>-----Original Message-----
>From: Eric Auger <[email protected]>
>Subject: Re: [PATCH v7 14/23] intel_iommu: Propagate PASID-based iotlb
>invalidation to host
>
>Hi Zhenzhong,
>
>On 10/24/25 10:43 AM, Zhenzhong Duan wrote:
>> From: Yi Liu <[email protected]>
>>
>> This traps the guest PASID-based iotlb invalidation request and propagate it
>> to host.
>>
>> Intel VT-d 3.0 supports nested translation in PASID granularity. Guest SVA
>> support could be implemented by configuring nested translation on specific
>> pasid. This is also known as dual stage DMA translation.
>>
>> Under such configuration, guest owns the GVA->GPA translation which is
>> configured as first stage page table on host side for a specific pasid, and
>> host owns GPA->HPA translation. As guest owns first stage translation table,
>> piotlb invalidation should be propagated to host since host IOMMU will
>cache
>> first level page table related mappings during DMA address translation.
>>
>> Signed-off-by: Yi Liu <[email protected]>
>> Signed-off-by: Yi Sun <[email protected]>
>> Signed-off-by: Zhenzhong Duan <[email protected]>
>> ---
>> hw/i386/intel_iommu_internal.h | 6 +++
>> hw/i386/intel_iommu.c | 87
>++++++++++++++++++++++++++++++++--
>> 2 files changed, 90 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/i386/intel_iommu_internal.h
>b/hw/i386/intel_iommu_internal.h
>> index df80af839d..97b48544d2 100644
>> --- a/hw/i386/intel_iommu_internal.h
>> +++ b/hw/i386/intel_iommu_internal.h
>> @@ -621,6 +621,12 @@ typedef struct VTDPASIDCacheInfo {
>> uint32_t pasid;
>> } VTDPASIDCacheInfo;
>>
>> +typedef struct VTDPIOTLBInvInfo {
>> + uint16_t domain_id;
>> + uint32_t pasid;
>> + struct iommu_hwpt_vtd_s1_invalidate *inv_data;
>> +} VTDPIOTLBInvInfo;
>> +
>> /* PASID Table Related Definitions */
>> #define VTD_PASID_DIR_BASE_ADDR_MASK (~0xfffULL)
>> #define VTD_PASID_TABLE_BASE_ADDR_MASK (~0xfffULL)
>> diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
>> index 3789a36147..ef6477de53 100644
>> --- a/hw/i386/intel_iommu.c
>> +++ b/hw/i386/intel_iommu.c
>> @@ -2504,11 +2504,88 @@ static int
>vtd_bind_guest_pasid(VTDAddressSpace *vtd_as, Error **errp)
>>
>> return ret;
>> }
>> +
>> +/*
>> + * This function is a loop function for the s->vtd_address_spaces
>> + * list with VTDPIOTLBInvInfo as execution filter. It propagates
>> + * the piotlb invalidation to host.
>> + */
>> +static void vtd_flush_host_piotlb_locked(gpointer key, gpointer value,
>> + gpointer user_data)
>> +{
>> + VTDPIOTLBInvInfo *piotlb_info = user_data;
>> + VTDAddressSpace *vtd_as = value;
>> + VTDHostIOMMUDevice *vtd_hiod = vtd_find_hiod_iommufd(vtd_as);
>> + VTDPASIDCacheEntry *pc_entry = &vtd_as->pasid_cache_entry;
>> + uint16_t did;
>> +
>> + if (!vtd_hiod) {
>> + return;
>> + }
>> +
>> + assert(vtd_as->pasid == PCI_NO_PASID);
>> +
>> + /* Nothing to do if there is no first stage HWPT attached */
>> + if (!pc_entry->valid ||
>> + !vtd_pe_pgtt_is_fst(&pc_entry->pasid_entry)) {
>> + return;
>> + }
>> +
>> + did = VTD_SM_PASID_ENTRY_DID(&pc_entry->pasid_entry);
>> +
>> + if (piotlb_info->domain_id == did && piotlb_info->pasid == PASID_0) {
>> + HostIOMMUDeviceIOMMUFD *idev =
>> + HOST_IOMMU_DEVICE_IOMMUFD(vtd_hiod->hiod);
>> + uint32_t entry_num = 1; /* Only implement one request for
>simplicity */
>> + Error *local_err = NULL;
>> + struct iommu_hwpt_vtd_s1_invalidate *cache =
>piotlb_info->inv_data;
>> +
>> + if (!iommufd_backend_invalidate_cache(idev->iommufd,
>vtd_as->fs_hwpt,
>> +
>IOMMU_HWPT_INVALIDATE_DATA_VTD_S1,
>> + sizeof(*cache),
>&entry_num, cache,
>> + &local_err)) {
>> + /* Something wrong in kernel, but trying to continue */
>> + error_report_err(local_err);
>> + }
>> + }
>> +}
>> +
>> +static void
>> +vtd_flush_host_piotlb_all_locked(IntelIOMMUState *s,
>> + uint16_t domain_id, uint32_t
>pasid,
>> + hwaddr addr, uint64_t npages,
>bool ih)
>> +{
>> + struct iommu_hwpt_vtd_s1_invalidate cache_info = { 0 };
>> + VTDPIOTLBInvInfo piotlb_info;
>> +
>> + cache_info.addr = addr;
>> + cache_info.npages = npages;
>> + cache_info.flags = ih ? IOMMU_VTD_INV_FLAGS_LEAF : 0;
>> +
>> + piotlb_info.domain_id = domain_id;
>> + piotlb_info.pasid = pasid;
>> + piotlb_info.inv_data = &cache_info;
>> +
>> + /*
>> + * Go through each vtd_as instance in s->vtd_address_spaces, find
>out
>> + * the affected host device which need host piotlb invalidation. Piotlb
>the affected host devices? There might be several of them, isn't it?
