From nobody Thu Jan 8 11:56:10 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1766110974870938.6768629670636; Thu, 18 Dec 2025 18:22:54 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id D27ED419A5; Thu, 18 Dec 2025 21:22:53 -0500 (EST) Received: from [172.19.199.83] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 3285B41B20; Thu, 18 Dec 2025 21:19:50 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 5D42B41853; Thu, 18 Dec 2025 21:19:32 -0500 (EST) Received: from BN1PR04CU002.outbound.protection.outlook.com (mail-eastus2azon11010055.outbound.protection.outlook.com [52.101.56.55]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id BCE4E41853 for ; Thu, 18 Dec 2025 21:19:30 -0500 (EST) Received: from SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) by CH1PPFC908D89D1.namprd12.prod.outlook.com (2603:10b6:61f:fc00::623) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.8; Fri, 19 Dec 2025 02:19:27 +0000 Received: from SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc]) by SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc%7]) with mapi id 15.20.9434.001; Fri, 19 Dec 2025 02:19:27 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=miJCxX9EmSZdjq9S3W3Z8CSf3wqt3Xh/Bdx1sK5MTPU/CfdhrPqQ/VsWhiNQjgXRB8j5iVpjZ3NXso1HdMdbabjspEfdo/cAPc6BneYePjXUeymjqR0iEapbumkERW3FaNhmQoIFtu4XJpO/vTmiqxfnYeNPTeXdv8n59Rc0F6f5UfUAHA+H+l9rvkyymvQ8z8p0fRnyD8M9YCPfWfNT66d0S6303vJvrRmheQ8TgNBtKm3b85U1b8R0aUreXM2h2eePwVecgvlw9AnCIWingsY1efB/fH4GDw3UxHRlQwAjvup4dfeT2msHhNTpaV/nORzfbQVeMgja8v4Xu3zk7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3wTtO2ZA/pOH9zJ39JBubt/USt+35sAkxzBAJQmccJQ=; b=bOeX7tjkektS/Zxnc7GTAsUZJGVXTRFZu767SI1pT3DBjJRRH5OWM+0eVX8xqugi2Yo0w+I0WJjS8qrfClUp6OpuikplV60ovbrtJxKtVJ7w9FehqHDjMr1GAM1NdWCboEoZLWhb7G1Ned9j8SzNeH6TPbe0Ohk/lUC3kREA8NeMef3Xr3OgMepu+kJRanbmxYyir+AvqTyyq1s9EHUQg/ASdgP8l09TdTD8DOnCsCHaB9eJteoCziiIp8sc4Z/Cr2UOkvMuhjpu8wydHkCoNFX/CmyUKVTeKDLbYCpNFGJ/0XfAq1JFF77XUNrAWWjv+rfisq+bPdG+i439ixZeSQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3wTtO2ZA/pOH9zJ39JBubt/USt+35sAkxzBAJQmccJQ=; b=MOjqgHokBB8Aj7h2VEvjrFy4VxfcAyoBDzzpdH/e1BzkYk6EYCx4Rqd0pLWhnGb1ps7gxvXaNSmu8u2sZ24h4G31+gp6hQM5RFCGNQn090oruIq1UHiQ4aRHoPRheH+BJvjfQajcIyByze5irmaQcFdpot8vLLp/ZCeAxuwe42Qe1SOvbmaWa5Rm2aQ5GJkasU1bgiAL0QWat+o3akiQecmkZ3hPc3ZBio1IiRs2GJg8FhqGXfzcDDhBHKsobQAkf5ErDgNcaqUwvKrV99dCjZD8uKTMaUhecZdh0QujLfDfxnpZg5ezq1nnXcIUVYWhEiYLtshxSdlEQzDPKR7/vw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v3 1/7] qemu: Implement support for associating iommufd to hostdev Date: Thu, 18 Dec 2025 18:19:19 -0800 Message-ID: <20251219021925.1864433-2-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251219021925.1864433-1-nathanc@nvidia.com> References: <20251219021925.1864433-1-nathanc@nvidia.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BY3PR03CA0004.namprd03.prod.outlook.com (2603:10b6:a03:39a::9) To SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN7PR12MB6838:EE_|CH1PPFC908D89D1:EE_ X-MS-Office365-Filtering-Correlation-Id: c6bc7476-57d6-4335-580c-08de3ea50905 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: =?utf-8?B?TUplNGhyZFp2aVBQNVhTTWhuN0xXdDF2SlpFOEhsYW15MXVsNk85NVAyV3kv?= =?utf-8?B?RFkwMHBWeVZpY3dZbEdLWTdwWExtS0h0QTBwS09zTGpUQWtGSzBpU05FWlBP?= =?utf-8?B?aVY1eGpMeW1zeklGMGM2T0Flazc4c3Z4U2kvc1lVL3IxUkxGR29iTDlvODNJ?= =?utf-8?B?YmYrcFNpRTZ2Y1hMS1Jpd3Nnc21zVkRtN1BLeEpzU3gvcmNpY0Q0MVRadDY0?= =?utf-8?B?QmkyT3hRWEpFNk1vVTlHb2dTMUsvVzdxS0hKZm1SakJCUUo3Z3lLMG5Yblc4?= =?utf-8?B?dmJxMUZybDV3K2xMUmJvcnZ3aHBqS1FWZUQ4bzBBOHlOWXdGdW1xQkN5dHBh?= =?utf-8?B?M2prbURab2dtQXV5QVNxQUZuZ0xMaXJnMU9nem9wY0xIcloxWUozMElWcDNm?= =?utf-8?B?dUY4WDBtejlnWWk2Lys0citnQjZsTWFZRm9qL2JLY3M3THpMVWdLUllsMFBT?= =?utf-8?B?c2FvWU1jYng5UGUybnBEd1QzdkR3U1lhSG9heWtoeGxSZm93bmhvZUt4M0pD?= =?utf-8?B?SXZZb2JhMVhMWGVlYk8yZjdidGlBVS9oNnpPSExtQ01Ic0tqbTg0M2dmV0hD?= =?utf-8?B?Vm0xd2h6S2s0bEkyQm5mMXc5c0dpNkpQelo0TE9mTTdCbHp5S2FCdXlyTFkz?= =?utf-8?B?clMyZGRCYXg0SEJlN0MwcjNKSXhTa2FmSU5wcExDZWRQTHlEYmN2R21WTllS?= =?utf-8?B?ZEdHNkI5T291NVN4bDdJZVFwWWsrUm9BczRIZ2ErQjJyOUMydG9QcjRueUZ4?= =?utf-8?B?VzE3dDNNWXU5N3MwTm9JQTRwNmJONnNYV1duK1pZTDJPeUF1b3VCa2lUQUVr?= =?utf-8?B?Q3VSTVJ1QnVpcmRDTzBaMGhBTkhUbkYrbGVWSXlRV2Npc29jQkhMMVNXZnZn?= =?utf-8?B?eG44dnl2THJJVkwvZ0c4TXg5NHlKVFN3Ry9nR04zT0hxTE0wS2lRWU56ZEs1?= =?utf-8?B?OC9vQ254K0NtS0VXNjlZQmJlZmdTdENvZytRcWdJd2h6U1ErY0tCQTlUZXBx?= =?utf-8?B?VGJnYzE0OWlZUjVZSS80Vy9mTnhrRlA3UDdkcFBpQzB6MWNUV2E4MUJxT3Rk?= =?utf-8?B?cUo5V1hTcFVyT2pveldnanRPTzJOeEIvanhDcURMUVRvaEJXbGYvTGdhUkVx?= =?utf-8?B?OU14ZTVaUWppZEplNXROZitJRldpY2JtZ3ZHNXRlMjR5UjhFRVMraVl6SERP?= =?utf-8?B?K2JlWWVkT1haMjIzOVJTUGdoNjBZVzdoanhkaU5RUitmdzlNTGVYVGpUUHUz?= =?utf-8?B?RFZmZ09NNWtuc2oxcUpubyt4QTZqQ21WY0Q5VjQrY2FmTTVHMnEzVE16bEpn?= =?utf-8?B?aW0xWUFlLzgzYWhiN3U3YUJXUFNZdkpwTUZ6akF4dHpoWmlvQnZWaGlCKy90?= =?utf-8?B?d1FJaE1EYURRazhyeHhZMGFnSmFTc2hrQ1ZwK2VSbUwxZW5FRE4zUEpBc0c4?= =?utf-8?B?NFppVDd6ZUtoTkFtUm9YM0RzbzI2UVFiVGplaERiT2VYYUpIVHA4cWZFTHhI?= =?utf-8?B?ektleGh2dzVyL0g0T1hDcHlxK01jalFWVVgvYnJhcnphZldpQW5JRGh0Z0V5?= =?utf-8?B?UE5XSEp3Z1pPUFhUMW1kYWpuajViT3hNeG84RFlTVE5xNG55LzFzMGorNG1j?= =?utf-8?B?RUs5WExEVXJOTnJYR3VqbnNEajduM25DUDdqeDhCbEVIU1NPSEZtN1JGdHVL?= =?utf-8?B?QTE1L0xlRlVMN0x1ZkxyWnpOdTJaa2dhOFFsRU9uenc4dFdyL2orSkhkMWp1?= =?utf-8?B?MFFzMm1hUDFTK3pSQjdXSEZadGpTTHp2MkkrbnFHaUc0cEw1clozQmRaN1F5?= =?utf-8?B?emVLVml6YnJGUjJ3ZnE5QlZ3NG96VzhPd0VQditNOVF1SEdVSmI0cU9IS0Nj?= =?utf-8?B?VjREV1E4SVNxU2Y4TnliQ0Vac2R5Vk93aW9scDZPUERQSnNuYmVvTCtnUTJF?= =?utf-8?Q?3v/tqLu+q+dXhhmV0tJ2DMBjuYCPYysG?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR12MB6838.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?YlEyOGszNXU2SDNJVWpWVXpLb1lvTFVkSWtrTTg5TkN0YUlIcGI2Z1VqemNR?= =?utf-8?B?WHNkbW1uMzEzV1piN1lFTzBZQi9OdHBGVm9SMU1OdTFaeHkrT2FPQWFDQkIz?= =?utf-8?B?cWltSGQrZTBKV0Z5VGk5NXVQQ2wvUFlRL2VUNFV1dmNEM0hZTWIyOGFZZTBZ?= =?utf-8?B?cllxMG1sekhDa0hzdVZuckNKazNiUU94UndYU2dXbnZMdkhwY1FqWHVTSDZy?= =?utf-8?B?UnVSQXVxaTFYWWtGb3NPZTB3NlE4ZHkvbmpjUHBSWkdCVU1hdkdWNmVuSENz?= =?utf-8?B?SGF5WFlxNkYwTkcvL0tIaFpMWk41VlN6UHZUbkNCdmFMZHN4NHZjTE9HaCtD?= =?utf-8?B?N1BJcC9ZUlVwQXViY1B4N3JTM1N4MjJVYTQ4clRFeTRKNDdIOEdGVGhTWWJV?= =?utf-8?B?YmQwZ3dYMGZEWW1zUWJMOFdBZXdlRGpWQ3Zkam5KdTdsU1JnTjFqU01ERUFv?= =?utf-8?B?Q2htQ2Q1c0pUMEUzbzFMSm04Sm0wOS9hTXFIYytTMm1acDZDbHh6SFk0U0s1?= =?utf-8?B?VU5hVjZndW1UV1VRNitkUmRvVS9GWDR0YkVrZHFSZHd2Qkh4K1pTRkh3ejRU?= =?utf-8?B?cHBEeUppWlBhRkhURzEycTl0dVAwOVRHMnVFZC9YSGZxbVpIUUpRUHNjQVlT?= =?utf-8?B?YisvSW9VRkl1VzJXamlISzdjTWZtTTV2SXU4R0J3bExZRjdDQ0VxOWZEOExU?= =?utf-8?B?TzFPYXkxcVhzY1ZjbnhidTVHYnR1ZjFFSEJ0akNKMWlhS21obFJwS09JcnBL?= =?utf-8?B?bWIxaVBuTVAyZkxyL1A5NXpjSndiV2J3Qm56QnpRck0wd0NHTk15bVVNVnRJ?= =?utf-8?B?cENVL2xucVpBcXdGaXliSi9RMUlsUzBkUFNVdTBhaE9XNEVJVkZ2SzVnZThF?= =?utf-8?B?bHhKSUJSRjc2OFNnVmQrdzNKVnVKZVVOL21pdlF1UUZLdm9wUEx1SktiNGV3?= =?utf-8?B?RTBPeUJhZXlTUzVjYTNpMkFLNCtMUHdobzRtVmVURXJqYlQ1Si8rSVJSQTVY?= =?utf-8?B?TlJQZFp2Rmprdkh5cDFCWGRXaTV6djBWT0luamlsaHBtdDg5ekRZVmExMmVL?= =?utf-8?B?QzVnYkZDbnZtUEM5T0JDMUpRbU1oakRrdm9CTmtmNDRYejJXTzhHV0l3TXFO?= =?utf-8?B?MXRFTFJaZkZUUkdzNlh1OWpZK1luTVFQeG8yTVF1N01pNk9yWmdlL2d3UjBj?= =?utf-8?B?M0w1Sk5TekFwampSRTdNQjUxK2kxYVRXU1ZRUHFDNndSaU5FWnFDR2dyb0NS?= =?utf-8?B?V3R1Z000M29Jd2ttSG5lMTNpMElzbzVoUUNVOXhYV0NPdGxEcXdYaVFwMFl5?= =?utf-8?B?cWRma3c5NnEvTE9qdlREdGE0UktIREdrczRwREFnMmVsazlDZXNzMUdTZk9p?= =?utf-8?B?T01QTTFVVHlyaFNySWR6WFNpV0lXUjYzaHBpa0FxbFMwWUxoVFRJRFlFVzc5?= =?utf-8?B?L3h5eStiSURFdjRneXVmRTRYaXhUcldoSzcvbVdMSFF1Ni90a0Y5aWRhK1Zo?= =?utf-8?B?am1YREEvMEJCOUlvNVBVNDlxbHN3LzB1ZmwzOXZ0Ym1tWWwzMnF6WWJvK1g0?= =?utf-8?B?elZTZ3dWOE5MZFh1THI2bERjWDRzTHZBeFdzbWxleU5BR1pFbnBFamR3R0Qv?= =?utf-8?B?MFNXanptVUI5dEs3WUQ5UmJWYnZLaXdEemhjUzByNjNpeGpNNmMzS0dlUmI1?= =?utf-8?B?OUJPK2tZZWRvajdTdUJ3MUtTWTlUeVdOZ21BZ3RmeEtLVUxjY1l5V2IwbnFE?= =?utf-8?B?QkhWcjcyby91bTYvQXVaZ29iRlZEeFUrZzYxVklxRkRJRy9vbWJ4V29TTUtm?= =?utf-8?B?Qkc4U2hwTkg0MSs0czBqbnVEWmVwalUxTlZHRUdkQ0prV0Q0NjVxMUpuNFEr?= =?utf-8?B?VFdNODFiYUROQi9wSThxcCtMMU1EYmlxSUJMclVYdm9tTStnbm9QcnczSnJX?= =?utf-8?B?V2Q2Zk1tRVBOazFucVRqaCtyMUZyaDJKOC9hdHRQL2hEcUI0UTJmZGlBTklC?= =?utf-8?B?SnFzV0haYzdWSXUzLzdhWHdGNW9tLzI2aDlTbmV3eTlWV0JOeVdxWlZjVVZT?= =?utf-8?B?WTBxanRpaHdYWW1ycithVzZwMmR5a29XbnE3czVVZEtPbHlqWXg3ckc4VElB?= =?utf-8?Q?oHwDUMU4y/JTQAL++Cs2t3iOT?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: c6bc7476-57d6-4335-580c-08de3ea50905 X-MS-Exchange-CrossTenant-AuthSource: SN7PR12MB6838.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2025 02:19:27.5931 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 87KQWt5PUMPb6NkHYH9O3tleecUVXE6PGWUYEB97JiNTbLg+SbaLwuSzUEA5o4fss5dh88goQwuXeFxgDoEDmA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH1PPFC908D89D1 Message-ID-Hash: ZRUWOEN2ZURO24U35ODYYYWXBLSBW2FG X-Message-ID-Hash: ZRUWOEN2ZURO24U35ODYYYWXBLSBW2FG X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1766110976932158500 From: Nathan Chen Implement a new iommufd attribute under hostdevs' PCI subsystem driver that can be used to specify associated iommufd object when launching a qemu VM. Signed-off-by: J=C3=A1n Tomko Signed-off-by: Nathan Chen --- docs/formatdomain.rst | 7 +++++ src/conf/device_conf.c | 11 ++++++++ src/conf/device_conf.h | 1 + src/conf/schemas/basictypes.rng | 5 ++++ src/qemu/qemu_command.c | 46 +++++++++++++++++++++++++++++++++ 5 files changed, 70 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 1467fc7e10..c8f827d460 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -4907,6 +4907,13 @@ or: found is "problematic" in some way, the generic vfio-pci driver similarly be forced. =20 + The ```` element's ``iommufd`` attribute is used to specify + using the iommufd interface to propagate DMA mappings to the kernel, + instead of VFIO alone. When the attribute is present, an iommufd + object will be created by the resulting qemu command. Libvirt will + open the /dev/iommu and VFIO device cdev, passing the associated + file descriptor numbers to the qemu command. + (Note: :since:`Since 1.0.5`, the ``name`` attribute has been described to be used to select the type of PCI device assignment ("vfio", "kvm", or "xen"), but those values have been mostly diff --git a/src/conf/device_conf.c b/src/conf/device_conf.c index c278b81652..d68232a4f4 100644 --- a/src/conf/device_conf.c +++ b/src/conf/device_conf.c @@ -67,6 +67,11 @@ virDeviceHostdevPCIDriverInfoParseXML(xmlNodePtr node, return -1; } =20 + if (virXMLPropTristateBool(node, "iommufd", + VIR_XML_PROP_NONE, + &driver->iommufd) < 0) + return -1; + driver->model =3D virXMLPropString(node, "model"); return 0; } @@ -93,6 +98,12 @@ virDeviceHostdevPCIDriverInfoFormat(virBuffer *buf, =20 virBufferEscapeString(&driverAttrBuf, " model=3D'%s'", driver->model); =20 + if (driver->iommufd =3D=3D VIR_TRISTATE_BOOL_YES) { + virBufferAddLit(&driverAttrBuf, " iommufd=3D'yes'"); + } else if (driver->iommufd =3D=3D VIR_TRISTATE_BOOL_NO) { + virBufferAddLit(&driverAttrBuf, " iommufd=3D'no'"); + } + virXMLFormatElement(buf, "driver", &driverAttrBuf, NULL); return 0; } diff --git a/src/conf/device_conf.h b/src/conf/device_conf.h index e570f51824..116b959143 100644 --- a/src/conf/device_conf.h +++ b/src/conf/device_conf.h @@ -47,6 +47,7 @@ VIR_ENUM_DECL(virDeviceHostdevPCIDriverName); struct _virDeviceHostdevPCIDriverInfo { virDeviceHostdevPCIDriverName name; char *model; + virTristateBool iommufd; }; =20 typedef enum { diff --git a/src/conf/schemas/basictypes.rng b/src/conf/schemas/basictypes.= rng index 5689170fad..381e0ac24f 100644 --- a/src/conf/schemas/basictypes.rng +++ b/src/conf/schemas/basictypes.rng @@ -673,6 +673,11 @@ + + + + + diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 98229d7cf9..98e4469c25 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -4760,6 +4760,7 @@ qemuBuildPCIHostdevDevProps(const virDomainDef *def, g_autofree char *host =3D virPCIDeviceAddressAsString(&pcisrc->addr); const char *failover_pair_id =3D NULL; const char *driver =3D NULL; + const char *iommufdId =3D NULL; /* 'ramfb' property must be omitted unless it's to be enabled */ bool ramfb =3D pcisrc->ramfb =3D=3D VIR_TRISTATE_SWITCH_ON; =20 @@ -4793,6 +4794,9 @@ qemuBuildPCIHostdevDevProps(const virDomainDef *def, teaming->persistent) failover_pair_id =3D teaming->persistent; =20 + if (pcisrc->driver.iommufd =3D=3D VIR_TRISTATE_BOOL_YES) + iommufdId =3D "iommufd0"; + if (virJSONValueObjectAdd(&props, "s:driver", driver, "s:host", host, @@ -4801,6 +4805,7 @@ qemuBuildPCIHostdevDevProps(const virDomainDef *def, "S:failover_pair_id", failover_pair_id, "S:display", qemuOnOffAuto(pcisrc->display), "B:ramfb", ramfb, + "S:iommufd", iommufdId, NULL) < 0) return NULL; =20 @@ -5320,6 +5325,44 @@ qemuBuildHostdevCommandLine(virCommand *cmd, } =20 =20 +static int +qemuBuildIOMMUFDCommandLine(virCommand *cmd, + const virDomainDef *def) +{ + size_t i; + + for (i =3D 0; i < def->nhostdevs; i++) { + virDomainHostdevDef *hostdev =3D def->hostdevs[i]; + virDomainHostdevSubsys *subsys =3D &hostdev->source.subsys; + g_autoptr(virJSONValue) props =3D NULL; + + if (hostdev->mode !