From nobody Fri Nov 14 16:55:17 2025
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass  header.i=@intel.com;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1762402932; cv=none;
	d=zohomail.com; s=zohoarc;
	b=eiBaLSs2As8kJmNEt+dydaasPVo7UfVMD795xwU3+Ap/3H2ud3HAjjojwN/jifUHQV34SBXE03GL3dMvkJwuF/nHTW5kap+iesCGGUl+yxwFNEL6LpYbdsxqMzsRVFtEkvUqW4DIw4eH/U9HomnDJM4pE9742Nj2KU4zB1YuGrM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1762402932;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=7duewzRWo78KH3/vG+QFoZajBE3ybYvPZ8Iy6lqI3x4=;
	b=SLL5CzSXJMEDGuIDz+QLLWwy0M0lT3Zf3u+vTmOFSMAcR0OfdDxyDISifm0MKexE5sqBTN/xmP3fiVXgEHPE/8kmNm3L5Yh5ViOxwo7dAhOqwkV3zSkFR7iTh3mWrP8lY7Wcu0LXPOYGRVovoMRGMCWM74sthKyEjO9UrEG66qI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass  header.i=@intel.com;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<zhenzhong.duan@intel.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1762402932329799.333703025215;
 Wed, 5 Nov 2025 20:22:12 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vGrUx-0006kw-8D; Wed, 05 Nov 2025 23:21:23 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <zhenzhong.duan@intel.com>)
 id 1vGrUj-0006co-3v
 for qemu-devel@nongnu.org; Wed, 05 Nov 2025 23:21:14 -0500
Received: from mgamail.intel.com ([198.175.65.19])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <zhenzhong.duan@intel.com>)
 id 1vGrUg-0000q1-OO
 for qemu-devel@nongnu.org; Wed, 05 Nov 2025 23:21:08 -0500
Received: from orviesa006.jf.intel.com ([10.64.159.146])
 by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 05 Nov 2025 20:21:05 -0800
Received: from unknown (HELO gnr-sp-2s-612.sh.intel.com) ([10.112.230.229])
 by orviesa006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 05 Nov 2025 20:21:02 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1762402866; x=1793938866;
 h=from:to:cc:subject:date:message-id:in-reply-to:
 references:mime-version:content-transfer-encoding;
 bh=peJXHTxXPxde/WpkPUczMuLT971uytLCfaUMitfL9yk=;
 b=lvpzEm80yhOZb1VWhJKE5Y90BFgfP+4QycAflUSpZf7DEHhkqK9h63tT
 7rwGeBWOcfOKVON9S5OGVr06O2SOSzRJdSWelPrgLOZIRkKgB8Z5HaGTb
 THJXEFNsQM/k5LBaijByYZjC3NK/IIfopjlnL1WiyhS3kZ3dOMRhZfIoB
 ER7vEVNv7rY5k+G7CCTo2hKGIZi4qVMkFWAsS9qcgGsKuApfDrvfxY2Ip
 5m7a3XNQpXUAgJMsZpudZF5SVWiqjqUjwnEf/zqd475y+zJGH612AjhoL
 6syqHfX3SA0dr8IBm9oJYfC2M2OQAzyQjzrwhwcfrPDcOAF+Tfz+g4PHI g==;
X-CSE-ConnectionGUID: jyHQw80kT6iJpTAq/3MR9g==
X-CSE-MsgGUID: y4/SNkVaSwWXRFaN2FzjcQ==
X-IronPort-AV: E=McAfee;i="6800,10657,11604"; a="64412862"
X-IronPort-AV: E=Sophos;i="6.19,283,1754982000"; d="scan'208";a="64412862"
X-CSE-ConnectionGUID: H8Rgl97FSyiGyc061eSnEw==
X-CSE-MsgGUID: JTz1xuqUT96hhXuFkF4Dsg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.19,283,1754982000"; d="scan'208";a="186901276"
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
To: qemu-devel@nongnu.org
Cc: alex@shazbot.org, clg@redhat.com, mst@redhat.com, jasowang@redhat.com,
 yi.l.liu@intel.com, clement.mathieu--drif@eviden.com,
 eric.auger@redhat.com, joao.m.martins@oracle.com, avihaih@nvidia.com,
 xudong.hao@intel.com, giovanni.cabiddu@intel.com, rohith.s.r@intel.com,
 mark.gross@intel.com, arjan.van.de.ven@intel.com,
 Zhenzhong Duan <zhenzhong.duan@intel.com>
Subject: [PATCH v5 6/9] intel_iommu: Fix unmap_bitmap failure with legacy VFIO
 backend
Date: Wed,  5 Nov 2025 23:20:23 -0500
Message-ID: <20251106042027.856594-7-zhenzhong.duan@intel.com>
X-Mailer: git-send-email 2.47.1
In-Reply-To: <20251106042027.856594-1-zhenzhong.duan@intel.com>
References: <20251106042027.856594-1-zhenzhong.duan@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=198.175.65.19;
 envelope-from=zhenzhong.duan@intel.com; helo=mgamail.intel.com
X-Spam_score_int: -48
X-Spam_score: -4.9
X-Spam_bar: ----
X-Spam_report: (-4.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.517,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=0.001,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @intel.com)
X-ZM-MESSAGEID: 1762402934058154100
Content-Type: text/plain; charset="utf-8"

