Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into sta…
…ging pc,pci,virtio: lots of new features Lots of last minute stuff. vhost-user-rng. vhost-user-i2c. vhost-vsock SOCK_SEQPACKET support. IOMMU bypass. ACPI based pci hotplug. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Tue 13 Jul 2021 22:00:38 BST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: (23 commits) vhost-vsock: SOCK_SEQPACKET feature bit support docs: Add documentation for iommu bypass hw/i386/acpi-build: Add IVRS support to bypass iommu hw/i386/acpi-build: Add DMAR support to bypass iommu hw/arm/virt-acpi-build: Add IORT support to bypass SMMUv3 hw/pci: Add pci_bus_range() to get PCI bus number range hw/i386: Add a default_bus_bypass_iommu pc machine option hw/arm/virt: Add default_bus_bypass_iommu machine option hw/pxb: Add a bypass iommu property hw/pci/pci_host: Allow PCI host to bypass iommu docs: Add '-device intel-iommu' entry hw/virtio: add vhost-user-i2c-pci boilerplate hw/virtio: add boilerplate for vhost-user-i2c device docs: Add documentation for vhost based RNG implementation vhost-user-rng: backend: Add RNG vhost-user daemon implementation vhost-user-rng-pci: Add vhost-user-rng-pci implementation vhost-user-rng: Add vhost-user-rng implementation bios-tables-test: Update golden binaries hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35 bios-tables-test: Allow changes in DSDT ACPI tables ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # hw/i386/pc.c
- Loading branch information
Showing
52 changed files
with
1,863 additions
and
42 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
BYPASS IOMMU PROPERTY | ||
===================== | ||
|
||
Description | ||
=========== | ||
Traditionally, there is a global switch to enable/disable vIOMMU. All | ||
devices in the system can only support go through vIOMMU or not, which | ||
is not flexible. We introduce this bypass iommu property to support | ||
coexist of devices go through vIOMMU and devices not. This is useful to | ||
passthrough devices with no-iommu mode and devices go through vIOMMU in | ||
the same virtual machine. | ||
|
||
PCI host bridges have a bypass_iommu property. This property is used to | ||
determine whether the devices attached on the PCI host bridge will bypass | ||
virtual iommu. The bypass_iommu property is valid only when there is a | ||
virtual iommu in the system, it is implemented to allow some devices to | ||
bypass vIOMMU. When bypass_iommu property is not set for a host bridge, | ||
the attached devices will go through vIOMMU by default. | ||
|
||
Usage | ||
===== | ||
The bypass iommu feature support PXB host bridge and default main host | ||
bridge, we add a bypass_iommu property for PXB and default_bus_bypass_iommu | ||
for machine. Note that default_bus_bypass_iommu is available only when | ||
the 'q35' machine type on x86 architecture and the 'virt' machine type | ||
on AArch64. Other machine types do not support bypass iommu for default | ||
root bus. | ||
|
||
1. The following is the bypass iommu options: | ||
(1) PCI expander bridge | ||
qemu -device pxb-pcie,bus_nr=0x10,addr=0x1,bypass_iommu=true | ||
(2) Arm default host bridge | ||
qemu -machine virt,iommu=smmuv3,default_bus_bypass_iommu=true | ||
(3) X86 default root bus bypass iommu: | ||
qemu -machine q35,default_bus_bypass_iommu=true | ||
|
||
2. Here is the detailed qemu command line for 'virt' machine with PXB on | ||
AArch64: | ||
|
||
qemu-system-aarch64 \ | ||
-machine virt,kernel_irqchip=on,iommu=smmuv3,default_bus_bypass_iommu=true \ | ||
-device pxb-pcie,bus_nr=0x10,id=pci.10,bus=pcie.0,addr=0x3.0x1 \ | ||
-device pxb-pcie,bus_nr=0x20,id=pci.20,bus=pcie.0,addr=0x3.0x2,bypass_iommu=true \ | ||
|
||
And we got: | ||
- a default host bridge which bypass SMMUv3 | ||
- a pxb host bridge which go through SMMUv3 | ||
- a pxb host bridge which bypass SMMUv3 | ||
|
||
3. Here is the detailed qemu command line for 'q35' machine with PXB on | ||
x86 architecture: | ||
|
||
qemu-system-x86_64 \ | ||
-machine q35,accel=kvm,default_bus_bypass_iommu=true \ | ||
-device pxb-pcie,bus_nr=0x10,id=pci.10,bus=pcie.0,addr=0x3 \ | ||
-device pxb-pcie,bus_nr=0x20,id=pci.20,bus=pcie.0,addr=0x4,bypass_iommu=true \ | ||
-device intel-iommu \ | ||