=3D VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) + continue; + + if (subsys->type !=3D VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) + continue; + + if (hostdev->info->type =3D=3D VIR_DOMAIN_DEVICE_ADDRESS_TYPE_UNAS= SIGNED) + continue; + + if (subsys->u.pci.driver.iommufd !=3D VIR_TRISTATE_BOOL_YES) + continue; + + if (qemuMonitorCreateObjectProps(&props, "iommufd", + "iommufd0", + NULL) < 0) + return -1; + + if (qemuBuildObjectCommandlineFromJSON(cmd, props) < 0) + return -1; + + break; + } + + return 0; +} + + static int qemuBuildMonitorCommandLine(virCommand *cmd, qemuDomainObjPrivate *priv) @@ -10932,6 +10975,9 @@ qemuBuildCommandLine(virDomainObj *vm, if (qemuBuildRedirdevCommandLine(cmd, def, qemuCaps) < 0) return NULL; =20 + if (qemuBuildIOMMUFDCommandLine(cmd, def) < 0) + return NULL; + if (qemuBuildHostdevCommandLine(cmd, def, qemuCaps) < 0) return NULL; =20 --=20 2.43.0 From nobody Thu Jan 8 11:56:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1766111086111759.816027201382; Thu, 18 Dec 2025 18:24:46 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 3E4ED418DA; Thu, 18 Dec 2025 21:24:43 -0500 (EST) Received: from [172.19.199.83] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id E0F1941BB2; Thu, 18 Dec 2025 21:19:55 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id EC63541848; Thu, 18 Dec 2025 21:19:32 -0500 (EST) Received: from BN1PR04CU002.outbound.protection.outlook.com (mail-eastus2azon11010028.outbound.protection.outlook.com [52.101.56.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 33BF941858 for ; Thu, 18 Dec 2025 21:19:31 -0500 (EST) Received: from SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) by CH1PPFC908D89D1.namprd12.prod.outlook.com (2603:10b6:61f:fc00::623) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.8; Fri, 19 Dec 2025 02:19:29 +0000 Received: from SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc]) by SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc%7]) with mapi id 15.20.9434.001; Fri, 19 Dec 2025 02:19:29 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=RFjCLFFGKt9DC/bZ1P+FJ4PyyeNsMM5HbpP4PbQWKAbZ2uBMPW2zdiKx/CgSGhLtiN+Dvj1I95cNcs8ymn+U+B//BkSQcFzPL4hBFyoOVlkJwu7k6hfBUWeZ0pAdTMcCRswVsRh9t1Ry7FfI5azUI9GdniEVJw4/9/ZM3LtBQoDRhgOkvoZkvVaNmlCZAOeXtJ6IiaooSkH2XURDivK9qbjbyIzTibL48TMgd8JZ+gbL5afgkASwNwqdnvI8iNkadFZ4BtKHrXqtvPKyP7rAh9X+twIc2qm5xSwcoacA4GZhEW+vNP3ACNFejD3lO+WHZgXjINr09Ux+anCbKiaJkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SAIH0Nmq5K6feJcqqiwS2Bnpqa77YbaWLWgLPH0dipE=; b=ufXzTRPLM7mTzWJSnFe4nxeWN8DHAhZ7pwVr8eEmcmFBxG2prGYiYmVcZbY7B+UAxiuq4aoG5cTipbrU3nqUSGawd7hVbxMI7X+nbgYsHUM/y6HExaMIbg0+ym3F5CFnnFVVKkNLbYCLdy8U2IxVe8UKwg54yCcpG8ESa4DuWOMN63N6M8yIrl++0KGavNSLYU77hY8TIxgUkz6FgL/1GTyI0uiBE2d/n+Frblj0/O2Qloyfcei5jvnc+x9aLBRGzODjs3uFYhND+zh3tnt20Hkvo/4AEkQ7oDpW4MUKVdatmIq30jgqyvddz/GExppp2KXLE3Jx/NCqYADy/wd7Uw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SAIH0Nmq5K6feJcqqiwS2Bnpqa77YbaWLWgLPH0dipE=; b=SIG5HyO0E0PUfsolfb0pZyxgV4IAWd4i+YRoUsHUY4Tj73bAOlbkB8bzexbA++KMS2MKYph5W639xfB8KetMnKNxHBPSq5tx3+Y7E2zc0wQWB63kWTFw9r907kSPJwute5PUXNEdJvxij4P44szTZKAO5L3LpDQ9e6fhGTh5yFD7SREDwcewH9CblpVoi9N7Q4chiEDeMAZSB+IXiB9uDyE002dmgatey2Xf+VWJMb4emQCv7W9fmvjtll1mju5iIkniBQzPQaB37zNDFnWD5FoqJoD38SrVDQzef4tXm762FGU8xMx5Ayl18U9rWyfZCxnULsNxWuTSIRuOgHK2yQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v3 2/7] qemu: Introduce privateData for hostdevs Date: Thu, 18 Dec 2025 18:19:20 -0800 Message-ID: <20251219021925.1864433-3-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251219021925.1864433-1-nathanc@nvidia.com> References: <20251219021925.1864433-1-nathanc@nvidia.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SJ0PR03CA0281.namprd03.prod.outlook.com (2603:10b6:a03:39e::16) To SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN7PR12MB6838:EE_|CH1PPFC908D89D1:EE_ X-MS-Office365-Filtering-Correlation-Id: eac6e7a4-aae0-46fe-bbd2-08de3ea509d4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: =?utf-8?B?WlVPRUM0c2EwbE1xVmk5VGYxcThDOGNIS0w5ZVVNa09JVXVaMDRoaWVSRHBK?= =?utf-8?B?UnM2VFdQQzNSV21xVUtrbnU4aXZodGgzMTNDTnJnaHVkWi9PaEo2cU5RWHZE?= =?utf-8?B?bWY5ZXB1d2F3VFptbUoyQytQVlV2YXVjUDROKytiemx3OU5RR0tFOWh0ZGhq?= =?utf-8?B?K2QyNkJpbEpsSXhtL0t1SU13Nk1LNVFyTlhncFdBT1g5bnR0T05sYk5BWjYr?= =?utf-8?B?WUlGZUFQUHE4MDJvUFdVTkV0dk1qb0d5ak9Hb2w0WVZwSDlTNXdsQnZkTVMr?= =?utf-8?B?bjJrSUh3NXJtUmtENXQvM0JVWVFCMHNPZHY3UXBNN1lzRy90TEdjREpkVlIr?= =?utf-8?B?MnRMZlVmMzU5N2Z4Ujk4RlV5eEJOL0t3TC83ZVdrZlVSdnBJbjJQdklpOVpl?= =?utf-8?B?QjZIcWJ1MDA3ZTBZTHBYVU1lbllLOU10dnNqSWQrRWM4aEQzVWd1NG1UNloy?= =?utf-8?B?MVJZcFBvWEE4YmFiZUdXVG5GM2FMakNqREN4OCtHWEEzbExrU2FlaC9SWHFq?= =?utf-8?B?dHpZcnVHTVJHV0c4SEx4NWRzOHA2dGpNWlRSRHd4NUJvbUR2b1BnMGV5d0xz?= =?utf-8?B?MmpKZy8zVnhUbm1kWWloZ3N0N2UrdHY4SlM1L0pHS3lEVHJnTWorcmVFUHha?= =?utf-8?B?Y0l2TTJxYktWNStrNjh3NjM3ZjhBZjdZd1FMMEdHS2ZsWVErMjNWWk5YRFVi?= =?utf-8?B?ZG1tai9odkYxaVlCTDhEdzVPTHpXcDArZ0tRVDJhbG1FQlNZY04xWWZObEJ1?= =?utf-8?B?OG05dUVVU0dJTkNiMm9adHVCd2FYWVNUVkFoOFhZSThvOUNQUFZHdW1YeDBo?= =?utf-8?B?QUYvUGYxbWFobEJKV0ZONy9GSG56SFE1MnpxN2dpVmZRQytWNDNrYi80dzVV?= =?utf-8?B?aEFkSkIrRVUwN29RbVBrbkxINVpDSzN3Z3huWXRuN0NuV29XTVJQSGY1MHN2?= =?utf-8?B?bG5Ya1Z2eTgralJ6eVNVYzRMd1IxYTdrN2laR3hRQTZBNmJaQndKcnlycHVP?= =?utf-8?B?VUQ1czB3Qm9GNzZ0ME9YeEM1ejRsWVhyWlhkK09SZDMxS01HcS83S2lUQ0VI?= =?utf-8?B?UG9JQXc2MlNUUFRzYlBqV1RVenBnNnB3T2tTQllmRTZ6VjFqenNDcTl2SnBD?= =?utf-8?B?aGFoUjhTZkJjbjNDQ096NnppNDBYaTFUcEZUR0tmc01xZ3NpbmNSd09kNVhZ?= =?utf-8?B?R1RBT0kwNnRMamsxanZ3S0JCempHQTBxekVVWFN5cm45TlRyQWRjM1ZCL3I5?= =?utf-8?B?OWJHVkUwdWRuMXk3K1ZYTS9mZzZoMjFXTHMyM1ZHditHOUNmb3dsbGJUZFl2?= =?utf-8?B?T0lhMWdOTUdzckkzZW5NdlNySm50SWlPcmU1OTdCanBoc0hsOE8zbGpkUnBN?= =?utf-8?B?czk4UmNhNS9xU3FPbTErRCtyOUxMZTlEdVZuWjBVOUh6QnV4TUgySWpCeEVD?= =?utf-8?B?NWJrZzRkeVphUTJVd21OYmtoNjI3a1J2eCtzQUlKUi9qSWNNTHpLb0loL284?= =?utf-8?B?ZzBZRDNGalh6bVhOTVhxaGdCZ0U3MkVuNnE4eE1yeDNSK3grNm1lZ1cwU3dL?= =?utf-8?B?aTZMUWJDL1JtTm9XSGZ1Z3l3NFVBRjgwMXYrMllEeFRaQ3VDeExMdEVxeGZG?= =?utf-8?B?UStIamEzMUprMjBCcjlvMGE4cmxUbTZGVWRDbklSU3ZHUy9jdFgzVmV0TU0x?= =?utf-8?B?Y05RZURMcWxBbktFbk90bmtHQitlZk5pOFg4eTFlOS9TWDFRTmk0MzhGMjJ2?= =?utf-8?B?QUJwOEdDS0djZG8vc3YwUFU4NjZ2YitOOHIrT0Uzd3VicHZLMHFkaXpNTnBN?= =?utf-8?B?cWpMTEJuV1NWZ1BnRURwUG5RdE5uRldPcGFIb0lSYlo5dlF4MkRUdWhBUmVm?= =?utf-8?B?c0MvQjVNRytuRUt0TmxPaDRKZ3p0Njg0cDZUcnJjSFFhSHYzbWJoZ1NJdis4?= =?utf-8?Q?5l2wCR0z/bR1/zTgYY4p+ox3KUJy6YdS?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR12MB6838.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cit1U2U0eEpnbHh4U3N0ZmpYQ29aWm43cGdJWWJoNWJ4KzQwaS92R084dTlX?= =?utf-8?B?Y0JTRkRJMFN5SXVOL05qMkxabXR2OU1NUVdwSEN3NTIwRGc0Y3NRZ0EyMkFu?= =?utf-8?B?cFljUklsUXBtSVRRcy9Mc3JEMFliQ3dtRjNpS3pNK3NDNXloN3E0R05adDda?= =?utf-8?B?TXFISXFReTQvQmVWUVlNSm1pVWhQdi8zejlRU2ROQU53Z2daQjhsRVNCbHk1?= =?utf-8?B?NU1HaTE3MWRSTGx2N0hPUytXUkllc2dPZ1ZQeUtnVW5TK2hTT2E4Rnd2aTYz?= =?utf-8?B?cFhrcTk5azZXY3B0M2pxU1B0aXo1MkcvTUZ0UG0vM3dqc0o2OEpEYlJiWTRa?= =?utf-8?B?MDM2Ni9wUzNNTW9QYjZPa2hiUDgvY2tyUnc3bldRRHIwVGlVNkF0eHg5eWhI?= =?utf-8?B?QXpsNU5FN2pmeVNPYUw1cXhhdWZ4b0FCQ1pseHB2NW9XNlYrSjJlT1lnN2ls?= =?utf-8?B?WlFQZ01OVFpIMmo5aUpLKytSUkt2clBHVU1uaWRobVVlL3pyY0NhdGNBU3pE?= =?utf-8?B?Y1RQY25tUS9yWXc3TmNCRllLNldUSzU0Vlc3bHdjaTk3UjcwZmgxeG0vVlBN?= =?utf-8?B?UEFYT3ZWVS9WS2RnTmI5cmNSdURrWlJUQ0tWMjRMUStETzlsU2NRdis1Tkxm?= =?utf-8?B?ZzdZNE1GeVNDaVRSQXZnNlNMVDNKdWQ5T1ZIb0xoaEFMUk5ROVR5SUUxSzZC?= =?utf-8?B?S3pSYmM5T09zcTFLaGwwdm5QNG84emMxRnN3RzFzM3RrV3VBMi9HVWxweXc3?= =?utf-8?B?T1lrSGNaalcwaTBnREkzVlZxR28rZkpadit5bDdmbHhoZlduUXhKb0FyN09B?= =?utf-8?B?T3gxeWpaeWZjQncwWHZLc1JYTFpzNWRkc1lsS2RJUWhQUFZsZ2lGaDZCN2Zs?= =?utf-8?B?cEFweWRGTDlOSGVRdG9YczA3TzZPbHZkOUlkUlZWYk1IV3RIRU8rWURZd0FD?= =?utf-8?B?aXlTQjBybUYvL3hOSEhiMjcvVG9FVTR0NTNkQnFmWG9SeXBRd1hsMjBTVUps?= =?utf-8?B?SHpTdVc5Z2F4dkFhNXlSb0pYZEpoT0tiS3MvL0drT0JiMmZvM2J0QitTbU5B?= =?utf-8?B?eGlTRktFSi9MaUdBbzlHWjVvSEpZaTVOcW1PMnhIRHJTdVZCR053ZzN2dit0?= =?utf-8?B?c2lCWkVZcHl3dUs4c0ljYktRUlVmcmQzTGxDMWc2UUZXZkVyRG9EUTRWbUxI?= =?utf-8?B?S2E0MDFSVmhHbVZTUWxTeDBYRGZ0Qkg0dENMV28vL0RWall3eXJVaUJ0MmNp?= =?utf-8?B?VXR5UWpFbWpwcTVxcFFMWlZjZVRSWmd3clVVV0NsMGlZS0hMVWlENGpmUW9U?= =?utf-8?B?WjJEUGZlb2svZHRMT0I0NmlLdEM1NXhvbXkxa2VsMEVpUGRLN2tNOHJMd1Nt?= =?utf-8?B?dDRtL0lGODZBcTBvK1R4cjZ6dVZUeHpyaVV6RlkrRmh0QXpKT083cWNPVXE0?= =?utf-8?B?NGZyNUxNdEgxVG9saGVPWDlPdXk0TWp2V2d2cG9TbjZoSGQ5WmNuczdqNjk0?= =?utf-8?B?b0VTMW1tTWNGVHRvSE9nZktxQjcxSVdpSDdJMlBWWGVVYWhUU2htc2NFNHM2?= =?utf-8?B?UlpyUk5pOGZqZi9OUExZL1FjQjlqOVdEQ2RrOWYreUJodmlZTUlwVHZseUpl?= =?utf-8?B?eUtqeWpqampvUVlrVGVxMkhoMElaZHJQQklYYjhna3pTcGdubkg3UVZzWHBH?= =?utf-8?B?N1lCL2ZQQ1M0TExRTHg4SVpVaVdOUjlvMnc4OVhKczJPOCswdEYycnBSd2Fj?= =?utf-8?B?VGc3TTdka25VYy9ldFN6azlheXB3TndFb3Z2TDJpVjNzQ2JBRnkxbFRuKzdT?= =?utf-8?B?RmF2R0hHWWNPbnFKVVlvNEpVbDgxTnZ2bWdLYi9FUi9ua1E0LytEQ0lnOTlC?= =?utf-8?B?bEs1NldNeExJNzJ1bFpPcFBSc1ZPK1dYa0t5Y1lNL0pQOVdSdW5PN2JKQUtu?= =?utf-8?B?d3RFZ0pPUGtnL0p3S0VRQ2I1NG1XOGNIUEo3NVdabEg2NmQ4ekNjd0l4MTJ2?= =?utf-8?B?MTZhVEo1anNEYitrUGFBOG1BRzZIMFovcHYvbnRjbnRUUmI2OHowcVdRZTJ2?= =?utf-8?B?U0N5TlNiVVV5emFMc1BBUmk4MzZzSDUvcExmOE5iLzVqSE1FVmk3Qms2RHFk?= =?utf-8?Q?VAaJeit8djduEoTmkX5FGYhQg?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: eac6e7a4-aae0-46fe-bbd2-08de3ea509d4 X-MS-Exchange-CrossTenant-AuthSource: SN7PR12MB6838.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2025 02:19:29.0220 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4fw2jg9p9iL66YDI5LdWFVgsIO84ZuxAZf78QIQTRBzA8HUj9maeBUJBS9S+GNmDhhkD4e3lTCJc5/0kG8/s4A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH1PPFC908D89D1 Message-ID-Hash: GP63SBAGTGNI6GMXOZ33DOE3ZRQMHKC5 X-Message-ID-Hash: GP63SBAGTGNI6GMXOZ33DOE3ZRQMHKC5 X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1766111089315158500 From: Nathan Chen Introduce private data for hostdevs and allocate hostdev private data by default. Signed-off-by: J=C3=A1n Tomko Signed-off-by: Nathan Chen --- src/bhyve/bhyve_parse_command.c | 2 +- src/conf/domain_conf.c | 13 +++++++++-- src/conf/domain_conf.h | 5 ++++- src/libxl/xen_common.c | 2 +- src/libxl/xen_xl.c | 2 +- src/lxc/lxc_native.c | 2 +- src/qemu/qemu_domain.c | 40 +++++++++++++++++++++++++++++++++ src/qemu/qemu_domain.h | 18 +++++++++++++++ src/vbox/vbox_common.c | 2 +- tests/virhostdevtest.c | 2 +- 10 files changed, 79 insertions(+), 9 deletions(-) diff --git a/src/bhyve/bhyve_parse_command.c b/src/bhyve/bhyve_parse_comman= d.c index d62ea64beb..8b405206bd 100644 --- a/src/bhyve/bhyve_parse_command.c +++ b/src/bhyve/bhyve_parse_command.c @@ -687,7 +687,7 @@ bhyveParsePassthru(virDomainDef *def G_GNUC_UNUSED, return -1; } =20 - hostdev =3D virDomainHostdevDefNew(); + hostdev =3D virDomainHostdevDefNew(NULL); hostdev->mode =3D VIR_DOMAIN_HOSTDEV_MODE_SUBSYS; hostdev->source.subsys.type =3D VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; =20 diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 541dad5bdc..f950f7c75d 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -2733,6 +2733,8 @@ virDomainHostdevDefClear(virDomainHostdevDef *def) case VIR_DOMAIN_HOSTDEV_MODE_LAST: break; } + + g_clear_pointer(&def->privateData, virObjectUnref); } =20 =20 @@ -3483,7 +3485,7 @@ void virDomainVideoDefFree(virDomainVideoDef *def) =20 =20 virDomainHostdevDef * -virDomainHostdevDefNew(void) +virDomainHostdevDefNew(virDomainXMLOption *xmlopt) { virDomainHostdevDef *def; =20 @@ -3491,6 +3493,13 @@ virDomainHostdevDefNew(void) =20 def->info =3D g_new0(virDomainDeviceInfo, 1); =20 + if (xmlopt && xmlopt->privateData.hostdevNew && + !