On 7/14/25 9:50 PM, Nicolin Chen wrote:
> On Mon, Jul 14, 2025 at 04:59:37PM +0100, Shameer Kolothum wrote:
>> On ARM, when a device is behind an IOMMU, its MSI doorbell address is
>> subject to translation by the IOMMU. This behavior affects vfio-pci
>> passthrough devices assigned to guests using an accelerated SMMUv3.
>>
>> In this setup, we configure the host SMMUv3 in nested mode, where
>> VFIO sets up the Stage-2 (S2) mappings for guest RAM, while the guest
>> controls Stage-1 (S1). To allow VFIO to correctly configure S2 mappings,
>> we currently return the system address space via the get_address_space()
>> callback for vfio-pci devices.
>>
>> However, QEMU/KVM also uses this same callback path when resolving the
>> address space for MSI doorbells:
>>
>> kvm_irqchip_add_msi_route()
>> kvm_arch_fixup_msi_route()
>> pci_device_iommu_address_space()
>>
>> This leads to problems when MSI doorbells need to be translated.
>>
>> To fix this, introduce an optional get_msi_address_space() callback.
>> In the SMMUv3 accelerated case, this callback returns the IOMMU address
>> space if the guest has set up S1 translations for the vfio-pci device.
>> Otherwise, it returns the system address space.
>>
>> Suggested-by: Nicolin Chen <nicol...@nvidia.com>
>> Signed-off-by: Shameer Kolothum <shameerali.kolothum.th...@huawei.com>
>> ---
>> hw/arm/smmuv3-accel.c | 25 +++++++++++++++++++++++++
>> hw/pci/pci.c | 19 +++++++++++++++++++
>> include/hw/pci/pci.h | 16 ++++++++++++++++
>> target/arm/kvm.c | 2 +-
> I think we need to separate core changes and smmu changes, like how
> pci_device_set/unset_iommu_device were introduced.
I agree with Nicolin.
Eric
>
> Thanks
> Nicolin
>