If a VFIO device in guest switches from IOMMU domain to block domain,
vtd_address_space_unmap() is called to unmap whole address space.

If that happens during migration, migration fails with legacy VFIO
backend as below:

Status: failed (vfio_container_dma_unmap(0x561bbbd92d90, 0x100000000000, 0x=
100000000000) =3D -7 (Argument list too long))

Because legacy VFIO limits maximum bitmap size to 256MB which maps to 8TB on
4K page system, when 16TB sized UNMAP notification is sent, unmap_bitmap
ioctl fails. Normally such large UNMAP notification come from IOVA range
rather than system memory.

Apart from that, vtd_address_space_unmap() sends UNMAP notification with
translated_addr =3D 0, because there is no valid translated_addr for unmapp=
ing
a whole iommu memory region. This breaks dirty tracking no matter which VFIO
backend is used.

Fix them all by iterating over DMAMap list to unmap each range with active
mapping when migration is active. If migration is not active, unmapping the
whole address space in one go is optimal.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Tested-by: Giovannio Cabiddu <giovanni.cabiddu@intel.com>
Tested-by: Rohith S R <rohith.s.r@intel.com>
---
 hw/i386/intel_iommu.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index c402643b56..8e98b0b71d 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -37,6 +37,7 @@
 #include "system/system.h"
 #include "hw/i386/apic_internal.h"
 #include "kvm/kvm_i386.h"
+#include "migration/misc.h"
 #include "migration/vmstate.h"
 #include "trace.h"
=20
@@ -4695,6 +4696,42 @@ static void vtd_dev_unset_iommu_device(PCIBus *bus, =
void *opaque, int devfn)
     vtd_iommu_unlock(s);
 }
=20
+/*
+ * Unmapping a large range in one go is not optimal during migration becau=
se
+ * a large dirty bitmap needs to be allocated while there may be only small
+ * mappings, iterate over DMAMap list to unmap each range with active mapp=
ing.
+ */
+static void vtd_address_space_unmap_in_migration(VTDAddressSpace *as,
+                                                 IOMMUNotifier *n)
+{
+    const DMAMap *map;
+    const DMAMap target =3D {
+        .iova =3D n->start,
+        .size =3D n->end,
+    };
+    IOVATree *tree =3D as->iova_tree;
+
+    /*
+     * DMAMap is created during IOMMU page table sync, it's either 4KB or =
huge
+     * page size and always a power of 2 in size. So the range of DMAMap c=
ould
+     * be used for UNMAP notification directly.
+     */
+    while ((map =3D iova_tree_find(tree, &target))) {
+        IOMMUTLBEvent event;
+
+        event.type =3D IOMMU_NOTIFIER_UNMAP;
+        event.entry.iova =3D map->iova;
+        event.entry.addr_mask =3D map->size;
+        event.entry.target_as =3D &address_space_memory;
+        event.entry.perm =3D IOMMU_NONE;
+        /* This field is needed to set dirty bigmap */
+        event.entry.translated_addr =3D map->translated_addr;
+        memory_region_notify_iommu_one(n, &event);
+
+        iova_tree_remove(tree, *map);
+    }
+}
+
 /* Unmap the whole range in the notifier's scope. */
 static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n)
 {
@@ -4704,6 +4741,11 @@ static void vtd_address_space_unmap(VTDAddressSpace =
*as, IOMMUNotifier *n)
     IntelIOMMUState *s =3D as->iommu_state;
     DMAMap map;
=20
+    if (migration_is_running()) {
+        vtd_address_space_unmap_in_migration(as, n);
+        return;
+    }
+
     /*
      * Note: all the codes in this function has a assumption that IOVA
      * bits are no more than VTD_MGAW bits (which is restricted by
--=20
2.47.1