(def->privateData =3D xmlopt->privateData.hostdevNew())) { + VIR_FREE(def->info); + VIR_FREE(def); + return NULL; + } + return def; } =20 @@ -13678,7 +13687,7 @@ virDomainHostdevDefParseXML(virDomainXMLOption *xml= opt, =20 ctxt->node =3D node; =20 - def =3D virDomainHostdevDefNew(); + def =3D virDomainHostdevDefNew(xmlopt); =20 if (virXMLPropEnumDefault(node, "mode", virDomainHostdevModeTypeFromSt= ring, VIR_XML_PROP_NONE, diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index cb35ff06bd..8f53ed96c0 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -364,6 +364,8 @@ struct _virDomainHostdevDef { */ virDomainNetDef *parentnet; =20 + virObject *privateData; + virDomainHostdevMode mode; virDomainStartupPolicy startupPolicy; bool managed; @@ -3588,6 +3590,7 @@ struct _virDomainXMLPrivateDataCallbacks { virDomainXMLPrivateDataNewFunc vsockNew; virDomainXMLPrivateDataNewFunc cryptoNew; virDomainXMLPrivateDataNewFunc graphicsNew; + virDomainXMLPrivateDataNewFunc hostdevNew; virDomainXMLPrivateDataNewFunc networkNew; virDomainXMLPrivateDataNetParseFunc networkParse; virDomainXMLPrivateDataNetFormatFunc networkFormat; @@ -3797,7 +3800,7 @@ virDomainVideoDef *virDomainVideoDefNew(virDomainXMLO= ption *xmlopt); void virDomainVideoDefFree(virDomainVideoDef *def); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainVideoDef, virDomainVideoDefFree); void virDomainVideoDefClear(virDomainVideoDef *def); -virDomainHostdevDef *virDomainHostdevDefNew(void); +virDomainHostdevDef *virDomainHostdevDefNew(virDomainXMLOption *xmlopt); void virDomainHostdevDefFree(virDomainHostdevDef *def); void virDomainHubDefFree(virDomainHubDef *def); void virDomainRedirdevDefFree(virDomainRedirdevDef *def); diff --git a/src/libxl/xen_common.c b/src/libxl/xen_common.c index 890ef11723..e6a372e078 100644 --- a/src/libxl/xen_common.c +++ b/src/libxl/xen_common.c @@ -445,7 +445,7 @@ xenParsePCI(char *entry) } } =20 - hostdev =3D virDomainHostdevDefNew(); + hostdev =3D virDomainHostdevDefNew(NULL); hostdev->managed =3D false; hostdev->writeFiltering =3D filtered; hostdev->source.subsys.type =3D VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; diff --git a/src/libxl/xen_xl.c b/src/libxl/xen_xl.c index b2ff0edcf2..e62302736b 100644 --- a/src/libxl/xen_xl.c +++ b/src/libxl/xen_xl.c @@ -930,7 +930,7 @@ xenParseXLUSB(virConf *conf, virDomainDef *def) key =3D nextkey; } =20 - hostdev =3D virDomainHostdevDefNew(); + hostdev =3D virDomainHostdevDefNew(NULL); hostdev->managed =3D false; hostdev->source.subsys.type =3D VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE= _USB; hostdev->source.subsys.u.usb.bus =3D busNum; diff --git a/src/lxc/lxc_native.c b/src/lxc/lxc_native.c index 7700804429..a94427b027 100644 --- a/src/lxc/lxc_native.c +++ b/src/lxc/lxc_native.c @@ -376,7 +376,7 @@ lxcCreateNetDef(const char *type, static virDomainHostdevDef * lxcCreateHostdevDef(const char *data) { - virDomainHostdevDef *hostdev =3D virDomainHostdevDefNew(); + virDomainHostdevDef *hostdev =3D virDomainHostdevDefNew(NULL); hostdev->mode =3D VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES; hostdev->source.caps.type =3D VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET; hostdev->source.caps.u.net.ifname =3D g_strdup(data); diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index ac56fc7cb4..85eea1801f 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1238,6 +1238,45 @@ qemuDomainNetworkPrivateFormat(const virDomainNetDef= *net, } =20 =20 +static virClass *qemuDomainHostdevPrivateClass; + +static void +qemuDomainHostdevPrivateDispose(void *obj) +{ + qemuDomainHostdevPrivate *priv =3D obj; + + VIR_FORCE_CLOSE(priv->vfioDeviceFd); +} + + +static int +qemuDomainHostdevPrivateOnceInit(void) +{ + if (!VIR_CLASS_NEW(qemuDomainHostdevPrivate, virClassForObject())) + return -1; + + return 0; +} + +VIR_ONCE_GLOBAL_INIT(qemuDomainHostdevPrivate); + +virObject * +qemuDomainHostdevPrivateNew(void) +{ + qemuDomainHostdevPrivate *priv; + + if (qemuDomainHostdevPrivateInitialize() < 0) + return NULL; + + if (!(priv =3D virObjectNew(qemuDomainHostdevPrivateClass))) + return NULL; + + priv->vfioDeviceFd =3D -1; + + return (virObject *) priv; +} + + /* qemuDomainSecretInfoSetup: * @priv: pointer to domain private object * @alias: alias of the secret @@ -3563,6 +3602,7 @@ virDomainXMLPrivateDataCallbacks virQEMUDriverPrivate= DataCallbacks =3D { .chrSourceNew =3D qemuDomainChrSourcePrivateNew, .vsockNew =3D qemuDomainVsockPrivateNew, .graphicsNew =3D qemuDomainGraphicsPrivateNew, + .hostdevNew =3D qemuDomainHostdevPrivateNew, .networkNew =3D qemuDomainNetworkPrivateNew, .networkParse =3D qemuDomainNetworkPrivateParse, .networkFormat =3D qemuDomainNetworkPrivateFormat, diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 3396f929fd..e91435c062 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -461,6 +461,18 @@ struct _qemuDomainTPMPrivate { }; =20 =20 +#define QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev) \ + ((qemuDomainHostdevPrivate *) (hostdev)->privateData) + +typedef struct _qemuDomainHostdevPrivate qemuDomainHostdevPrivate; +struct _qemuDomainHostdevPrivate { + virObject parent; + + /* VFIO device file descriptor for iommufd passthrough */ + int vfioDeviceFd; +}; + + void qemuDomainNetworkPrivateClearFDs(qemuDomainNetworkPrivate *priv); =20 @@ -1174,3 +1186,9 @@ qemuDomainCheckCPU(virArch arch, bool qemuDomainMachineSupportsFloppy(const char *machine, virQEMUCaps *qemuCaps); + +virObject * +qemuDomainHostdevPrivateNew(void); + +int +qemuProcessOpenVfioFds(virDomainObj *vm); diff --git a/src/vbox/vbox_common.c b/src/vbox/vbox_common.c index 26c5fdfef6..d2a8cf8da4 100644 --- a/src/vbox/vbox_common.c +++ b/src/vbox/vbox_common.c @@ -3090,7 +3090,7 @@ vboxHostDeviceGetXMLDesc(struct _vboxDriver *data, vi= rDomainDef *def, IMachine * def->hostdevs =3D g_new0(virDomainHostdevDef *, def->nhostdevs); =20 for (i =3D 0; i < def->nhostdevs; i++) - def->hostdevs[i] =3D virDomainHostdevDefNew(); + def->hostdevs[i] =3D virDomainHostdevDefNew(NULL); =20 for (i =3D 0; i < deviceFilters.count; i++) { PRBool active =3D PR_FALSE; diff --git a/tests/virhostdevtest.c b/tests/virhostdevtest.c index aec474a148..a35c1d9402 100644 --- a/tests/virhostdevtest.c +++ b/tests/virhostdevtest.c @@ -124,7 +124,7 @@ myInit(void) =20 for (i =3D 0; i < nhostdevs; i++) { virDomainHostdevSubsys *subsys; - hostdevs[i] =3D virDomainHostdevDefNew(); + hostdevs[i] =3D virDomainHostdevDefNew(NULL); if (!hostdevs[i]) goto cleanup; hostdevs[i]->mode =3D VIR_DOMAIN_HOSTDEV_MODE_SUBSYS; --=20 2.43.0 From nobody Thu Jan 8 11:56:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1766111216638486.05496885598416; Thu, 18 Dec 2025 18:26:56 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id CDC244195C; Thu, 18 Dec 2025 21:26:54 -0500 (EST) Received: from [172.19.199.83] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 3A2A941ABC; Thu, 18 Dec 2025 21:20:00 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 28867419A5; Thu, 18 Dec 2025 21:19:41 -0500 (EST) Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11010067.outbound.protection.outlook.com [52.101.193.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id A7A474184D for ; Thu, 18 Dec 2025 21:19:35 -0500 (EST) Received: from SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) by CH1PPFC908D89D1.namprd12.prod.outlook.com (2603:10b6:61f:fc00::623) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.8; Fri, 19 Dec 2025 02:19:30 +0000 Received: from SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc]) by SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc%7]) with mapi id 15.20.9434.001; Fri, 19 Dec 2025 02:19:30 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rdcP7s9huVQEq8dpV82Kg1iXJXxs6e84O+bgbv3VJw6a6eQKzrKQQPhsB4NAx5jOVTtZOD2c77sxyQeUlQQuGInfj8JkaXraj1I6kNRDQ13FNh4+AiPlTJ0OiZweIrmbBMthpns/3eOCRAeUJAZku1V/qqZ3fRbZjukCApK5nQIsHtfq801gto2xPnBmvBpZGzbW9ZdYI5piuz3+NXAm0Ob0Fj93Yz3Z4pgqRUMZRspcsv5QgZKp+8fulBwPiy6dmsqWL4up0FvNDKUVL5sh4jIPgOZBwQ92zaVv6CVeO4eESUVP2nZt6K8ut4V+rbYJA5l6NnyIMzzT95zGZjQKyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kcbJgO+UTRtwzKp84gqqA/6UzdZm0uI8P6XuoWWvwMg=; b=sPdb8YCnw7czevbOue3M2ai/iZMB1gA4QRoNK6u9DdX4SKarL3SmLzzBiTX12/C/qILI50FOv99rWU0FhENTQu9b4iREfgHlOasfjesi/pLA65CHz2PYmpC/UIkE/W+zUlg7qKjehdZ+KpQZHgRJDDJmBzEQRLbagF2skLMayO+Bytshy+IKgbYvhv04MUq3r3YZdcBJ//nguqIvZcKGY9OT1lSJFATzFl6izofdnNWWN/i2GFQRkcmKnflg6p8ZudUfL9lMOPDtGDBhJuiB9/ByeBOlcSo+BjqyP6avH04SsBety7IMC/35oWE/sPdL/2nDS9Vp+hs3trcsqxbgIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kcbJgO+UTRtwzKp84gqqA/6UzdZm0uI8P6XuoWWvwMg=; b=YEIe0RCIPFl6QrVNGt8u8Et+r7FklDR4Og26NG1NHfjxKBuWNcXONXRH1u7VOk5fdwT2VbXd1/9MGA9bicisyqtzqnjwPWN7mz82YEfstEDY0xQziGtUk4hL2wu0gt7CmorCmmb3T5Ap8nkJK/MWzMqxRDnxkCWu0HE71SKp7WqEO1CASjnTc2BoAhbkVEP78L9priYzmdqDo7rOAyni+jfp2FSOMfDe1KJnHe6L6srvJWKHaLcOuB9cnaf3h5N4NWnO9dS06pbb3XM9jL6MuA3kKFrtlQmqm58T6Xf8yeRVl9gc0gIGCEJpLVeI1U1zjJRxIpsWJ1e16rsy5Lz1XA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v3 3/7] qemu: open VFIO FDs from libvirt backend Date: Thu, 18 Dec 2025 18:19:21 -0800 Message-ID: <20251219021925.1864433-4-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251219021925.1864433-1-nathanc@nvidia.com> References: <20251219021925.1864433-1-nathanc@nvidia.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BY3PR03CA0019.namprd03.prod.outlook.com (2603:10b6:a03:39a::24) To SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN7PR12MB6838:EE_|CH1PPFC908D89D1:EE_ X-MS-Office365-Filtering-Correlation-Id: 278b1b4d-d5ee-461f-95fe-08de3ea50a84 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: =?utf-8?B?R2Q1V3k0akxnblMrV1JtZE5Fek9ERFVxQkZveGVJQy8zVXl3eW1tdEtURTll?= =?utf-8?B?UFl3UXN4NFpjcmxPYkkxSnZqNDRGVFdoKzl5cmx4WFlBcHpBWENyY0RoVThP?= =?utf-8?B?NUEzVTdqQWVBaUE0NktzaVI3b2FUZlBQRWJsY0lGV04rSXc4ZjdnbG1qUjcv?= =?utf-8?B?VmlnVnV3UDRNRmVGaGs5aDJ5QTZhOHlvcDMxNXV5SmlWdWpGNUJPaEZ0SlFu?= =?utf-8?B?ZnZhWlRyTEp2a1pyTnk3eURqaW9reWxWVVN2SlZXb0VtM21XVjllTVBEcGZq?= =?utf-8?B?bFNnM2Q5U2lvTGtIUU5OVGlONFZhazk5YjdRNDlYNUgzWFhqVkJndEhjeW5p?= =?utf-8?B?QU1aNnA5ekRLei9Dc05oWko2NUdsZkxPcEtPTUVweXQ2OEUyRGdiZmE0TjYr?= =?utf-8?B?SFhVWXBSSFpVbTlQYTFUamdqVjhMQjl5dEptTXk5UW9UYlk4QzJ1RkhwcnBn?= =?utf-8?B?OFRPOWg3TC9Ja2tOVjN3bVhGcFN2MjM2S0c4bkVFRDZpa0MwTFk1NlNGazRT?= =?utf-8?B?d1ZDQU9iS053T2NLazkxdEF1aU4wamloQzdlbG1iSEQ5S0JCcTQvMk9JL0lK?= =?utf-8?B?MHJUeEtBcENKUUF3QzdMRkI5bWtpM2IwNjJzaWE0MHRVWHJVQnBKNytjM3k4?= =?utf-8?B?bGt2RTRFR0FlQ0syT2o4NkVRME1HakVJWVVrNjN2MlFRbitkTmlUTFRXVHZm?= =?utf-8?B?QlVnU0I0S0dWZFh0d1Y1TnJDNnYxS2Z4dFRwWkRibTdWR1QwQUFtKzVVRzZa?= =?utf-8?B?dWwzU1IvV0dIYm5OU3Z3b2VvTnhtc2hjL0RSR0pjV01KS3hRaUhYQ2ExMEtE?= =?utf-8?B?bXZReGE4c2lLSHBSQWU4SHIwMHdkSHEzWHVQc3Iydm9pejZaRkNIZzhneUlB?= =?utf-8?B?S1RNOTZKSThWb2U0MWpnNmdVWGNKQS9GcWQ1MDJocGhBMmNBV1VGcHJXUEgz?= =?utf-8?B?MTFYVE1haHgzb3VVY1hGQ0pFR3VoU0t2UlRxTFFUNzE0SzNSendCaS9FWlpH?= =?utf-8?B?ei8vRGZFdVRaY2xoeU95emMrYnczSmFzWnI4U0JXbG1lWE1NUkZpM1Jjd0ZD?= =?utf-8?B?NWZIYWZiVitjQ2JzSGovclhYd2UrcElhSVpESTVlRE5pbVd1citvWjdSWUdz?= =?utf-8?B?UUVLZ3F6L3JLYkVaR2RoOFJObzc1dzNTSnVVOGxMMFZUYkFHa1IzUDF0MXds?= =?utf-8?B?SmFFYmNDMUdnQmJEWS9NUk9LWVF6bU1DNHMzbUFpazZsSDV4bXpxRDNxdmVV?= =?utf-8?B?N21xWXdCTEgyYVFTZEwxZEVyR2V5cmRBSFpZRVEyQW85TDJZVXplMS9kU01E?= =?utf-8?B?Y0tZSXlLQ2RjTWVMZVpxbEtEQTRjZ0d0WFY2NTVMOFVYcDJtSHo5aXYvTE0r?= =?utf-8?B?VEJzZFZISEJyanFJT0RNVmNaUjB2V291S2VQdnhOMmJRQTFvSTVuYURhNUpK?= =?utf-8?B?KzhJNXhVS3dDbnhDQ2NwQ2RUQ0FsZWxGNEFsY2N1Y0NrbDBid0t0bkxPc21p?= =?utf-8?B?OHd0OGc3VUNwUWpIM29OVEpXYmFiRWVwLzFFYStsYkxhRTdvMm5tWEpOMGRX?= =?utf-8?B?RzkzSXVTeFBSMzFoVllWRW01cnZENG1oa29CdUVnZjJmNnZwaG9rUmErMlJS?= =?utf-8?B?V1pGWktUWmt5Y0t5ajlDaVg0ZmxlOWZaSGhCYnZuZ2krb1J1cmRWV0xKOVZK?= =?utf-8?B?aVNiVSt5OWlGMUxMWFFYMlRMV0xRU3pHaHd0M1pjVmUwQlRMaEcxNEwxU1ZM?= =?utf-8?B?MktJWTY0VzBFV294ajRwZkZpaCtVdXdLc21qODdCclhtY2VqRjVrV3ZhMGly?= =?utf-8?B?Y0o2OElGMi9sZi9oODA0d0VCTytURHZ4TGw1T3E3QzdtUWRxYWF2WFBRVXhp?= =?utf-8?B?ODN2bVo3OWdHbUFRTDRlK2VrM2ptdFloRmEzZ1o4a2ZyUVRLSDY0cWJ5NG5K?= =?utf-8?Q?0p0QVoraRlshqv8mx5y2zYgJIIqCHHBR?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR12MB6838.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?aWxXeFBFOFRoV2pqMTF5UjZjYXRQMmJXeWRjNFNOb1dkVFdNcVdpMTZ2dzBE?= =?utf-8?B?eXczKzZ6VnpySE85UGdrU3hYWXE3TjBWKzQ4RlpVMGUxK0dzU1J2U0puNmVB?= =?utf-8?B?dDNBSHpma0RFNy81aFBLZi9EM3MyS3BCOFlYUzRuN3cyb2lSZ2U2Z2ZtT3dT?= =?utf-8?B?TlVNS3FQZi82elVaSTNOMUg5Sk82ZkZ6R2VoZ1BXZDU1TUU1OHZyUWVjUFdL?= =?utf-8?B?N0EvVkJteFFuUmVtUld0OU1JN2Rkblc1Y01tK3dXcXZlNWQxSVh1ZU4xdEdE?= =?utf-8?B?ZitNdkhXOW8wZ05ScVJwZXBuZkRnUjkycHpmYUgwWWxBRU5lK3p2aWM5RWM4?= =?utf-8?B?Q013MkgwS0RJK2oxRks5U0pDa25uaVladVN2YTBKT2dRSCtuSlV2L3lFU3Jj?= =?utf-8?B?S1RjdUdnVnltdUtHdko4MW5LdTFxZ2lWYWZVV3kvQ0hqNHJQbmpvYmMrbXJ4?= =?utf-8?B?RHZsZ01BanVOaFJUMmw3VTZyVXh5Wk5Gb1lBUTUzWURWTUw4Njc2SElYNjhn?= =?utf-8?B?cnNKSDgzQXoyNWNDZnlqSDFnSmlncVlFRTZsaW9FeHpibFMva2lUQkJNVFZR?= =?utf-8?B?TWl2L1NmaVNLOEI0TkdwMzBuUS9BRHlFam9xc25iTzlZUjBjWFp0UTk3RCs0?= =?utf-8?B?UmpjbmQzR0xkYTIvNWJxc05hTVlDMjVRVTFxNU9sbHljbFBQbDUxY2grb25V?= =?utf-8?B?MzBFUUtZMStZMjdKejUzcTFiQTJ0eUd2dzNoVmtPeW1NRElIUkJTaDRpK3BR?= =?utf-8?B?TWZJT1g5VDVoTVlOTTF6ZVZpNDZnNmp2eEhWWmtNbWtuMG9Fam5uV3JhWGhS?= =?utf-8?B?ejdCWm9iUW1WNkQxSTVienE1ZXFzeWtKY09zMGNLdDdVcE1JOCtmYnFncURl?= =?utf-8?B?S0QrUGNmYnd0VFZNSXF5VTBxbVVYeWY1c0lUV240ek5uK2FZRzdmaVYveEl4?= =?utf-8?B?WUZHeWc4ZVJxVnk3d1VSZGdXaXpUbXJOalN2c1JJUDZPZkxRNjMvQ2gvcGJ6?= =?utf-8?B?bjVUSks5MmNERjQxSkp1MHZZTVhRNkdxbGFDYXJLU25aREZLUXFqRllJL2pJ?= =?utf-8?B?dDVlQk5ZL2pIWkRCN3lFUHFJTWNYdnEwb1pFTjRFMEMrSEZ2OTQwZ2RTZW1J?= =?utf-8?B?VTNxQUNYcExsZDZlbGNib2Q2cVNmQnRDY0RXVjJ0SDRqZTc3dHVpNzIzUlZM?= =?utf-8?B?SlRSbHZFRHFyNjlST0VxSVVBeG5sb21hdGFXR1Z1UkVUUXZocmJXbWc1UXQy?= =?utf-8?B?SGh5YWVaMUx2QXhNL3NZR3RsRythaGZ3bEwxWHFUTmlHMmJrcmR2UnEycnAy?= =?utf-8?B?UzQ4dHVsY0hWby9vT2ZNY0EzdWpCT1VFajhGMEVvdXdlYWpkdXFhRTFQWmpx?= =?utf-8?B?OWhHbnE1RlhBWjFka1I4cE52ZFdvWFN0VUFJUTd5V0IrVTd4WUZ4UUplbmFM?= =?utf-8?B?M1lwQ2NlUkUyazg1cU4vOGtpeDNTc2hXV0ZWRiticXlHUXd1anpyT0VuM0NL?= =?utf-8?B?QkpKcU5ydHprWXB1a2E5RmgyeGtmeWdqV0lUeFZ6amtPV244Q1BxcitMRTZF?= =?utf-8?B?ZWhUOFVuTDErWGZaNVFsRUZ2WHE1VFpXaVJPUWU4RTcvR2F2Tjg5emhJc1py?= =?utf-8?B?a1RqQlNnd3NqOU5UMGw1WFRzYTJiMlpzTDJnQU1ZTFB5U1NITDg4ckZVS09Y?= =?utf-8?B?aDR4cCsvbXlNTkc5UXp1RW9LVWNPTlA5R0p4MUcza2NUWHBhYXNxbTV1Yysw?= =?utf-8?B?UWlzeUMxcHhEWjc1TjZvUmFQdGszbVZhczg1NjFlMEFsbzAxbmp1K1AyRVFN?= =?utf-8?B?a1BWWUpIN0lEQnRjRXNPdFNFQzBNaDVLN3hheklhOW9NZEZOdDROQkRxRjUw?= =?utf-8?B?N0JiYVFhKzVaOWMzVGdvd2NUclROYTBLMlBQV3REMVJiR0E2NUpVaThsSmxw?