \ +-device '{"driver":"qemu-xhci","id":"usb","bus":"pci.1","addr":"0x0"}' \ +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","no= de-name":"libvirt-1-storage","read-only":false}' \ +-device '{"driver":"ide-hd","bus":"ide.0","drive":"libvirt-1-storage","id"= :"sata0-0-0","bootindex":1}' \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-device '{"driver":"qxl-vga","id":"video0","max_outputs":1,"ram_size":6710= 8864,"vram_size":33554432,"vram64_size_mb":0,"vgamem_mb":8,"bus":"pcie.0","= addr":"0x1"}' \ +-global ICH9-LPC.noreboot=3Doff \ +-watchdog-action reset \ +-object '{"qom-type":"iommufd","id":"iommufd0","fd":"-1"}' \ +-device '{"driver":"vfio-pci","host":"0000:06:12.5","id":"hostdev0","iommu= fd":"iommufd0","fd":"0","bus":"pcie.0","addr":"0x3"}' \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource= control=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.xml b/tests/qe= muxmlconfdata/iommufd-q35.x86_64-latest.xml new file mode 100644 index 0000000000..bb76252b61 --- /dev/null +++ b/tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.xml @@ -0,0 +1,60 @@ + + q35-test + 11dbdcdd-4c3b-482b-8903-9bdb8c0a2774 + 2097152 + 2097152 + 2 + + hvm + + + + qemu64 + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + + + +
+ + + + +
+ + +
+ + +
+ + + +