|
||
And we got: | ||
- a default host bridge which bypass iommu | ||
- a pxb host bridge which go through iommu | ||
- a pxb host bridge which bypass iommu | ||
|
||
Limitations | ||
=========== | ||
There might be potential security risk when devices bypass iommu, because | ||
devices might send malicious dma request to virtual machine if there is no | ||
iommu isolation. So it would be necessary to only bypass iommu for trusted | ||
device. | ||
|
||
Implementation | ||
============== | ||
The bypass iommu feature includes: | ||
- Address space | ||
Add bypass iommu property check of PCI Host and do not get iommu address | ||
space for devices bypass iommu. | ||
- Arm SMMUv3 support | ||
We traverse all PCI root bus and get bus number ranges, then build explicit | ||
RID mapping for devices which do not bypass iommu. | ||
- X86 IOMMU support | ||
To support Intel iommu, we traverse all PCI host bridge and get information | ||
of devices which do not bypass iommu, then fill the DMAR drhd struct with | ||
explicit device scope info. To support AMD iommu, add check of bypass iommu | ||
when traverse the PCI hsot bridge. | ||
- Machine and PXB options | ||
We add bypass iommu options in machine option for default root bus, and add | ||
option for PXB also. Note that the default value of bypass iommu is false, | ||
so that the devices will by default go through iommu if there exist one. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,5 +15,6 @@ Contents: | |
qemu-nbd | ||
qemu-pr-helper | ||
qemu-trace-stap | ||
vhost-user-rng | ||
virtfs-proxy-helper | ||
virtiofsd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
QEMU vhost-user-rng - RNG emulation backend | ||
=========================================== | ||
|
||
Synopsis | ||
-------- | ||
|
||
**vhost-user-rng** [*OPTIONS*] | ||
|
||
Description | ||
----------- | ||
|
||
This program is a vhost-user backend that emulates a VirtIO random number | ||
generator (RNG). It uses the host's random number generator pool, | ||
/dev/urandom by default but configurable at will, to satisfy requests from | ||
guests. | ||
|
||
This program is designed to work with QEMU's ``-device | ||
vhost-user-rng-pci`` but should work with any virtual machine monitor | ||
(VMM) that supports vhost-user. See the Examples section below. | ||
|
||
Options | ||
------- | ||
|
||
.. program:: vhost-user-rng | ||
|
||
.. option:: -h, --help | ||
|
||
Print help. | ||
|
||
.. option:: -v, --verbose | ||
|
||
Increase verbosity of output | ||
|
||
.. option:: -s, --socket-path=PATH | ||
|
||
Listen on vhost-user UNIX domain socket at PATH. Incompatible with --fd. | ||
|
||
.. option:: -f, --fd=FDNUM | ||
|
||
Accept connections from vhost-user UNIX domain socket file descriptor FDNUM. | ||
The file descriptor must already be listening for connections. | ||
Incompatible with --socket-path. | ||
|
||
.. option:: -p, --period | ||
|
||
Rate, in milliseconds, at which the RNG hardware can generate random data. | ||
Used in conjunction with the --max-bytes option. | ||
|
||
.. option:: -m, --max-bytes | ||
|
||
In conjuction with the --period parameter, provides the maximum number of byte | ||
per milliseconds a RNG device can generate. | ||
|
||
Examples | ||
-------- | ||
|
||
The daemon should be started first: | ||
|
||
:: | ||
|
||
host# vhost-user-rng --socket-path=rng.sock --period=1000 --max-bytes=4096 | ||
|
||
The QEMU invocation needs to create a chardev socket the device can | ||
use to communicate as well as share the guests memory over a memfd. | ||
|
||
:: | ||
|
||
host# qemu-system \ | ||
-chardev socket,path=$(PATH)/rng.sock,id=rng0 \ | ||
-device vhost-user-rng-pci,chardev=rng0 \ | ||
-m 4096 \ | ||
-object memory-backend-file,id=mem,size=4G,mem-path=/dev/shm,share=on \ | ||
-numa node,memdev=mem \ | ||
... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,13 @@ | ||
#include "qemu/osdep.h" | ||
#include "hw/i386/pc.h" | ||
#include "hw/i386/acpi-build.h" | ||
|
||
void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid, | ||
const CPUArchIdList *apic_ids, GArray *entry) | ||
{ | ||
} | ||
|
||
Object *acpi_get_i386_pci_host(void) | ||
{ | ||
return NULL; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.