= =?utf-8?B?V3Q0amRUdFdURjQ3R0M0c09vbjdCQUY4SUYyMFhTWDNCU09RWC9JOU9JV3Vr?= =?utf-8?B?cXNSZ3pUaTd5Nm4xZEhpamlYS3pkSCtNMnNnYTA4aFdXUmk1ZXZTb3VTRzU1?= =?utf-8?B?c2xhWW9FbW1iV2VMRmZZcUZDcFRKRWxMSkpWVTBXU3VQMW00Mjl3TFl6eXVp?= =?utf-8?Q?Qgwylu/xT99kJnRH7QP5LTyTR?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 278b1b4d-d5ee-461f-95fe-08de3ea50a84 X-MS-Exchange-CrossTenant-AuthSource: SN7PR12MB6838.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2025 02:19:30.1202 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: O02PClAfYn3IIholoKfrQOSB7VewIs6X7FsNC7d3rkAvNiTOfMc1NIA0vzq40VdhE6rivpvvSfK07yceiJ8B/Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH1PPFC908D89D1 Message-ID-Hash: NTEUSDOT4UBKB2YSIY43WLSKUV2OKVAZ X-Message-ID-Hash: NTEUSDOT4UBKB2YSIY43WLSKUV2OKVAZ X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1766111217581158500 From: Nathan Chen Open VFIO FDs from libvirt backend without exposing these FDs to XML users, i.e. one per iommufd hostdev for /dev/vfio/devices/vfioX, and pass the FD to qemu command line. Suggested-by: J=C3=A1n Tomko Signed-off-by: Nathan Chen --- src/libvirt_private.syms | 1 + src/qemu/qemu_command.c | 21 +++++++++++ src/qemu/qemu_process.c | 79 ++++++++++++++++++++++++++++++++++++++++ src/util/virpci.c | 69 +++++++++++++++++++++++++++++++++++ src/util/virpci.h | 2 + 5 files changed, 172 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 4e57e4a8f6..ed2b0d381e 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -3159,6 +3159,7 @@ virPCIDeviceGetStubDriverName; virPCIDeviceGetStubDriverType; virPCIDeviceGetUnbindFromStub; virPCIDeviceGetUsedBy; +virPCIDeviceGetVfioPath; virPCIDeviceGetVPD; virPCIDeviceHasPCIExpressLink; virPCIDeviceIsAssignable; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 98e4469c25..2a16f9df63 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -4809,6 +4809,18 @@ qemuBuildPCIHostdevDevProps(const virDomainDef *def, NULL) < 0) return NULL; =20 + if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_VFIO= && + pcisrc->driver.iommufd =3D=3D VIR_TRISTATE_BOOL_YES) { + qemuDomainHostdevPrivate *hostdevPriv =3D QEMU_DOMAIN_HOSTDEV_PRIV= ATE(dev); + + if (hostdevPriv->vfioDeviceFd !=3D -1) { + g_autofree char *fdstr =3D g_strdup_printf("%d", hostdevPriv->= vfioDeviceFd); + if (virJSONValueObjectAdd(&props, "S:fd", fdstr, NULL) < 0) + return NULL; + hostdevPriv->vfioDeviceFd =3D -1; + } + } + if (qemuBuildDeviceAddressProps(props, def, dev->info) < 0) return NULL; =20 @@ -5253,6 +5265,15 @@ qemuBuildHostdevCommandLine(virCommand *cmd, if (qemuCommandAddExtDevice(cmd, hostdev->info, def, qemuCaps)= < 0) return -1; =20 + if (subsys->u.pci.driver.iommufd =3D=3D VIR_TRISTATE_BOOL_YES)= { + qemuDomainHostdevPrivate *hostdevPriv =3D QEMU_DOMAIN_HOST= DEV_PRIVATE(hostdev); + + if (hostdevPriv->vfioDeviceFd !=3D -1) { + virCommandPassFD(cmd, hostdevPriv->vfioDeviceFd, + VIR_COMMAND_PASS_FD_CLOSE_PARENT); + } + } + if (!(devprops =3D qemuBuildPCIHostdevDevProps(def, hostdev))) return -1; =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 0e50cd1ccc..ab88a6bf62 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -103,6 +103,7 @@ #include "storage_source.h" #include "backup_conf.h" #include "storage_file_probe.h" +#include "virpci.h" =20 #include "logging/log_manager.h" #include "logging/log_protocol.h" @@ -8181,6 +8182,9 @@ qemuProcessLaunch(virConnectPtr conn, if (qemuExtDevicesStart(driver, vm, incomingMigrationExtDevices) < 0) goto cleanup; =20 + if (qemuProcessOpenVfioFds(vm) < 0) + goto cleanup; + if (!(cmd =3D qemuBuildCommandLine(vm, incoming ? "defer" : NULL, vmop, @@ -10360,3 +10364,78 @@ qemuProcessHandleNbdkitExit(qemuNbdkitProcess *nbd= kit, qemuProcessEventSubmit(vm, QEMU_PROCESS_EVENT_NBDKIT_EXITED, 0, 0, nbd= kit); virObjectUnlock(vm); } + +/** + * qemuProcessOpenVfioDeviceFd: + * @hostdev: host device definition + * @vfioFd: returned file descriptor + * + * Opens the VFIO device file descriptor for a hostdev. + * + * Returns: FD on success, -1 on failure + */ +static int +qemuProcessOpenVfioDeviceFd(virDomainHostdevDef *hostdev) +{ + g_autofree char *vfioPath =3D NULL; + int fd =3D -1; + + if (hostdev->mode !=3D VIR_DOMAIN_HOSTDEV_MODE_SUBSYS || + hostdev->source.subsys.type !=3D VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PC= I) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("VFIO FD only supported for PCI hostdevs")); + return -1; + } + + if (virPCIDeviceGetVfioPath(&hostdev->source.subsys.u.pci.addr, &vfioP= ath) < 0) + return -1; + + VIR_DEBUG("Opening VFIO device %s", vfioPath); + + if ((fd =3D open(vfioPath, O_RDWR | O_CLOEXEC)) < 0) { + if (errno =3D=3D ENOENT) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("VFIO device %1$s not found - ensure device i= s bound to vfio-pci driver"), + vfioPath); + } else { + virReportSystemError(errno, + _("cannot open VFIO device %1$s"), vfioPa= th); + } + return -1; + } + + VIR_DEBUG("Opened VFIO device FD %d for %s", fd, vfioPath); + return fd; +} + +/** + * qemuProcessOpenVfioFds: + * @vm: domain object + * + * Opens all necessary VFIO file descriptors for the domain. + * + * Returns: 0 on success, -1 on failure + */ +int +qemuProcessOpenVfioFds(virDomainObj *vm) +{ + size_t i; + + /* Check if we have any hostdevs that need VFIO FDs */ + for (i =3D 0; i < vm->def->nhostdevs; i++) { + virDomainHostdevDef *hostdev =3D vm->def->hostdevs[i]; + qemuDomainHostdevPrivate *hostdevPriv =3D QEMU_DOMAIN_HOSTDEV_PRIV= ATE(hostdev); + + if (hostdev->mode =3D=3D VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && + hostdev->source.subsys.type =3D=3D VIR_DOMAIN_HOSTDEV_SUBSYS_T= YPE_PCI && + hostdev->source.subsys.u.pci.driver.name =3D=3D VIR_DEVICE_HOS= TDEV_PCI_DRIVER_NAME_VFIO && + hostdev->source.subsys.u.pci.driver.iommufd =3D=3D VIR_TRISTAT= E_BOOL_YES) { + /* Open VFIO device FD */ + hostdevPriv->vfioDeviceFd =3D qemuProcessOpenVfioDeviceFd(host= dev); + if (hostdevPriv->vfioDeviceFd =3D=3D -1) + return -1; + } + } + + return 0; +} diff --git a/src/util/virpci.c b/src/util/virpci.c index 90617e69c6..da62ece0f6 100644 --- a/src/util/virpci.c +++ b/src/util/virpci.c @@ -3320,3 +3320,72 @@ virPCIDeviceAddressFree(virPCIDeviceAddress *address) { g_free(address); } + +/** + * virPCIDeviceGetVfioPath: + * @addr: host device PCI address + * @vfioPath: returned VFIO device path + * + * Constructs the VFIO device path for a PCI hostdev. + * + * Returns: 0 on success, -1 on failure + */ +int +virPCIDeviceGetVfioPath(virPCIDeviceAddress *addr, + char **vfioPath) +{ + g_autofree char *addrStr =3D NULL; + + *vfioPath =3D NULL; + addrStr =3D virPCIDeviceAddressAsString(addr); + + /* First try: Direct lookup in device's vfio-dev subdirectory */ + { + g_autofree char *sysfsPath =3D NULL; + g_autoptr(DIR) dir =3D NULL; + struct dirent *entry =3D NULL; + + sysfsPath =3D g_strdup_printf("/sys/bus/pci/devices/%s/vfio-dev/",= addrStr); + + if (virDirOpen(&dir, sysfsPath) =3D=3D 1) { + while (virDirRead(dir, &entry, sysfsPath) > 0) { + if (STRPREFIX(entry->d_name, "vfio")) { + *vfioPath =3D g_strdup_printf("/dev/vfio/devices/%s", = entry->d_name); + return 0; + } + } + } + } + + /* Second try: Scan /sys/class/vfio-dev */ + { + g_autofree char *sysfsPath =3D g_strdup("/sys/class/vfio-dev"); + g_autoptr(DIR) dir =3D NULL; + struct dirent *entry =3D NULL; + + if (virDirOpen(&dir, sysfsPath) =3D=3D 1) { + while (virDirRead(dir, &entry, sysfsPath) > 0) { + g_autofree char *devLink =3D NULL; + g_autofree char *target =3D NULL; + + if (!STRPREFIX(entry->d_name, "vfio")) + continue; + + devLink =3D g_strdup_printf("/sys/class/vfio-dev/%s/device= ", entry->d_name); + + if (virFileResolveLink(devLink, &target) < 0) + continue; + + if (strstr(target, addrStr)) { + *vfioPath =3D g_strdup_printf("/dev/vfio/devices/%s", = entry->d_name); + return 0; + } + } + } + } + + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot find VFIO device for PCI device %1$s"), + addrStr); + return -1; +} diff --git a/src/util/virpci.h b/src/util/virpci.h index fc538566e1..24ede10755 100644 --- a/src/util/virpci.h +++ b/src/util/virpci.h @@ -296,6 +296,8 @@ void virPCIEDeviceInfoFree(virPCIEDeviceInfo *dev); =20 void virPCIDeviceAddressFree(virPCIDeviceAddress *address); =20 +int virPCIDeviceGetVfioPath(virPCIDeviceAddress *addr, char **vfioPath); + G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIDevice, virPCIDeviceFree); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIDeviceAddress, virPCIDeviceAddressFree= ); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIEDeviceInfo, virPCIEDeviceInfoFree); --=20 2.43.0 From nobody Thu Jan 8 11:56:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 17661112825981007.7836187612967; Thu, 18 Dec 2025 18:28:02 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id A660341A4C; Thu, 18 Dec 2025 21:28:01 -0500 (EST) Received: from [172.19.199.83] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id DEF7843E35; Thu, 18 Dec 2025 21:20:03 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 37045419E5; Thu, 18 Dec 2025 21:19:42 -0500 (EST) Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11010067.outbound.protection.outlook.com [52.101.193.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E544541862 for ; Thu, 18 Dec 2025 21:19:35 -0500 (EST) Received: from SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) by CH1PPFC908D89D1.namprd12.prod.outlook.com (2603:10b6:61f:fc00::623) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.8; Fri, 19 Dec 2025 02:19:31 +0000 Received: from SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc]) by SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc%7]) with mapi id 15.20.9434.001; Fri, 19 Dec 2025 02:19:31 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SwcCtd+C8jiSgL9gjnLtZuWflucGnmQAJxTgP5WL5u/gT9B1ylBiP5pl2I20Mm9orKLCh2KnPcTUuU9Mv5EJ7lecaNTqyBsjRv8DUnTAd4CS92GJPzIEC2Efv4pwluUEgG8lfbGaJ0/gyZd+eg+RGU8aDnhdzItWoElIpPCJVmntK5KSN2CH7unFjUMZUN7qqRWDt/K8l+rHzaBrkfP+7d23HWUz7i0lkz5Oci0vjrC+bj1IXX9gN5xHVXJarsf7QNTmVTluKeb1qVqbE8x/AZi6iuQTfANB0q08RdgjqZrzmro/rPj9YutWrY5DV6MIlLi8nFDGCu53h0oXb9zwXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hKlPFblDqq+/EYqr6xFizQ7wyHJX9IB0+f+ZZedorf0=; b=ho/GYyi+jvZW1T/1ou6CyIp2tMZvtz2boUuXTJDUY+P0w3EcgiD24BQst8WGXbx4MEMWYlvnI4I4QOhQpetneQvJ0PqaqmpKwQiLyhirlcEJ75qoOJjD580V1c3C+vZcbT5BoN1YDwbG27/k95GQuGP8m+IumEtghFhGdq75TrBm1MNSlHSlwIJRztDigCAkvRUqNWvviUeA1V+7hMt/EcxPEw2blGWsZflaXphTGd7JrCMmSkgpBV8WSmVWt3/CgOcrBdqrAIw0SYvivcf/zIB/QVSYRybs0TwyhV82Em7I3suWqVAddrDaVG8LqkdLsK47PQjR07tvyH3BiVkWQg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hKlPFblDqq+/EYqr6xFizQ7wyHJX9IB0+f+ZZedorf0=; b=mNyh7GiLhv8r0FJUQ2mWdG9KsTHVtyRVZWYk/Km1FHVSnO8L2OaNMpZxT0f58aXd8KccqSvM9HRWfs/DdJQaMUk7tytoHT7oVk8CbQq2dEW/xERTDvSj0+dtCTbUsDBs3St0VKxEGqiDZ3ZYd3Bd7bYTSaMWeeAatm27ID5AVSpfDrmG5CzEkl28galZlJPInT1t8dG6fSH0m/sS6/UxQZ9MFvq75AgVTRzgXT0nqvsgPq0SyTpQekUwD+gvSSEoF18d5i7k/+hQlZDp1mccvOVPyQ4YfIgS/9tUyGShxQoNnLQjHQqeofINxr7o22edKr8XwCTMK1VCe1Z2wwBcLg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v3 4/7] qemu: open iommufd FD from libvirt backend Date: Thu, 18 Dec 2025 18:19:22 -0800 Message-ID: <20251219021925.1864433-5-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251219021925.1864433-1-nathanc@nvidia.com> References: <20251219021925.1864433-1-nathanc@nvidia.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BYAPR04CA0019.namprd04.prod.outlook.com (2603:10b6:a03:40::32) To SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN7PR12MB6838:EE_|CH1PPFC908D89D1:EE_ X-MS-Office365-Filtering-Correlation-Id: a4d9556b-444a-411c-3afe-08de3ea50b1d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: =?utf-8?B?UlZUU2MraDZabS9uZ0lEMWlkWTVxUjlKNWlYZ0RML0I1eFZESEFmZzRJSGxB?= =?utf-8?B?Z3FHUkxwU3NMQzFrQlBVRDhGdkNSanpXdys4SnJBV0E3MzBpaVRuUFdEYUFi?= =?utf-8?B?cWxBU214cDV1aWtDNU9rQ1ZrMFhYdzhzZW4wcmZiRSttcWZjZFlSU2xEbzFZ?= =?utf-8?B?UnFUNG4zSU1EMXNsTG4wQ3pNRFdYYjBRSWhMZVdNeVNSdGZMOHFFSS9TL1NE?= =?utf-8?B?Yi96MEtnZkpaSmpzTkgwWElET2VDdUx4eTRJb01FTG43WUpzdGZKLzFBd2Zt?= =?utf-8?B?WWxWVHhOeGhhQ0UwbkxGVkkvc204cGdLYzBzSWFHcTU5a1lFa3FIbWdrSWhx?= =?utf-8?B?eGYyRkUrcmNoaTVGN0htdmg2VWowVUZ6a29sY281M2dCK1VEcUJmVWhtWlRY?= =?utf-8?B?RDFYSms1bkY4ei9hR3dWN3NQUTNZdHB5aWRZZEpnaE04WDNaVUdGb1ZhckRh?= =?utf-8?B?SHUrQVd5L0RtM2pJMUdQeUpSUUh4bGJTSThGTWdOSytRNjA3L2lCZUFuRW10?= =?utf-8?B?cTkvUGsvaEhJNHVwd0I4bnA2UkhNM0dTMHpSdS9vODl1NmVGZzBOT0xyd3ZK?= =?utf-8?B?Tnhha1RCV1JtRFpsb3ZLQ1JVRVVKV2UzQmt1eWE4Wkx4SzdEV2dibjNVTDZi?= =?utf-8?B?OFpQLzBJcGdvNmdMWUZCV2RVWWVOYmFVWms1WnQ0SithL0xrVXlVdEc5WjND?= =?utf-8?B?ZHE2emtWQ1RsWk1XbmNoSlNLYjRTSHA4MFM4bm1veElwUDVvMldWMGhiL2xk?= =?utf-8?B?L2w4bWdnaXU1VnNMSmFjbWlPdGF5S1BNV3dMZGZKNzNpRFJ0c1RyQ1pxaXJN?= =?utf-8?B?NDVDdFhGUjBPdEwvT3V0OFRUemgreHdXQ3AxRGJwdWN6RGorSEh5UW9BbUJ1?= =?utf-8?B?aUU5Z2JNTEcxNmR2dldUbkZMR3RlZnN4TENnZzJxck9rOEhHY2JJaGlOb3I4?= =?utf-8?B?N0NUbHgxTHdpTDBxUnVndnY5ajJMOVFGeStHemNzcVpQVmdVcG0xZ3lXNFhS?