Yes, it's possible, especially if they are under same iommu group in the guest.
>> + * invalidation should check pasid cache per architecture point of
>view.
>> + */
>> + g_hash_table_foreach(s->vtd_address_spaces,
>> + vtd_flush_host_piotlb_locked,
>&piotlb_info);
>> +}
>> #else
>> static int vtd_bind_guest_pasid(VTDAddressSpace *vtd_as, Error **errp)
>> {
>> return 0;
>> }
>> +
>> +static void
>> +vtd_flush_host_piotlb_all_locked(IntelIOMMUState *s,
>> + uint16_t domain_id, uint32_t
>pasid,
>> + hwaddr addr, uint64_t npages,
>bool ih)
>> +{
>> +}
>> #endif
>>
>> /* Do a context-cache device-selective invalidation.
>> @@ -3155,6 +3232,7 @@ static void
>vtd_piotlb_pasid_invalidate(IntelIOMMUState *s,
>> vtd_iommu_lock(s);
>> g_hash_table_foreach_remove(s->iotlb,
>vtd_hash_remove_by_pasid,
>> &info);
>> + vtd_flush_host_piotlb_all_locked(s, domain_id, pasid, 0, (uint64_t)-1,
>0);
>UINT64_MAX
>
>> vtd_iommu_unlock(s);
>>
>> QLIST_FOREACH(vtd_as, &s->vtd_as_with_notifiers, next) {
>> @@ -3174,7 +3252,8 @@ static void
>vtd_piotlb_pasid_invalidate(IntelIOMMUState *s,
>> }
>>
>> static void vtd_piotlb_page_invalidate(IntelIOMMUState *s, uint16_t
>domain_id,
>> - uint32_t pasid, hwaddr
>addr, uint8_t am)
>> + uint32_t pasid, hwaddr
>addr, uint8_t am,
>> + bool ih)
>> {
>> VTDIOTLBPageInvInfo info;
>>
>> @@ -3186,6 +3265,7 @@ static void
>vtd_piotlb_page_invalidate(IntelIOMMUState *s, uint16_t domain_id,
>> vtd_iommu_lock(s);
>> g_hash_table_foreach_remove(s->iotlb,
>> vtd_hash_remove_by_page_piotlb,
>&info);
>> + vtd_flush_host_piotlb_all_locked(s, domain_id, pasid, addr, 1 << am,
>ih);
>> vtd_iommu_unlock(s);
>>
>> vtd_iotlb_page_invalidate_notify(s, domain_id, addr, am, pasid);
>> @@ -3217,7 +3297,8 @@ static bool
>vtd_process_piotlb_desc(IntelIOMMUState *s,
>> case VTD_INV_DESC_PIOTLB_PSI_IN_PASID:
>> am = VTD_INV_DESC_PIOTLB_AM(inv_desc->val[1]);
>> addr = (hwaddr)
>VTD_INV_DESC_PIOTLB_ADDR(inv_desc->val[1]);
>> - vtd_piotlb_page_invalidate(s, domain_id, pasid, addr, am);
>it is not obvious we hold the lock here
Do you mean vtd_iommu_lock? It's hold inside vtd_piotlb_page_invalidate().
Thanks
Zhenzhong