= =?utf-8?B?S29HSTZYb3ZjSC9nL2Jld0VEcHE5ZTZXUWFiLzZwY1NmdHRzUXRVNXpDVnRK?= =?utf-8?B?R1FZVGN2aEtPRzhnYlFvV2ZWaXlLOXYvb1VwWWVMUVppMzhQd2h5V0s3YXpl?= =?utf-8?B?eUVPVUltS2U1NnRTeVlOUkJYaWlTS3doVC9OSVFoKzgwVnVGZkJhL25EeWNB?= =?utf-8?B?MWRNaDZ3L0hrN3U2eGowNzJpRVVNelFtb21JYmgyM09BWUoxOWZrNTNHUkNK?= =?utf-8?B?N2JWOTdWYTFSOGYwTWN3ZG5FR3JBUUZkdlVHWmNOQjBjblRqWm9heDEyL3lm?= =?utf-8?B?ZS9XRkUyajNCaTlWa3hwTEErTU01bVZObVpwUC80OXNVTDh4YU1zOVF4MnRZ?= =?utf-8?B?K1Z1ZGd1SEZkMkcvdXJRRTRuUVcvYlRudXlmK3REQWtUdE5NU0VCYyt2OW50?= =?utf-8?B?TmJmR2hTSW81WW5tTHRQRWdBcHJPK2UwbndJVm92NFF4ekIvU2hZcVlEQlNr?= =?utf-8?B?T3lUVnJyUEs1WUk4cTJWbUdVQU1rbFhvK3MxSExERWNkSkZLWWdFSi9SSmZi?= =?utf-8?B?c0FMSU54U1QxU2lEczMzdkd1MEdyZU9Eai8rbzdMRHlNQmpsSEFKUGFZWmZn?= =?utf-8?B?NWtFVVExZkpUOWh4VU90Q0pFL2RhUS96Z0xpckxsRHRYaFVTM2p3TjFoS2to?= =?utf-8?B?YjFIOUZlQUdFdWJIbGV6azFVM1cwQnFZcTBQZDNDSHRuY3B2eTRYWHd1QzdU?= =?utf-8?B?WThDd2xFK0RBNTAwZzRXR0ZrWVpCY29IQ2xaeDY4MkV2bjVJMDlGQlcyZnZ3?= =?utf-8?B?QWxMNUNRQXZtRUZYYUE3dFVlZ2xkODBvUTZyKzRRS2ZMSnVDa3hvdmVvcnRh?= =?utf-8?B?WVMzWmFBU2R2a0lqUG9ka3FVMDF4QXd6eXl2UWhDYUFsOXR2RXBGanFBRmd3?= =?utf-8?Q?n5FzP2Y7+b+Nf70O+5D9KatmPSAdt9jx?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR12MB6838.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VkN1c1J3Tm9SSVBmbDFTMmZxMGNXMFBNRVpHZWxDckptZjRNRDI0aEV5SDcy?= =?utf-8?B?SFlIOHlsc25OaHo2dVM0a2lWVkIvQXowWG1mZVlYS2RIVWlNaVpmbHQvTzk3?= =?utf-8?B?NkJjZEVWRGxpQUFpYkprZzFhcjBadE9nNTdhYUlaRDVDMWNFd0gxa3JjckVs?= =?utf-8?B?OS9JOFJZUDBYaVlLbWNTa2h3Sk1LQTNFVnlUVTkxUElJS1BhTFZEdVZVcXl1?= =?utf-8?B?QlRMMExHd3VEVmsvZ3NHUi91eVR1N1hIRXRmN1NkZWNmc1V2YllueCtJdTZ0?= =?utf-8?B?TXBRVHVyb1dXN2orejVYaklEbzd0c2toVDR3SFdWVDREMnBpMXlMM0xKcjJn?= =?utf-8?B?OHh3c05rM1k3aE5VVmo4ckxCWmkrZUEwVFlxTkgvZy9FUHJLRkNLaEV2QnlW?= =?utf-8?B?NFY4NmFJSk5PYlFoMHUzMVBTQWxvT1R1MGhNS3ZOU1ZFRUZ3T0lVREZ0dm1m?= =?utf-8?B?dUdZRXBkU3Jwc0IwUUMzOWdTb2I2WDlRc0VhWnR0N3gzbm8vMmFmZjNVdG1q?= =?utf-8?B?QUZIdExPSlh0M0l6T3VQYVM2VDVHcVpJbGROTERta1dvSzJSUXdYaWVtMWJW?= =?utf-8?B?Rk5aRFdPVzRKWTlSdjVqQVM0Y3hDYlJCbVgvUW1IbVdvcWtoS2dsVWlyQWd5?= =?utf-8?B?SFlPQ1ZKbFV6YkhKUUVZZC9ueDRMUE1mOTBBVWtTYWo3dzZxa1krbGpLZ091?= =?utf-8?B?SFdiVFdYdFB4UkJTL1pmVTRBUFB2TGZYK1NiMkdJaitaakl3K3dxNGRrcEts?= =?utf-8?B?MWk0dHE4MVB2L1BDM2JIT29UeUdhbkgwZTdzUXZzMmhTZ1JZMWZMRW14S1kz?= =?utf-8?B?T0FMQXUrbTVHWmlOeFpZZmdrTCtGUlBwUWpvOUs1K2FnNEVrZi81clV5c1Y1?= =?utf-8?B?ak5QODMySWQ3d1Jjb0R6WWZLTDF1aktGaWpBbHhEU1E2dzN2OHJLNlh1bEZ3?= =?utf-8?B?N2Z6TVFtVXpIS2JkdFpZVVlCeEhzUmUzYkxXVEpzRHNTQmFSOS9lNFJuVFNS?= =?utf-8?B?eHZYWUJaNTIrMlZKNzdWNkhZaVptczdqTXVHYTRoZmd1RkMxcjl0cTQ0QW9N?= =?utf-8?B?T2hvbHFGV1ZDS2M3bnMybkxkWk9hb0ZSYkc1bHptUGtXcFRQM2xKV1ZnZU1l?= =?utf-8?B?ZWxrQ3J2aWtSaVRYVzl6NWF0SjlWM2tvMlVoTVFEYm9pL2M3dkUzcjFQNnlH?= =?utf-8?B?TWpTcXJkNlpoS3BZc2U4KzVScVJUZUE4OGRNM2dPMzNFR1o3b2tiSmdXN1Yv?= =?utf-8?B?YXVXbWRnZnI1dHlGblU0Ylk0by8zaHI1djg2cU9RWmVSbHN3Tmt5dFg0R2hS?= =?utf-8?B?SEhnakI2QjV0R2JmSzNXS0M1RDJPN0lYeGN3WXMrMHNCdlNjbi9EQ2NrUTB3?= =?utf-8?B?aEd0UXA4bFRHU1Vjc1YvSE5rbGZvSEF3RDJ1YTY4aGoya1I3TCtzd2JBL3pw?= =?utf-8?B?NU54S3VDZnI0WTM1SzNzUks1YWpBOVRWR3oybklrTlNnRytVZkMrVnd5RmxO?= =?utf-8?B?aExEanhGdjJ1NFpQellvczBnVVBvQ1o0eWR5cHB5QXZmQmNraTVuL1ZpTEcw?= =?utf-8?B?T2NhSy9ucGNaZ3RteklaVEFOSkFEQklyOXpKOXV1cXZoRVZyQ1BaVm9aM0hW?= =?utf-8?B?elZDb1g0UlFZcXlaWE9MV29MSUVFZjYrYmIwMEN6WVp2dTZiZjB1d3ZGd0Rs?= =?utf-8?B?S0tuUTh5NWlOdHdLMXhERCtETlNWMFZzL2hSWmRzWUx1Q2szUkoyc2lxblZX?= =?utf-8?B?bWFwdTQ5Q0dVT1JoSWZrYStXQ1Y1WmhQQlVObUFhTU91VDB5L2JKS2pCbm4z?= =?utf-8?B?RGthM1RIbXlDZ2Z5Z29XbnQ5TXVSOUlVaFhPeU91N1ArTFl5RVUraktPZ2FL?= =?utf-8?B?c2xpd0lRZFpmU3hRNlFRSi85YVU5RFBaRlZYRUF2TFlRanBZWUJtZDNMcDVH?= =?utf-8?B?ek40dEhqdVNNOCtFb0I3WjJJUXA1dVVacFBldzk4YmRyR2FpS0cwU1VJb0tz?= =?utf-8?B?OGt1VG1iZUtsZ0UrYnMwaGtPR0JwcDVwUnVyQWM1NU5rNmdNaFJCeEZwc2k0?= =?utf-8?B?YTZyQUE2TWJ3RVNNRGo5QUpVNTEvUmkwWTdkYmpzQVlPMWZiMWNlMVExdGpT?= =?utf-8?Q?KygoQts4Ye8Z3K50hZduunQyH?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: a4d9556b-444a-411c-3afe-08de3ea50b1d X-MS-Exchange-CrossTenant-AuthSource: SN7PR12MB6838.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2025 02:19:31.1130 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ut1T7XKK4eDU19sp7F0RxdyEzUewNVmn2odeTzEKyy4Tjv8EuDCQdBC39IZWZhhY39RFQjGTlzfRT90tHLDMlg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH1PPFC908D89D1 Message-ID-Hash: PWLGWW7JNDKUUW7IOEEV5CNC5WN6L2UV X-Message-ID-Hash: PWLGWW7JNDKUUW7IOEEV5CNC5WN6L2UV X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1766111283798158500 From: Nathan Chen Open iommufd FD from libvirt backend without exposing these FDs to XML users, i.e. one per domain for /dev/iommu, and pass the FD to qemu command line. Suggested-by: J=C3=A1n Tomko Signed-off-by: Nathan Chen --- src/qemu/qemu_command.c | 11 +++++++++-- src/qemu/qemu_domain.c | 1 + src/qemu/qemu_domain.h | 2 ++ src/qemu/qemu_process.c | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 52 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2a16f9df63..8053f9b453 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5348,9 +5348,13 @@ qemuBuildHostdevCommandLine(virCommand *cmd, =20 static int qemuBuildIOMMUFDCommandLine(virCommand *cmd, - const virDomainDef *def) + const virDomainDef *def, + virDomainObj *vm) { size_t i; + qemuDomainObjPrivate *priv =3D vm->privateData; + g_autofree char *fdstr =3D g_strdup_printf("%d", priv->iommufd); + =20 for (i =3D 0; i < def->nhostdevs; i++) { virDomainHostdevDef *hostdev =3D def->hostdevs[i]; @@ -5369,8 +5373,11 @@ qemuBuildIOMMUFDCommandLine(virCommand *cmd, if (subsys->u.pci.driver.iommufd !=3D VIR_TRISTATE_BOOL_YES) continue; =20 + virCommandPassFD(cmd, priv->iommufd, VIR_COMMAND_PASS_FD_CLOSE_PAR= ENT); + if (qemuMonitorCreateObjectProps(&props, "iommufd", "iommufd0", + "S:fd", fdstr, NULL) < 0) return -1; =20 @@ -10996,7 +11003,7 @@ qemuBuildCommandLine(virDomainObj *vm, if (qemuBuildRedirdevCommandLine(cmd, def, qemuCaps) < 0) return NULL; =20 - if (qemuBuildIOMMUFDCommandLine(cmd, def) < 0) + if (qemuBuildIOMMUFDCommandLine(cmd, def, vm) < 0) return NULL; =20 if (qemuBuildHostdevCommandLine(cmd, def, qemuCaps) < 0) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 85eea1801f..c5e1cd5279 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -2042,6 +2042,7 @@ qemuDomainObjPrivateAlloc(void *opaque) priv->blockjobs =3D virHashNew(virObjectUnref); priv->fds =3D virHashNew(g_object_unref); =20 + priv->iommufd =3D -1; priv->pidMonitored =3D -1; =20 /* agent commands block by default, user can choose different behavior= */ diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index e91435c062..18ced7ebba 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -264,6 +264,8 @@ struct _qemuDomainObjPrivate { /* named file descriptor groups associated with the VM */ GHashTable *fds; =20 + int iommufd; + char *memoryBackingDir; }; =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index ab88a6bf62..8863be2cb6 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -10365,6 +10365,37 @@ qemuProcessHandleNbdkitExit(qemuNbdkitProcess *nbd= kit, virObjectUnlock(vm); } =20 +/** + * qemuProcessOpenIommuFd: + * @vm: domain object + * @iommuFd: returned file descriptor + * + * Opens /dev/iommu file descriptor for the VM. + * + * Returns: FD on success, -1 on failure + */ +static int +qemuProcessOpenIommuFd(virDomainObj *vm) +{ + int fd =3D -1; + + VIR_DEBUG("Opening IOMMU FD for domain %s", vm->def->name); + + if ((fd =3D open("/dev/iommu", O_RDWR | O_CLOEXEC)) < 0) { + if (errno =3D=3D ENOENT) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("IOMMU FD support requires /dev/iommu device"= )); + } else { + virReportSystemError(errno, "%s", + _("cannot open /dev/iommu")); + } + return -1; + } + + VIR_DEBUG("Opened IOMMU FD %d for domain %s", fd, vm->def->name); + return fd; +} + /** * qemuProcessOpenVfioDeviceFd: * @hostdev: host device definition @@ -10419,6 +10450,7 @@ qemuProcessOpenVfioDeviceFd(virDomainHostdevDef *ho= stdev) int qemuProcessOpenVfioFds(virDomainObj *vm) { + qemuDomainObjPrivate *priv =3D vm->privateData; size_t i; =20 /* Check if we have any hostdevs that need VFIO FDs */ @@ -10430,10 +10462,18 @@ qemuProcessOpenVfioFds(virDomainObj *vm) hostdev->source.subsys.type =3D=3D VIR_DOMAIN_HOSTDEV_SUBSYS_T= YPE_PCI && hostdev->source.subsys.u.pci.driver.name =3D=3D VIR_DEVICE_HOS= TDEV_PCI_DRIVER_NAME_VFIO && hostdev->source.subsys.u.pci.driver.iommufd =3D=3D VIR_TRISTAT= E_BOOL_YES) { + /* Open VFIO device FD */ hostdevPriv->vfioDeviceFd =3D qemuProcessOpenVfioDeviceFd(host= dev); if (hostdevPriv->vfioDeviceFd =3D=3D -1) return -1; + + /* Open IOMMU FD */ + if (priv->iommufd =3D=3D -1) { + priv->iommufd =3D qemuProcessOpenIommuFd(vm); + if (priv->iommufd =3D=3D -1) + return -1; + } } } =20 --=20 2.43.0 From nobody Thu Jan 8 11:56:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1766111331066262.0704636208179; Thu, 18 Dec 2025 18:28:51 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id A7EB041927; Thu, 18 Dec 2025 21:28:49 -0500 (EST) Received: from [172.19.199.83] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id F2C7243E90; Thu, 18 Dec 2025 21:20:07 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id A04B441A9F; Thu, 18 Dec 2025 21:19:44 -0500 (EST) Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11010067.outbound.protection.outlook.com [52.101.193.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 2018141870 for ; Thu, 18 Dec 2025 21:19:36 -0500 (EST) Received: from SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) by CH1PPFC908D89D1.namprd12.prod.outlook.com (2603:10b6:61f:fc00::623) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.8; Fri, 19 Dec 2025 02:19:32 +0000 Received: from SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc]) by SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc%7]) with mapi id 15.20.9434.001; Fri, 19 Dec 2025 02:19:32 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=T7TqyPyw3H/Pv4btVQCFdZEQQd3HMxiAVpVlNXLLLnXf5ZF9Psg/Wj8SS+UhwVjImEdx6zbm+E9KE46+Oi8Y1GSgZ9dFVJOUk17SjZO9g/MgGIjdd3jHjm7u7VYWfSh2Lwwa9Fy8xX7QPBsjKP9SfsFcLla/af+KjKpjNbbxeXU+CHM57f3O4OLiJhfpzw/r/U65Kx5xXxGyQiAjkujiOaJZWD7LKBGKuj3MNtvCK5XmLJOo9Wc/+2o3ViC7ld5Gxh0XxqJ7TTKxe/Esl/DHEX/XNxqpJf6J3+MiLznitSCeDUCeArKvuoLl8MXMtmNiva9MIz18zDRcQ2Qv3aQGbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qnTi6MvRHgc2ISHP4A48Sy7w0jCDd7VTo9aHEala0VU=; b=VNaWhBwl429USz4q/zOp/2pK2psOGbG9lch9ad32uZc5qwv4LONGVXLM86XK+rJ/WHwT6BN3IMZDGFD8DM7HiC9bqzRJsrFoyWUjfy05WaoG8NZXC0m3/xMUqplJ9H6/SxIUN0A9VqwYfUgsvWrmMEns6qh2jCGKCqZmlvakIDp5MAQNEgAh0Qkbnhkemc6ITQP2TjUBwyRC8l3Cr5zdTAr8G8aiEo1gGnZLBZaOhQlpyUG7u5SdT+ViqFTzO64IK/DIpkPKjJ5tqCWijl3NBCZ3QKRV/onebV9C8ZujZLo3EvXXnSFFKkrs8B1MXKa1aG0SdphKZKH2WisqZo3pag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qnTi6MvRHgc2ISHP4A48Sy7w0jCDd7VTo9aHEala0VU=; b=Rnb+CfDoxpx916Jg0281ehK3fnttdEQ5CUtWbdraPJpMmUopc25rN9B/TaNcRPYJjdW38VHRdOI506JQtCcWgRQjcp+iTPnTENXywN4q0CKmiuhvRnvauI9qTkMEf2PuwtTiTXnTiVVJWk95Yz11GCu1CfIImow8cUJWjEVOf8cQzMLEV62gijO/qDyVJqfcdZgOM4xDxzTr5PvHNGlFHiWJeaxQwp+ZQTYkqJgF/3Sjo1MtVxo48ucXbJhO+5/y+Sr0Fn8RWawxZYdEXUGrbjfeNJTLUxH8m8slHFkedR0yPoRHHReysNkvrEKI7NzKn2WLgOoquKJxfMHrSdiIkQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v3 5/7] qemu: Set per-process memory accounting for iommufd Date: Thu, 18 Dec 2025 18:19:23 -0800 Message-ID: <20251219021925.1864433-6-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251219021925.1864433-1-nathanc@nvidia.com> References: <20251219021925.1864433-1-nathanc@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BY5PR16CA0030.namprd16.prod.outlook.com (2603:10b6:a03:1a0::43) To SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN7PR12MB6838:EE_|CH1PPFC908D89D1:EE_ X-MS-Office365-Filtering-Correlation-Id: 910c1591-413e-4fda-8604-08de3ea50baf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?hP4EypuGhOuumk9TWqMhRDcUMCjiLDE66VSuaeHRHIzUlWjceBSF63X1dJuj?= =?us-ascii?Q?bDoASFQq0Itw8E1MmaXaqvPu9B6HCy0wzjYb0iittw9/KogbirvYw2+IuUDW?= =?us-ascii?Q?kAVEDZcMRwJZNbGENQiwRAfw86DYQzLtl9zcqBeX8dYUWIbJld/ZFmjwq2sX?= =?us-ascii?Q?pH4+T6S1hzkGycOoqUVn26KPRtbucM06VJTO9BbAdICXQOG1f6rY6JpHdU0b?= =?us-ascii?Q?l8KQiaxuItirPpZZzzPZfJUmG8ZCoR4OXJAty2jFoi3Rkhd7x640HGKSJx69?= =?us-ascii?Q?2XnJWEVI+/zOn37QaLINeW40zOWtk21k2HqUuWjn1uKMaxpnlPx2MmxvH9bY?= =?us-ascii?Q?L9plqz8f/6ghsOUxG1vysFLIpou9X/yrYv4W27vMcJ7S6xQAlmJb+UO1dPvo?= =?us-ascii?Q?dH0/2rHSDxIK3ccyNILrAESta6hoBCZJ1gdiJnX6xO0Giz/OoBxX7pBuRNyu?= =?us-ascii?Q?Jss8bQlXEsFoqQk9IgvygBIZkO/VXVZlh9wzLKWdRb2fHZYWsFZ/DaA1B0RS?= =?us-ascii?Q?B4CUcq9qAl+Kb42v/A8mGHgJhJTp9lEiDGsLygoRLg5I/YrvzsXa1yvDC6Zu?= =?us-ascii?Q?kV0PeG+jMCVPYwlznTbrdqjnzLqx031ApVZb9wguDiTZcplcPUEOUFpWv8Oi?= =?us-ascii?Q?39orVFn8u3CpCJKfs7yUrodmiYEDuvM5rF8iUO7GgtvVkZAg5FQ7t6Yq9id9?= =?us-ascii?Q?lZu8LDnYHyySqsKBPFZZXtozyN1BqN6CDzwh0JyqDiVUkUhtyH/Cs4fZGIxG?= =?us-ascii?Q?DF3Pdnbv685h9ikxj44v6WdQkbHFqlbWGrEQvtwH4yIHS6tUIS0SCNMXXjX3?= =?us-ascii?Q?uul/yuilBQcktG7UNnepOpF4jMv5mSxMRxfvTQcrFKXkkHeDMpPhujPz81AC?= =?us-ascii?Q?SgJUdF286lMKHWr9rlYYaOBi1woK24+KOlOC94+YuDwp15bfUsNd7S1mjW8K?= =?us-ascii?Q?LuH67yY3K5w2d+C+rzmNikfwdF3oY2WnvpwjZIsBbgRgLE7Q5TH6J1+RTcNL?= =?us-ascii?Q?ZA0jHHd+B6f4xXcvEGReSwOmPFp+Z8C3F5QXb/yPOxpgJ6wiGmna6NbP5svz?= =?us-ascii?Q?lP+2zyb8tUrWfIaopO3MlvwzW5GOkVb5vj15Ud2Yep1wvemt0H6B+cJwmXlp?= =?us-ascii?Q?qqiBxHdiBnARcp/Psld5uEkrk5s9UTyaNjd7yxi1pqHTd+BtOvhKtLyHbL68?= =?us-ascii?Q?0m1c9114wtnxnuMkZl/tQmNEseSJxTWcq7NyR950ecDmG7aiSiSuT780ib9x?= =?us-ascii?Q?CXnYP13RKfsxnmac4xFMneploqw6kml10OsgcyJj90Tj+vHkHsAAdRdqIykF?= =?us-ascii?Q?tn1XQfYItcC1+6mu3hMCj08r4tK3k5oof9hrrmib8ALAWha2A++Sie2S/FA1?= =?us-ascii?Q?0vD6mzrPaf3k077qeU/0W1bMvrpAY3FQPEjd9NIZgcErd6O8OebPZ8jvI3eZ?= =?us-ascii?Q?qg6TImqcVGfIliAJzJEM8metHTfgdfec1zirkGnGoUwvXgDgzD0Tbg=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR12MB6838.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?hcQdOqghG0UIWLuuNcTWVtob/eKIagobTvRAT6rZ7ZvZu5tnGF79sw5oAL2U?= =?us-ascii?Q?r5snH9NbENDC6ivUJCNbre3N/7Pqfldn6Kwp6J2fB6ngf/K6jkZJe7hhL2qQ?= =?us-ascii?Q?ZLAaK5J1E9TzIASjVVXzVSP0+KNwigJUkK5rzvqpzNXORBQ36MZL4XdO7Vbd?= =?us-ascii?Q?I4Vqouyh1pqGdq2te71HKtpuMC9WKiQU5CdbTYIUj2uP1Cu4Ifg6sAYD6wsP?= =?us-ascii?Q?MFOlqJ/YfEYPxG4O3CoBFdBe7sryRwLCZQenc2E4OKNgGcO5PsoJQJSoeD2M?= =?us-ascii?Q?JEqNngeEg2NJbL8/SaJ6KboMjtIeH/Gy47cY2zLYWloaZ4OAEx8g2aM8nQd2?= =?us-ascii?Q?WuI1AnBh/u+PJg9n9Bl4xM2PVMn5sh6JOFHtDnHMlUAnh8aNUT3ewLmtR6hf?= =?us-ascii?Q?64AfEXyPNyDyEe/QZ2XXPwhQNxaI8gfbLCntDS/bwD6TBSWwbad11gJNyTk8?= =?us-ascii?Q?Ro9TReMkp+bKyXvRqY/wE9xrKf6CkPgn6IshrwFj3dGajUTN/XMYtV559v94?= =?us-ascii?Q?pTMlAMY3dBMZf5r6iodHBKlwZ5xOVu32Xae3dA90LJxISevaX86RzsRsZiHg?= =?us-ascii?Q?QAxR5AMD7qZtYOYVbifSqbKRotFyBWT1JmA7A8Imfc8pMFN3UpsAgZ/bV4f5?= =?us-ascii?Q?s5mv4imVRr0brZXyVtBk22gBZdp/3jtHrzkCQUF7BD2MQCcd+kNS+QW79X+y?= =?us-ascii?Q?rjrk+kfGx3hPeaYYhM8lyqj9dMmbf4VjAluJ1FVcNfR/M/7HHN05zU57evQd?= =?us-ascii?Q?yQJqQw4YVmSH1Rk0+Ub/ggVesssP1Ezwu4Rv/9NVKIjTwWhfGJjHYGo9XEpa?= =?us-ascii?Q?q7PRa1kfkI51QhvTXUXdnfIgCkvW6uvs493dhGCxE7UyqaFm4cSH4apLzuzE?= =?us-ascii?Q?TIbfWk7zI6g2zAN0WRzS+lQbU8aFo2AQ7LZJWrmxeU+H+j5LjzCy4gYXpwAZ?= =?us-ascii?Q?oXCFKK8e5dtHJ0JGg0JuoQd2t1wbA3XPdvB47Bes9s4QAkbJxbjED34VjyBF?= =?us-ascii?Q?h79ekKFKe9P3Rkp8IgymdZu8ykNOcjUsqlL6fl6tuYatxh+6WXTAq07Q2Iw7?= =?us-ascii?Q?I+gwfNVImUHCEn5hwQcQhXJYIFaqvUw7f2733ovX5/ILfj0jKx2HRn1ddvyW?= =?us-ascii?Q?HwumdZresCQSbFWGGk95G8KvKIO4cwapHUU+XIjUDsvag8OWqvBf2NFhua5Z?= =?us-ascii?Q?1gTX/zGuzlb5/CfmoOAH5SUyaIPiLEto7kuOrDUK5kEck0VkN74WtFB2EUUH?= =?us-ascii?Q?xwd9Acc0bgnjBGzIEI5yWUhuBf3dE4VB+Cz3Pk7z4PP6y5LG4pQWvVMjohzc?= =?us-ascii?Q?AnWOl+62iA1/6Lk1g8HyypL9OEVo6bYF7BcjA3+oD71uAiu6IpiTTt/EsPje?= =?us-ascii?Q?HJF8q0ZNYbiR3drpW/WqjwRblV3pjI9V0C21luEXvse1IOPCRf3NjhgYDdJ5?= =?us-ascii?Q?hLoIvZwCbgt0ZtF0mA2zebnjPprrtc57nxxPqpPtSsFd6HoK/ofcBpVW8zww?= =?us-ascii?Q?BZmCHCKIdzkqR6cueqJBYt9wsW1839cgBK5f/tOikBMkU+fUASvv9nELS5ye?= =?us-ascii?Q?/tfGMSWn3V+gId4LTk0JCjjkyJ2vtlCNE1ZQi/f/?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 910c1591-413e-4fda-8604-08de3ea50baf X-MS-Exchange-CrossTenant-AuthSource: SN7PR12MB6838.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2025 02:19:32.0696 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Q0AMs8hVMcnXhkeOd0NujOC5Y2MjfHSNw/posr1WwfnVKPZm19JJ+Yufsx0ownboETERFMNMfmkAzr1zGEN1KQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH1PPFC908D89D1 Message-ID-Hash: VHZFLNNRXVEWPOY33ISU463A4LAD5TSP X-Message-ID-Hash: VHZFLNNRXVEWPOY33ISU463A4LAD5TSP X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1766111332016158500 Content-Type: text/plain; charset="utf-8" From: Nathan Chen Integrate and use the IOMMU_OPTION_RLIMIT_MODE ioctl to set per-process memory accounting for iommufd. This prevents ENOMEM errors from the default per-user memory accounting when multiple VMs under the libvirt-qemu user have their pinned memory summed and checked against a per-process RLIMIT_MEMLOCK limit. Signed-off-by: Nathan Chen --- po/POTFILES | 1 + src/libvirt_private.syms | 3 ++ src/qemu/qemu_process.c | 7 ++++ src/util/meson.build | 1 + src/util/viriommufd.c | 89 ++++++++++++++++++++++++++++++++++++++++ src/util/viriommufd.h | 23 +++++++++++ 6 files changed, 124 insertions(+) create mode 100644 src/util/viriommufd.c create mode 100644 src/util/viriommufd.h diff --git a/po/POTFILES b/po/POTFILES index f0aad35c8c..c78d2b8000 100644 --- a/po/POTFILES +++ b/po/POTFILES @@ -303,6 +303,7 @@ src/util/virhostuptime.c src/util/viridentity.c src/util/virinhibitor.c src/util/virinitctl.c +src/util/viriommufd.c src/util/viriscsi.c src/util/virjson.c src/util/virlease.c diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index ed2b0d381e..e2a7a16347 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2652,6 +2652,9 @@ virInhibitorRelease; virInitctlFifos; virInitctlSetRunLevel; =20 +# util/viriommufd.h +virIOMMUFDSetRLimitMode; + # util/viriscsi.h virISCSIConnectionLogin; virISCSIConnectionLogout; diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 8863be2cb6..db56720f3d 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -104,6 +104,7 @@ #include "backup_conf.h" #include "storage_file_probe.h" #include "virpci.h" +#include "viriommufd.h" =20 #include "logging/log_manager.h" #include "logging/log_protocol.h" @@ -10392,6 +10393,12 @@ qemuProcessOpenIommuFd(virDomainObj *vm) return -1; } =20 + /* Set per-process memory accounting */ + if (virIOMMUFDSetRLimitMode(fd, true) < 0) { + VIR_FORCE_CLOSE(fd); + return -1; + } + VIR_DEBUG("Opened IOMMU FD %d for domain %s", fd, vm->def->name); return fd; } diff --git a/src/util/meson.build b/src/util/meson.build index 4950a795cc..9fb0aa0fe7 100644 --- a/src/util/meson.build +++ b/src/util/meson.build @@ -46,6 +46,7 @@ util_sources =3D [ 'viridentity.c', 'virinhibitor.c', 'virinitctl.c', + 'viriommufd.c', 'viriscsi.c', 'virjson.c', 'virkeycode.c', diff --git a/src/util/viriommufd.c b/src/util/viriommufd.c new file mode 100644 index 0000000000..163ac632ba --- /dev/null +++ b/src/util/viriommufd.c @@ -0,0 +1,89 @@ +#include + +#include "viriommufd.h" +#include "virlog.h" +#include "virerror.h" + +#include +#include + +#define VIR_FROM_THIS VIR_FROM_NONE + +#define IOMMUFD_TYPE (';') + +#ifndef IOMMUFD_CMD_OPTION +# define IOMMUFD_CMD_OPTION 0x87 +#endif + +#ifndef IOMMU_OPTION +# define IOMMU_OPTION _IO(IOMMUFD_TYPE, IOMMUFD_CMD_OPTION) +#endif + +VIR_LOG_INIT("util.iommufd"); + +enum iommufd_option { + IOMMU_OPTION_RLIMIT_MODE =3D 0, + IOMMU_OPTION_HUGE_PAGES =3D 1, +}; + +enum iommufd_option_ops { + IOMMU_OPTION_OP_SET =3D 0, + IOMMU_OPTION_OP_GET =3D 1, +}; + +struct iommu_option { + __u32 size; + __u32 option_id; + __u16 op; + __u16 __reserved; + __u32 object_id; + __aligned_u64 val64; +}; + +/** + * virIOMMUFDSetRLimitMode: + * @fd: iommufd file descriptor + * @processAccounting: true for per-process, false for per-user + * + * Set RLIMIT_MEMLOCK accounting mode for the iommufd. + * + * Returns: 0 on success, -1 on error + */ +int +virIOMMUFDSetRLimitMode(int fd, bool processAccounting) +{ + struct iommu_option option =3D { + .size =3D sizeof(struct iommu_option), + .option_id =3D IOMMU_OPTION_RLIMIT_MODE, + .op =3D IOMMU_OPTION_OP_SET, + .__reserved =3D 0, + .object_id =3D 0, + .val64 =3D processAccounting ? 1 : 0, + }; + + if (ioctl(fd, IOMMU_OPTION, &option) < 0) { + switch (errno) { + case ENOTTY: + VIR_WARN("IOMMU_OPTION ioctl not supported"); + return 0; + + case EOPNOTSUPP: + VIR_WARN("IOMMU_OPTION_RLIMIT_MODE not supported by kernel= "); + return 0; + + case EINVAL: + virReportSystemError(errno, "%s", + _("invalid iommufd option parameters")= ); + return -1; + + default: + virReportSystemError(errno, "%s", + _("failed to set iommufd option")); + return -1; + } + } + + VIR_DEBUG("Set iommufd rlimit mode to %s-based accounting", + processAccounting ? "process" : "user"); + return 0; +} diff --git a/src/util/viriommufd.h b/src/util/viriommufd.h new file mode 100644 index 0000000000..1a7c7c94d0 --- /dev/null +++ b/src/util/viriommufd.h @@ -0,0 +1,23 @@ +/* + * viriommufd.h: iommufd helpers + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#pragma once + +#include "internal.h" + +int virIOMMUFDSetRLimitMode(int fd, bool processAccounting); --=20 2.43.0 From nobody Thu Jan 8 11:56:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1766111399532383.78675268341794; Thu, 18 Dec 2025 18:29:59 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id A93EC41962; Thu, 18 Dec 2025 21:29:58 -0500 (EST) Received: from [172.19.199.83] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id BA40843F05; Thu, 18 Dec 2025 21:20:11 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 07486418AC; Thu, 18 Dec 2025 21:19:47 -0500 (EST) Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11010018.outbound.protection.outlook.com [52.101.193.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 8DA5E41894 for ; Thu, 18 Dec 2025 21:19:36 -0500 (EST) Received: from SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) by CH1PPFC908D89D1.namprd12.prod.outlook.com (2603:10b6:61f:fc00::623) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.8; Fri, 19 Dec 2025 02:19:33 +0000 Received: from SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc]) by SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc%7]) with mapi id 15.20.9434.001; Fri, 19 Dec 2025 02:19:33 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kNcB5ZJbQufAATOI4rk+5T+QGVFHk+Ro2OIkDOEScRmmCm1CPfS33kbjXFjIVXADSI22ZV/jzM8Ykd6bSL2TZ7uMxv+cVENWMLSOI2RYYakWhHwT4IHnVvEWNBNKP4+5cQcX5AZEFNnSDmir6D+ochixtcwyiuye3UDnfUmRQuW5wb5U/opAyE61186+wnge8npYb/qdeG6F5Boe7H4C2sTJ+j8FPF/MGCZfaLD5ECVr3ldIrnOX0mVf5CymH5qj4xlWt0N9P3FdJXhWWRA87Hq1e/ZLubiQX3tLzyWyGZCCxulqPAiKgae0aKN0gBE8+X0+pkdGQ4lvFuxB1EMSFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ulvFeu2vSrp6qD9gQck1nOehVb/6Mg/VJwrGws5OBnM=; b=iksqg0L8m9VGataOlV0axj6zgW8JTde5UsFqqotIo0cT+ikIXfYFNGvXGgCxl531rTN9vDq4T198JJidLj0emy4yrTetRv6ng71dY6pipPeVmQtARE//r82ljwrVEIZnxEBE71WYjwgagFh6s82zAaRQ+A18tz+oCB5HRTwvbPY7Ewt80AytGN15ZWPY1kaLiB94u9kr0zKjoG2qZDl4AAXfJt7MhtypwXpwGZ2dzAe5AQhdVKkLEzi9h1F5ZRcVCTiLnCU2cDa/5lNy248a+nyKysG/pyW14tNEsTGkhykn5TLzZbKuxEcDd/6iLYN9/2KzABZofioHFeUfbisQxw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ulvFeu2vSrp6qD9gQck1nOehVb/6Mg/VJwrGws5OBnM=; b=tzGqVDaPs4Eqm82YKpNuy7Gh5o/PHWTyDGVJIU2nX7PsFQBZJ3bQ2D72uDmCvu0VLoVpznUzZMIMH6mlZheOCJM7C4QzM+tjYv1H1713bB6arZGtebLjZ/KD1dlQWiRIwEh0kXIRit/ZZwX/HNUeEY0jNmElt6XhjcZyp5lKmb5UeEpPdhjT8/2GbRDFzjnDPbbB3zjyQMnXCG8OlJbt/LWBHDkIQInFp60OiHPZ4trB8TOt7KGVtEscCaNVVLVznGYroxjFtVpExj3PstIhrksfqz9Ki2iwfOtKGAbNk3DonwMP1H2IJmricVlWemgfZ84PJhmoPT8bJO/5q8sSuw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v3 6/7] qemu: Update Cgroup, namespace, and seclabel for iommufd Date: Thu, 18 Dec 2025 18:19:24 -0800 Message-ID: <20251219021925.1864433-7-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251219021925.1864433-1-nathanc@nvidia.com> References: <20251219021925.1864433-1-nathanc@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BY5PR16CA0022.namprd16.prod.outlook.com (2603:10b6:a03:1a0::35) To SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN7PR12MB6838:EE_|CH1PPFC908D89D1:EE_ X-MS-Office365-Filtering-Correlation-Id: 61f30eb8-fdef-4657-fb34-08de3ea50c75 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?RaX8m+nBb2RDCOQ5SAkuE4jxJMxI2EXdt3QA8M3RiswQu6MdK/cf/aag78X8?= =?us-ascii?Q?qN70ah4eYVOqAoQ/uNay2znKCnUNRTRTzyK/aGgolrY5TmDDcp40FTNYquPN?= =?us-ascii?Q?eAFTTu59IURkbHNUq+ON42QEyxZ0iQG3DXDroR0H5YsezGzWGE8AYivIk4Us?= =?us-ascii?Q?aJTmTRSQYj1x5THjj/r5Ur6mQ8GETNWj01+LVao1Xk2c7oQ1KRpJOZsRuA9j?= =?us-ascii?Q?zv9bduXT0J5Nez3dnyl0lVNGGhoL41yd+aSbn/0TysfCK1CJgV1lg+WKyMxc?= =?us-ascii?Q?cSmECLi48t6vMPKVEumr/Jl2kOUXAaA9wbrnOkCOKOy11BwDoaTBTO6JMbyW?= =?us-ascii?Q?uelmUeNdDFp2nUgbpryRFEILUv2LWzGChT26B+NrZN5JS2NVQhIr/7VvjhOt?= =?us-ascii?Q?zdo2s4dl74NpqM27TzJwByTsEHahoGSw4zDApAi8becnl0TsAe0YM3+DN/vv?= =?us-ascii?Q?NV99xT/tP0c2sfaaa8rGtXMjjDuAyYKRFIq5LS9gFHOIZKYkTHj0Joi638HC?= =?us-ascii?Q?9V6MhMjbwMf7tq3tRz/ZjDgxby4oN7SZEloIDcQHkmSD/TjgjScHgWDNieAz?= =?us-ascii?Q?eaT4xWKI3FWtQwYPKaP1/w4ojOcwk+OVofAbFqA46UUClIgyDUFbMWHZBjXH?= =?us-ascii?Q?GkymgPJFz1HMMwuLfvs44f/Xa2FnzQBKqEwggsMgzXLMit+3v4b+3PyFjMOB?= =?us-ascii?Q?gS2BfXKv82bGD0UfdzEpaE+nKuHDOoO6gV5xZy3wknZtxmxy3PVwTU28DLRZ?= =?us-ascii?Q?WotvLwtSTSWKiAX+bGDi+Y55i3lYiDp/nLn9C1hCOb4d/4WolNwcLS8y69Jx?= =?us-ascii?Q?ojpFhT1kIZJsmc6IOBO7sCDKPKJV66jpqM7LDAGGxZk1rZJsHmWQ7MVY1A7e?= =?us-ascii?Q?f+Lm9QZYhBgbpsVerthBtIPwfR1qF1K8YPCCYdeaPU6Gb8Mu3P6mUSVzEtrB?= =?us-ascii?Q?Bk/r1naWUF5d6E63YBq1SKtdSgzywA9KHxFGUa5tnoWjfaYEMS52hpb+ENlJ?= =?us-ascii?Q?XjtHvqtfyx6OvsFhKGszVcSxaooVrwhkgm2FT+t3gi/KA2fastF9DfBLAurU?= =?us-ascii?Q?M9Pwo94WFeEQ9kTHv9BhMjinFrAQMpIP3cUGfTcAU/2ZZFaiF+MkyPwmovmO?= =?us-ascii?Q?CuyoGmAu4uZ41z+36s5VB7iR/nOO/8AVATIB2eoRmDGqus5R7EK5JU4gRMSx?= =?us-ascii?Q?qgHX5DrErglVVAe3f2GvpNbGgBjtaZ2JxaQlJMOblHG7pULxr6teihSEPccm?= =?us-ascii?Q?MErNgxn77cDsZqzC1IOmroFnsR3CutuLpvk40HLYspsZ3uGqamLAu5YuMEKf?= =?us-ascii?Q?m9Mwbr+t8AbwMZimjen/MIrCCEt94x51lrIJt4Llup8W4KubvkOJ+zMhy0w0?= =?us-ascii?Q?xTDEgU5JdVtSWH3fq3DM9TDk+oXFZln+ijRfxQuiB1MODiRJKypTmpooS38t?= =?us-ascii?Q?YrAdsWD2WoQ1UJZ7GglplqZOX1mjbwT1?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR12MB6838.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?CfbSpVmFTTzE8fC7JtPMR38l4ndaxmcaZauHnro5XEDPretD7B1g8UadaPnO?= =?us-ascii?Q?2wDcs+YJqFk5BgYD3O/Lhft7owdXN8NV+xa4dVkP79ONpSbi+c3Dptf7/HsN?= =?us-ascii?Q?V9iCYY4Xc0XeiVeI3IHR50IfzaaxP0ALb/Pvu5n16Ipxa2OUiAqWQcCAVbTk?= =?us-ascii?Q?yMDtiK2fvxRENsrCbeswBnwLgpTv7W5sFxlMtH9RAVWlMc9CSzheS30nHfX7?= =?us-ascii?Q?D7mh65+xMaFiyN1fRI811ye7KsDLEbQEaAlCVyQlhGCvX6CMwfLHIm20HOrG?= =?us-ascii?Q?dXQDFxyo4QRCIUNyIEghFsiLKTnTMhfNwj2PQ9SyHAcmejz5FgYWEJJ7WaZf?= =?us-ascii?Q?GYm13p/IpP2UMjzoFPjcsDy1uQpzXCN7cx9A9hdqNN4gkVkRNutmPUMuuXpL?= =?us-ascii?Q?1nEp8e3yAy/p5qUlltaNMeDQpPAKOvu+wgTP7C+f1/EFMuuDq8JBSgzuJTeX?= =?us-ascii?Q?AVuezToLVOOGzocof6ke05hk4v69ZJaVxw/mlVTIOv1on4M4LnsGkoLtOICa?= =?us-ascii?Q?Gmv6PaICV4a50o5Ej6yE7GrBH8Zrr5fkIjvtC4PEyiS17dZOXp6HrZ7g7L56?= =?us-ascii?Q?AiC4Nxd3KgWrbDTePdXzuUHBOPd0iASooOn76WlDCRXa0ky6kKbsvLd5OZ7X?= =?us-ascii?Q?yvKG9MfMERaUCmx5xBAfxcoUOBuidBHJR2EYtt2uMKZboDXEurI+65Z0bxFE?= =?us-ascii?Q?sKApbzYv1rPVS69R5wDU9+B3DKzqcG6X0mVIZnxcAWFy7PJydSdcWaCzCHl3?= =?us-ascii?Q?+yTkJ9TuUEixcTZcRRe3DWP0fAoJspOAY38K3Z7rTOfAnxFXhqyYymoaLIil?= =?us-ascii?Q?P0g0Gb7zSWakANqIM80goDbP+1iLsVNP1tVGdAOBHaFpirsgJYaNljC4q26M?= =?us-ascii?Q?rAaSL4pdjVBFdtqoUmjqgRvzbAH8ghkDjWHmZD63I1ueRSGfVTTXO6XqxvAC?= =?us-ascii?Q?iw/kE6n4emVW1X5br9/Y/S2OW5KAJmZxpRW7VDUOTgy7BUzIsVSy12i4Lxjw?= =?us-ascii?Q?XnkScjYU4cQ2UayuJsbf6r/mM/+BJ+v4dSaY9Ku7jbX+cdn1q1BAasXmVThO?= =?us-ascii?Q?Mv9FqhV0PD/w0gI5LfnOY9RicmJkLPwqEtVgsDw0YJVxFeri6XJgR97RPXdV?= =?us-ascii?Q?MmmAO76z/zlqHT/jnaZzH0396vp0AwIK7DeMquUcf36SP5/13q+158UjQeoU?= =?us-ascii?Q?uBIHeJSQwAT9i5nMJIap/Hzq+Apd18CGHRHF/5gSzj+dd7vlOfzymXtTb3/0?= =?us-ascii?Q?OzjTdvronuimVffks23Yax11QJ8TS7s408LycTNFWe0dOe560nPNm8POokPs?= =?us-ascii?Q?TQgOiU9lwYZkEYCfjFx9lTbGYcCElUEJi25gqQxbSqXDi54AGezb2h1XggwG?= =?us-ascii?Q?lgoOz6pxjtPUeFfwF7dplj7gcdYDyry1d8SnQVjCMSBkgApoeYHIZHQsx7Ta?= =?us-ascii?Q?AuUN5OQD1Puytx6dBgPO/jAUxvXaROEIbQVhZefl8gLZNUKFcymX/0DiaAi6?= =?us-ascii?Q?7cHKFdZHtt9gtZrJ64qPnlgqhzVw93FwiFkLsQYbGmRj6AWzxP0Ia7LdVVLW?= =?us-ascii?Q?9T9rdqAdxHG01xDnRF6VlqN4N0piHAebDFBQgbz+?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 61f30eb8-fdef-4657-fb34-08de3ea50c75 X-MS-Exchange-CrossTenant-AuthSource: SN7PR12MB6838.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2025 02:19:33.3743 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: g+BN3ZP/cQdpKDIJ3dFbj4K4juNcxSQ9p+GNzKznLNEkOQHbL5cXZchc/AS++IhQmnwC52i2P79CQoS28PTNDw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH1PPFC908D89D1 Message-ID-Hash: 7IBGPH4ZMWGWCGLIASW4DZVSIRJ6MRFJ X-Message-ID-Hash: 7IBGPH4ZMWGWCGLIASW4DZVSIRJ6MRFJ X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1766111400321158500 Content-Type: text/plain; charset="utf-8" From: Nathan Chen When launching a qemu VM with the iommufd feature enabled for VFIO hostdevs: - Do not allow cgroup, namespace, and seclabel access to VFIO paths (/dev/vfio/vfio and /dev/vfio/) - Allow access to iommufd paths (/dev/iommu and /dev/vfio/devices/vfio*) for AppArmor, SELinux, and DAC Signed-off-by: Nathan Chen --- src/qemu/qemu_cgroup.c | 26 +++++++------- src/qemu/qemu_namespace.c | 16 +++++---- src/security/security_apparmor.c | 33 ++++++++++++++---- src/security/security_dac.c | 60 ++++++++++++++++++++++++++------ src/security/security_selinux.c | 58 ++++++++++++++++++++++++------ src/security/virt-aa-helper.c | 32 +++++++++++++---- 6 files changed, 172 insertions(+), 53 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 7dadef0739..7190a4f80f 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -479,21 +479,23 @@ qemuSetupHostdevCgroup(virDomainObj *vm, g_autofree char *path =3D NULL; int perms; =20 - if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE= S)) - return 0; + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_BOOL_YES= ) { + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DE= VICES)) + return 0; =20 - if (qemuDomainGetHostdevPath(dev, &path, &perms) < 0) - return -1; + if (qemuDomainGetHostdevPath(dev, &path, &perms) < 0) + return -1; =20 - if (path && - qemuCgroupAllowDevicePath(vm, path, perms, false) < 0) { - return -1; - } + if (path && + qemuCgroupAllowDevicePath(vm, path, perms, false) < 0) { + return -1; + } =20 - if (virHostdevNeedsVFIO(dev) && - qemuCgroupAllowDevicePath(vm, QEMU_DEV_VFIO, - VIR_CGROUP_DEVICE_RW, false) < 0) { - return -1; + if (virHostdevNeedsVFIO(dev) && + qemuCgroupAllowDevicePath(vm, QEMU_DEV_VFIO, + VIR_CGROUP_DEVICE_RW, false) < 0) { + return -1; + } } =20 return 0; diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index c689cc3e40..907b2773cf 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -345,15 +345,17 @@ qemuDomainSetupHostdev(virDomainObj *vm, { g_autofree char *path =3D NULL; =20 - if (qemuDomainGetHostdevPath(hostdev, &path, NULL) < 0) - return -1; + if (hostdev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_BOOL= _YES) { + if (qemuDomainGetHostdevPath(hostdev, &path, NULL) < 0) + return -1; =20 - if (path) - *paths =3D g_slist_prepend(*paths, g_steal_pointer(&path)); + if (path) + *paths =3D g_slist_prepend(*paths, g_steal_pointer(&path)); =20 - if (virHostdevNeedsVFIO(hostdev) && - (!hotplug || !qemuDomainNeedsVFIO(vm->def))) - *paths =3D g_slist_prepend(*paths, g_strdup(QEMU_DEV_VFIO)); + if (virHostdevNeedsVFIO(hostdev) && + (!hotplug || !qemuDomainNeedsVFIO(vm->def))) + *paths =3D g_slist_prepend(*paths, g_strdup(QEMU_DEV_VFIO)); + } =20 return 0; } diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 68ac39611f..999275dac1 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -848,14 +848,33 @@ AppArmorSetSecurityHostdevLabel(virSecurityManager *m= gr, goto done; =20 if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_= VFIO) { - char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev(pci); - - if (!vfioGroupDev) { - virPCIDeviceFree(pci); - goto done; + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { + char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev(pci); + + if (!vfioGroupDev) { + virPCIDeviceFree(pci); + goto done; + } + ret =3D AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr= ); + VIR_FREE(vfioGroupDev); + } else { + g_autofree char *vfiofdDev =3D NULL; + const char *iommufdDir =3D "/dev/iommu"; + + if (virPCIDeviceGetVfioPath(&dev->source.subsys.u.pci.addr= , &vfiofdDev) < 0) + return -1; + + if (!virFileExists(iommufdDir)) + return -1; + + ret =3D AppArmorSetSecurityPCILabel(pci, vfiofdDev, ptr); + if (ret) + return ret; + + ret =3D AppArmorSetSecurityPCILabel(pci, iommufdDir, ptr); + if (ret) + return ret; } - ret =3D AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr); - VIR_FREE(vfioGroupDev); } else { ret =3D virPCIDeviceFileIterate(pci, AppArmorSetSecurityPCILab= el, ptr); } diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 2f788b872a..09e26033ac 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1282,14 +1282,33 @@ virSecurityDACSetHostdevLabel(virSecurityManager *m= gr, return -1; =20 if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_= VFIO) { - g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev= (pci); + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { + g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGrou= pDev(pci); =20 - if (!vfioGroupDev) - return -1; + if (!vfioGroupDev) + return -1; + + ret =3D virSecurityDACSetHostdevLabelHelper(vfioGroupDev, + false, + &cbdata); + } else { + g_autofree char *vfiofdDev =3D NULL; + const char *iommufdDir =3D "/dev/iommu"; + + if (virPCIDeviceGetVfioPath(&dev->source.subsys.u.pci.addr= , &vfiofdDev) < 0) + return -1; =20 - ret =3D virSecurityDACSetHostdevLabelHelper(vfioGroupDev, - false, - &cbdata); + if (!virFileExists(iommufdDir)) + return -1; + + ret =3D virSecurityDACSetHostdevLabelHelper(vfiofdDev, fal= se, &cbdata); + if (ret) + return ret; + + ret =3D virSecurityDACSetHostdevLabelHelper(iommufdDir, fa= lse, &cbdata); + if (ret) + return ret; + } } else { ret =3D virPCIDeviceFileIterate(pci, virSecurityDACSetPCILabel, @@ -1443,13 +1462,34 @@ virSecurityDACRestoreHostdevLabel(virSecurityManage= r *mgr, return -1; =20 if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_= VFIO) { - g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev= (pci); + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { + g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGrou= pDev(pci); =20 - if (!vfioGroupDev) - return -1; + if (!vfioGroupDev) + return -1; =20 - ret =3D virSecurityDACRestoreFileLabelInternal(mgr, NULL, + ret =3D virSecurityDACRestoreFileLabelInternal(mgr, NULL, vfioGroupDev, fal= se); + } else { + g_autofree char *vfiofdDev =3D NULL; + const char *iommufdDir =3D "/dev/iommu"; + + if (virPCIDeviceGetVfioPath(&dev->source.subsys.u.pci.addr= , &vfiofdDev) < 0) + return -1; + + if (!virFileExists(iommufdDir)) + return -1; + + ret =3D virSecurityDACRestoreFileLabelInternal(mgr, NULL, + vfiofdDev, fa= lse); + if (ret) + return ret; + + ret =3D virSecurityDACRestoreFileLabelInternal(mgr, NULL, + iommufdDir, f= alse); + if (ret) + return ret; + } } else { ret =3D virPCIDeviceFileIterate(pci, virSecurityDACRestorePCIL= abel, mgr); } diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 2f3cc274a5..1dd0a9706a 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2256,14 +2256,33 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurity= Manager *mgr, return -1; =20 if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_= VFIO) { - g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev= (pci); + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { + g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGrou= pDev(pci); =20 - if (!vfioGroupDev) - return -1; + if (!vfioGroupDev) + return -1; + + ret =3D virSecuritySELinuxSetHostdevLabelHelper(vfioGroupD= ev, + false, + &data); + } else { + g_autofree char *vfiofdDev =3D NULL; + const char *iommufdDir =3D "/dev/iommu"; + + if (virPCIDeviceGetVfioPath(&dev->source.subsys.u.pci.addr= , &vfiofdDev) < 0) + return -1; =20 - ret =3D virSecuritySELinuxSetHostdevLabelHelper(vfioGroupDev, - false, - &data); + if (!virFileExists(iommufdDir)) + return -1; + + ret =3D virSecuritySELinuxSetHostdevLabelHelper(vfiofdDev,= false, &data); + if (ret) + return ret; + + ret =3D virSecuritySELinuxSetHostdevLabelHelper(iommufdDir= , false, &data); + if (ret) + return ret; + } } else { ret =3D virPCIDeviceFileIterate(pci, virSecuritySELinuxSetPCIL= abel, &data); } @@ -2491,12 +2510,31 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecu= rityManager *mgr, return -1; =20 if (pcisrc->driver.name =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_= VFIO) { - g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGroupDev= (pci); + if (dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { + g_autofree char *vfioGroupDev =3D virPCIDeviceGetIOMMUGrou= pDev(pci); =20 - if (!vfioGroupDev) - return -1; + if (!vfioGroupDev) + return -1; + + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfioGroupD= ev, false, false); + } else { + g_autofree char *vfiofdDev =3D NULL; + const char *iommufdDir =3D "/dev/iommu"; + + if (virPCIDeviceGetVfioPath(&dev->source.subsys.u.pci.addr= , &vfiofdDev) < 0) + return -1; =20 - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfioGroupDev, = false, false); + if (!virFileExists(iommufdDir)) + return -1; + + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfiofdDev,= false, false); + if (ret) + return ret; + + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, iommufdDir= , false, false); + if (ret) + return ret; + } } else { ret =3D virPCIDeviceFileIterate(pci, virSecuritySELinuxRestore= PCILabel, mgr); } diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index de0a826063..5b320fbc89 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1114,8 +1114,9 @@ get_files(vahControl * ctl) =20 virDeviceHostdevPCIDriverName driverName =3D dev->source.subsy= s.u.pci.driver.name; =20 - if (driverName =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_VFIO = || - driverName =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_DEFAU= LT) { + if ((driverName =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_VFIO= || + driverName =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_DEFAU= LT) && + dev->source.subsys.u.pci.driver.iommufd !=3D VIR_TRISTATE_= BOOL_YES) { needsVfio =3D true; } =20 @@ -1348,6 +1349,7 @@ get_files(vahControl * ctl) virBufferAddLit(&buf, " \"/dev/vfio/vfio\" rw,\n"); virBufferAddLit(&buf, " \"/dev/vfio/[0-9]*\" rw,\n"); } + if (needsgl) { /* if using gl all sorts of further dri related paths will be need= ed */ virBufferAddLit(&buf, " # DRI/Mesa/(e)GL config and driver paths\= n"); @@ -1385,9 +1387,18 @@ get_files(vahControl * ctl) } } =20 - if (ctl->newfile && - vah_add_file(&buf, ctl->newfile, "rwk") !=3D 0) { - return -1; + if (ctl->newfile) { + const char *perms =3D "rwk"; + + /* VFIO and iommufd devices need mmap permission */ + if (STRPREFIX(ctl->newfile, "/dev/vfio/devices/vfio") || + STREQ(ctl->newfile, "/dev/iommu")) { + perms =3D "rwm"; + } + + if (vah_add_file(&buf, ctl->newfile, perms) !=3D 0) { + return -1; + } } =20 ctl->files =3D virBufferContentAndReset(&buf); @@ -1561,8 +1572,15 @@ main(int argc, char **argv) } } if (ctl->append && ctl->newfile) { - if (vah_add_file(&buf, ctl->newfile, "rwk") !=3D 0) - goto cleanup; + const char *perms =3D "rwk"; + + if (STRPREFIX(ctl->newfile, "/dev/vfio/devices/vfio") || + STREQ(ctl->newfile, "/dev/iommu")) { + perms =3D "rwm"; + } + + if (vah_add_file(&buf, ctl->newfile, perms) !=3D 0) + return -1; } else { if (ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_QEMU || ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_KQEMU || --=20 2.43.0 From nobody Thu Jan 8 11:56:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (Bad Signature); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1766111509104546.4864218902321; Thu, 18 Dec 2025 18:31:49 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 29F363F953; Thu, 18 Dec 2025 21:31:48 -0500 (EST) Received: from [172.19.199.83] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 1FC894191B; Thu, 18 Dec 2025 21:24:46 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 3D00641A13; Thu, 18 Dec 2025 21:21:35 -0500 (EST) Received: from BYAPR05CU005.outbound.protection.outlook.com (mail-westusazon11010036.outbound.protection.outlook.com [52.101.85.36]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id EC5FC41889 for ; Thu, 18 Dec 2025 21:19:43 -0500 (EST) Received: from SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) by CH1PPFC908D89D1.namprd12.prod.outlook.com (2603:10b6:61f:fc00::623) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.8; Fri, 19 Dec 2025 02:19:34 +0000 Received: from SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc]) by SN7PR12MB6838.namprd12.prod.outlook.com ([fe80::69ae:2df4:372b:6fbc%7]) with mapi id 15.20.9434.001; Fri, 19 Dec 2025 02:19:34 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=S+Q5OAw/S9Sn2DkKjzvyj8LCfl77xmlMvh86+6OEeNiG1EU6QVnjo0y3jIflNjtZxA/xjitLyAfhVGft/Z7owtDI5pLWV3PeGjhyFLo+23BuvuzoqtTFrc3094TeJ0tSidpMuCv7OTJEmfEhY27340Vz2dwGqxUmNh0Icsj2c94PXYbK3VG9E7RfnxwDQFjlX1byZMoGPGroh5wv3cmfTk/IJy1DMImjiNx2vDOy/3/gP8iy+aTcAdWJdzX/XEtTGWPYqSC7bzTk5SAjlpDQKc2FzqpHVFkr9KJ20PR1+3SUIm2dXA5C5uQYwUaXy0wSjxNe6FFbZkYtYZahuQq62w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Skrc5rEcsRWdknPvYQusagREX9hWkZFUitaj2eG78jA=; b=gJCfxR1zZUD0bvNGuit2iwzArjagz+Egm8+WdXL6TjcVVZItnz2YehpS0oAq0WxJWzE5TjcT8Tha7K+mXEnGgrO/Vt/OYycfNMGh1RUwJBB5HDl9ttbXjJxLImifTruPmWrNdHm2GU7RSLlIZ7NlqrLLQ77GpUn8wVjTGU6KrmWhgF+3R69FhV9rAd6V3qLC0zZujuri8+y2qlbnRhnpRhnC3/I9KwDP+Lzv8bTsdml4V46g5YpRH9RMyCwshtmNpEqiaW/+aN+rTNs6qRxVIXyn3AWOpDEUxsHtq+dZAr+BvfiWzmkXRVBxdc95Ycno6k20NUYBN6honvLvvp8OlQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Skrc5rEcsRWdknPvYQusagREX9hWkZFUitaj2eG78jA=; b=sJeZk3eIhAjYGHW3HFL+NUYjXDO9M5OVDrUiiq5b4JRGxYLKA0R8XjZfW1Vp3YIupzX+eLaO4UtRpvJ1U6Ct2pk6vYrUwcnoQlF65OWb0IJgOEPWKHFR0uIvbOAuP0j6TtmGWEeDX/lAbrrXYioTFauUjCZSqF2AtdHdYMUQ0ZbrPSFy3mQ9GsPf9a83wVblFgfaGxZvZJpJoRkwH41HTmnQRzGGcagwsPTs/qifbuRUzMYhTsgE5lFpNqQrkHRekjeuebnVs+tJTTCX+TXs0YGy4OUEEBV/MM8b1iZdPgbE/3K7/gzBqXYzOvQKXyu0hfpOwYXKkgjFigyjDjIPqg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; To: devel@lists.libvirt.org Subject: [PATCH v3 7/7] tests: qemuxmlconfdata: provide iommufd sample XML and CLI args Date: Thu, 18 Dec 2025 18:19:25 -0800 Message-ID: <20251219021925.1864433-8-nathanc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251219021925.1864433-1-nathanc@nvidia.com> References: <20251219021925.1864433-1-nathanc@nvidia.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BY5PR16CA0025.namprd16.prod.outlook.com (2603:10b6:a03:1a0::38) To SN7PR12MB6838.namprd12.prod.outlook.com (2603:10b6:806:266::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN7PR12MB6838:EE_|CH1PPFC908D89D1:EE_ X-MS-Office365-Filtering-Correlation-Id: 187af152-4ac9-444c-66c8-08de3ea50d0d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?5YqsAdEWHVwo/1Ojnsui1JwCnRLyXPlipw4c2HRy/GiEU8Jzvr47V9v0bqKS?= =?us-ascii?Q?bGM8whQAAgBg/70hTdUjGGlhVHdCXOOS4XqiF2L5izBTkDpplR5XEzOhTWN/?= =?us-ascii?Q?YltdgWFFNu9wC5DSv00LVKQ2VZJXeKOrpOOMVxIUG2I+15G++fSDmr071g2F?= =?us-ascii?Q?hV1v9OW8gQV3k/sXImi+GMWxFMG8F8kmJEHzHKuI0hj3znjzuJBy+QOhvMD7?= =?us-ascii?Q?yHq7fA8up3jsbznXFVgodPoLIzPaiSSI+tBl2/7CO9Y/OnCf0j4fxsViRpXx?= =?us-ascii?Q?5mxQMhtAQZ6Hxwi+hnS9HVW5XpqBcJ2X0LInkkpvRNw+cWWWZMAKBOvQxvNk?= =?us-ascii?Q?PeIXh/rzFnyRgHoxbLozV0BogCYMDWOiLa6mHPaLMnxw408Alvrgqn8u+OcE?= =?us-ascii?Q?Fwr5gkK4pblNfYBDD0yYnelMssar1rRA6zHxoxBgwgIGW0G9o2xyu/GasL5T?= =?us-ascii?Q?WxgmjF8XPE8V7rdqc7ETTljZmUB0wMH9O/1wyrPK+E95UBPrmwoPWRwCICv8?= =?us-ascii?Q?j5F1FX5oRNRsXKf8NwA/Dcor7dJ0ydka2v3Y34A2eVV6V4pS4fQBhmCEFqUH?= =?us-ascii?Q?gr3VmpY7glC+Ar0i4VWGLfMpkHi9fApTbKXhKX6FY9qo6wuKmvH4vgRoOshR?= =?us-ascii?Q?MFinwvq0milXoa1ozCRICjLseWqyZ5zbKcr1W6geZ9c06eG/3llly5L07GC/?= =?us-ascii?Q?hQK0RoYi9BuS3FZaOe9QTreoX1FR4CEZIsCjF471O4MNMh3tN/9pDRgCz7eM?= =?us-ascii?Q?eqo6PGi20ZAOIpvcNS3m5kG3fQdvO99by3N7JZXWsY2YJznT2Q6uq53RtHyF?= =?us-ascii?Q?HDFSxHiY3Uzd1MIzwrnSDesTgCSjOMHZulBanql/XjcrTDSZvvEyPdQ2OjQC?= =?us-ascii?Q?SxSKya9jjXbFYIy4mLUom7v1U/XP4bqNPFBo6go8rqLPzliR1BCnll0HWBCp?= =?us-ascii?Q?wKFSGuC18dmNRGpbit8d3MVZbIoKEie2juimOhImSigRz7WOy4YLBVapj67z?= =?us-ascii?Q?2p4z182XxXPTFOcfPw1Z/2fRrgTbQZW+l0XhyBMPSA2JDbBp3efVFwwshSWI?= =?us-ascii?Q?52Pk1SxyEuiCzgl3L43Q35ySTT18Lx5Nh6iq1vVKkPBcvDK6ZadYDoqfNaWH?= =?us-ascii?Q?PL5hbpeatASRgyLZtPfchtegPk25qmnFzufAnp/2GW+dvNcBcL58T7EzsewS?= =?us-ascii?Q?XFUVYFbkXTxUT5DASpxP97ch/39QXgr0Zh6l8UiBGWMptZZsgNrejcRWR7kK?= =?us-ascii?Q?eTo54WKuhNt1wgXvJWJNX8B1ZXgKuk0LmGdwCmISTamTHxUtV1H8QPOCCm03?= =?us-ascii?Q?iPfwnKuubOzySps0vQ1Giv6KTIrK7CaAZDO0ge/5H+hjBYhwNtf/MbNF0ZuK?= =?us-ascii?Q?xEVDWAspsNPREkuAqc14PAjUm26zW4BaXlbWcDSahDZGLxSfEDV+VQ+jVPtY?= =?us-ascii?Q?U2/WXcttaEU3Dv25TuFwgG/OkRARDbD6?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR12MB6838.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?7jozccbVQTULdokPki26lgglhayFsr76P1zwbg7vUjM561Tbdpc/9RE03Cdp?= =?us-ascii?Q?QMba/ja0zs1qHfuElALIcUIlrw/Bbhzh2f0irnM8X1x2BCiVE/XLT4GNhr7w?= =?us-ascii?Q?S52eBnS6lSoSd+S3xnspPKcYXy/onLmVjndy2TgKQ+hUm74RTB5AmcCGf5La?= =?us-ascii?Q?NV9DkTCq4+PgrZuIBGXBlSlWkU4jTXHm+D2ALPyEeo8IHgkEbMdH1LetbCsa?= =?us-ascii?Q?T5MZMIFComhF4qLutnMr58WbObt9ljHinHZ4X7O8H5NYmm6x+A3JlzXexcFn?= =?us-ascii?Q?IVJObfEC2D/VLcLA7/RpURiZQgpVVEtIebDWv4iQRJippkSGIhO4jSbvCoqs?= =?us-ascii?Q?2N2wS2ajGdjrEbjL4Hm/m8HDZWyYHnAtXN3fl/634FCp4m9KvYT6SBzRYTEJ?= =?us-ascii?Q?K7IqQgyiEDjcbgDpCOQhddkQ0paSeivLo5DN+4rVFB3e3ekbQotaIcR1H266?= =?us-ascii?Q?6RQR9HatVSEhKQEa8lPLzoOJ5KHlVtixrmbmwYEM/3xertXItQUqb14wrzqU?= =?us-ascii?Q?ZInQrY6IPXq4DKtDUZz9CmsurZM5I8jn3Tg07qtoXf8101Wb0NcsArA+byRi?= =?us-ascii?Q?+GrX7pLDc7cteqi9YFmYl1Xpfo/TWLKfgTU2Ah9Dt/0hcsAjdk+2SbzyEGOa?= =?us-ascii?Q?GEbS8mN5cPmvgBKO/e6WFL8gsOZahUKl8pJSrzb+ie/ip41wvtCna/WEpTH1?= =?us-ascii?Q?4u/4Y9W/NOFzaKJXWwsORYcOEkR1o5Uznr9SutiwiZKGL1svGAhGPA9fJ57v?= =?us-ascii?Q?uPsNfWKFQjssYX79ls/qK6E1eBdLbECEbCQ/jru62ExVCVFGuePJ6zYsLaDD?= =?us-ascii?Q?crm+dB5cZTsq0uhKdRK1ZUZnl2MencksNuxI9yDtIHoNf/d6HCT5coD5LsTm?= =?us-ascii?Q?YSdkh/ulWM3RZdP+zbLDTDLFsEugOaeAkniwQL0B+0HdiQ6wZ5/UudLgpJYu?= =?us-ascii?Q?BOnbfgZk02vhueee92EdNe/kmvGhfk3N6lOftvpoqeeweou4R2MsrhaIMI98?= =?us-ascii?Q?S9rrrMw5rzv8x97VWMQRsQ8PU0OHOfTLO3PW4nxh4m5phjPLarKOHJToRRcb?= =?us-ascii?Q?53pyLHF5b070w3RAJ+6SyXHiPTgiIEpsajL4GiyjYjJ4ra32Sj08YyyO60g3?= =?us-ascii?Q?ydncBgorJaQHs58lxAHTdAVZuA5OKfENAqxERbQ43FeC1tojZMiE/MpBVCXP?= =?us-ascii?Q?7/PNm9cplVTnIn7x0f/FIZVxqWf+fXKmBCxsMb0ezrXTG/RD4by8vKskUnw7?= =?us-ascii?Q?cCWtTtPI4BE08XjjNVJjVccZ3PbhstqHwD6t7URajrLUBrvEZc1tS5wHlsAw?= =?us-ascii?Q?Cfi2dYrvscERbw9QZzPBKhoWxS7cLpBX3O5nBQo/mAu7kZCH099+ZRNOT4cj?= =?us-ascii?Q?ceVziWCHHQaIduxTaKDIZduVoF7Miww76es3JG3Pt3DV1K3v73FTxYWJMhTC?= =?us-ascii?Q?prGyFFBH/j4Cm9CSzHOT810yViVwG+Ve7iAS/PVmopp522mQ1miNeA55jZ0k?= =?us-ascii?Q?PZ0Eu/HMch7jnhVuwacNtI390E9b1WVf16BXTwwLAjRrWQ2BNVtlXd84TuFE?= =?us-ascii?Q?pxwuuALLekmJ1FQxPoQU0KsvxSCaC8wbfXaeOdUW?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 187af152-4ac9-444c-66c8-08de3ea50d0d X-MS-Exchange-CrossTenant-AuthSource: SN7PR12MB6838.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2025 02:19:34.3783 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ron8sJbEcZV6krNWsYIsvJfwog57EtQPjdHuJ0l8Gzr2G1yxXxvzNIG9vLyRVnHxUUDy5e1ZOMOQhS98s7QKbw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH1PPFC908D89D1 Message-ID-Hash: W6NZ5HDQ57676K4HXSBVXV2XC5VOYI6N X-Message-ID-Hash: W6NZ5HDQ57676K4HXSBVXV2XC5VOYI6N X-MailFrom: nathanc@nvidia.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: skolothumtho@nvidia.com, nicolinc@nvidia.com, nathanc@nvidia.com, mochs@nvidia.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nathan Chen via Devel Reply-To: Nathan Chen X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1766111510526158500 Content-Type: text/plain; charset="utf-8" From: Nathan Chen Provide sample XML and CLI args for the iommufd XML schema for pc, q35, and virt machine types. Signed-off-by: Nathan Chen --- .../iommufd-q35.x86_64-latest.args | 41 +++++++++++++ .../iommufd-q35.x86_64-latest.xml | 60 +++++++++++++++++++ tests/qemuxmlconfdata/iommufd-q35.xml | 38 ++++++++++++ .../iommufd-virt.aarch64-latest.args | 33 ++++++++++ .../iommufd-virt.aarch64-latest.xml | 34 +++++++++++ tests/qemuxmlconfdata/iommufd-virt.xml | 22 +++++++ .../iommufd.x86_64-latest.args | 35 +++++++++++ .../qemuxmlconfdata/iommufd.x86_64-latest.xml | 38 ++++++++++++ tests/qemuxmlconfdata/iommufd.xml | 30 ++++++++++ tests/qemuxmlconftest.c | 33 ++++++++++ 10 files changed, 364 insertions(+) create mode 100644 tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/iommufd-q35.xml create mode 100644 tests/qemuxmlconfdata/iommufd-virt.aarch64-latest.args create mode 100644 tests/qemuxmlconfdata/iommufd-virt.aarch64-latest.xml create mode 100644 tests/qemuxmlconfdata/iommufd-virt.xml create mode 100644 tests/qemuxmlconfdata/iommufd.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/iommufd.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/iommufd.xml diff --git a/tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.args b/tests/q= emuxmlconfdata/iommufd-q35.x86_64-latest.args new file mode 100644 index 0000000000..7d819e141b --- /dev/null +++ b/tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.args @@ -0,0 +1,41 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/var/lib/libvirt/qemu/domain--1-q35-test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/var/lib/libvirt/qemu/domain--1-q35-test/.local/share \ +XDG_CACHE_HOME=3D/var/lib/libvirt/qemu/domain--1-q35-test/.cache \ +XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-q35-test/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3Dq35-test,debug-threads=3Don \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/va= r/lib/libvirt/qemu/domain--1-q35-test/master-key.aes"}' \ +-machine q35,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dpc.ram,acpi= =3Doff \ +-accel tcg \ +-cpu qemu64 \ +-m size=3D2097152k \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":2147483648}= ' \ +-overcommit mem-lock=3Doff \ +-smp 2,sockets=3D2,cores=3D1,threads=3D1 \ +-uuid 11dbdcdd-4c3b-482b-8903-9bdb8c0a2774 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-boot strict=3Don \ +-device '{"driver":"pcie-root-port","port":16,"chassis":1,"id":"pci.1","bu= s":"pcie.0","multifunction":true,"addr":"0x2"}' \ +-device '{"driver":"pcie-root-port","port":17,"chassis":2,"id":"pci.2","bu= s":"pcie.0","addr":"0x2.0x1"}' \ +-device '{"driver":"qemu-xhci","id":"usb","bus":"pci.1","addr":"0x0"}' \ +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","no= de-name":"libvirt-1-storage","read-only":false}' \ +-device '{"driver":"ide-hd","bus":"ide.0","drive":"libvirt-1-storage","id"= :"sata0-0-0","bootindex":1}' \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-device '{"driver":"qxl-vga","id":"video0","max_outputs":1,"ram_size":6710= 8864,"vram_size":33554432,"vram64_size_mb":0,"vgamem_mb":8,"bus":"pcie.0","= addr":"0x1"}' \ +-global ICH9-LPC.noreboot=3Doff \ +-watchdog-action reset \ +-object '{"qom-type":"iommufd","id":"iommufd0","fd":"-1"}' \ +-device '{"driver":"vfio-pci","host":"0000:06:12.5","id":"hostdev0","iommu= fd":"iommufd0","fd":"0","bus":"pcie.0","addr":"0x3"}' \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource= control=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.xml b/tests/qe= muxmlconfdata/iommufd-q35.x86_64-latest.xml new file mode 100644 index 0000000000..bb76252b61 --- /dev/null +++ b/tests/qemuxmlconfdata/iommufd-q35.x86_64-latest.xml @@ -0,0 +1,60 @@ + + q35-test + 11dbdcdd-4c3b-482b-8903-9bdb8c0a2774 + 2097152 + 2097152 + 2 + + hvm + + + + qemu64 + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + + + +
+ + + + +
+ + +
+ + +
+ + + +