Re: [pve-devel] [PATCH qemu-server v8 2/4] fix #3784: Parameter for guest vIOMMU + test-cases

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
	Markus Frank <m.frank@proxmox.com>
Subject: Re: [pve-devel] [PATCH qemu-server v8 2/4] fix #3784: Parameter for guest vIOMMU + test-cases
Date: Thu, 11 Apr 2024 10:30:50 +0200	[thread overview]
Message-ID: <55b9f4ca-7d09-4300-bb6d-6aa52b34833a@proxmox.com> (raw)
In-Reply-To: <20240124094918.260222-3-m.frank@proxmox.com>

Am 24/01/2024 um 10:49 schrieb Markus Frank:
> vIOMMU is the emulation of a hardware IOMMU within a virtual machine,
> providing improved memory access control and security for virtualized I/O devices.
> vIOMMU also enables the option to passthrough pci devices to L2 VMs
> in L1 VMs via Nested Virtualisation.
> 
> Currently there are two vIOMMU implementation in QEMU to choose:
> intel & virtio
> 
> Virtio-iommu is more recent but less used in production than intel-iommu.
> 
> The check_machine_config function prevents using intel-iommu with
> i440fx.
> 
> Signed-off-by: Markus Frank <m.frank@proxmox.com>
> ---
>  PVE/API2/Qemu.pm                        |  2 ++
>  PVE/QemuServer.pm                       | 12 ++++++++++++
>  PVE/QemuServer/Machine.pm               | 17 ++++++++++++++++-
>  test/cfg2cmd/q35-viommu-intel.conf      |  1 +
>  test/cfg2cmd/q35-viommu-intel.conf.cmd  | 23 +++++++++++++++++++++++
>  test/cfg2cmd/q35-viommu-virtio.conf     |  1 +
>  test/cfg2cmd/q35-viommu-virtio.conf.cmd | 23 +++++++++++++++++++++++
>  7 files changed, 78 insertions(+), 1 deletion(-)
>  create mode 100644 test/cfg2cmd/q35-viommu-intel.conf
>  create mode 100644 test/cfg2cmd/q35-viommu-intel.conf.cmd
>  create mode 100644 test/cfg2cmd/q35-viommu-virtio.conf
>  create mode 100644 test/cfg2cmd/q35-viommu-virtio.conf.cmd
> 

this one needs to be rebased.

> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index c23b16a..4a5a833 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -1056,6 +1056,7 @@ __PACKAGE__->register_method({
>  			    $conf->{machine} = PVE::QemuServer::Machine::print_machine($machine_conf);
>  			}
>  		    }
> +		    PVE::QemuServer::Machine::check_machine_config($conf, $machine_conf);
>  
>  		    PVE::QemuConfig->write_config($vmid, $conf);
>  
> @@ -1894,6 +1895,7 @@ my $update_vm_api  = sub {
>  		    $conf->{pending}->{$opt} = $param->{$opt};
>  		} elsif ($opt eq 'machine') {
>  		    my $machine_conf = PVE::QemuServer::Machine::parse_machine($param->{$opt});
> +		    PVE::QemuServer::Machine::check_machine_config($conf, $machine_conf);
>  		    $conf->{pending}->{$opt} = $param->{$opt};
>  		} else {
>  		    $conf->{pending}->{$opt} = $param->{$opt};
> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
> index 6bb2ec3..92832f8 100644
> --- a/PVE/QemuServer.pm
> +++ b/PVE/QemuServer.pm
> @@ -4070,6 +4070,18 @@ sub config_to_command {
>      }
>      push @$machineFlags, "type=${machine_type_min}";
>  
> +    PVE::QemuServer::Machine::check_machine_config($conf, $machine_conf);


> +
> +    if ($machine_conf->{viommu}) {
> +	if ($machine_conf->{viommu} eq 'intel') {
> +	    unshift @$devices, '-device', 'intel-iommu,intremap=on,caching-mode=on';
> +	    push @$machineFlags, 'kernel-irqchip=split';
> +	}
> +	if ($machine_conf->{viommu} eq 'virtio') {


could be merged with the line before as `} elsif (...) {`

> +	    push @$devices, '-device', 'virtio-iommu-pci';
> +	}
> +    }
> +
>      push @$cmd, @$devices;
>      push @$cmd, '-rtc', join(',', @$rtcFlags) if scalar(@$rtcFlags);
>      push @$cmd, '-machine', join(',', @$machineFlags) if scalar(@$machineFlags);
> diff --git a/PVE/QemuServer/Machine.pm b/PVE/QemuServer/Machine.pm
> index 5e3a75c..71790c4 100644
> --- a/PVE/QemuServer/Machine.pm
> +++ b/PVE/QemuServer/Machine.pm
> @@ -23,12 +23,19 @@ my $machine_fmt = {
>  	format_description => 'machine type',
>  	optional => 1,
>      },
> +    viommu => {
> +	type => 'string',
> +	description => "Enable/disable guest vIOMMU"
> +	    ." (needs kvm to be enabled and q35 to be set as machine type).",

early newline

> +	enum => ['intel', 'virtio'],
> +	optional => 1,
> +    },
>  };
>  
>  PVE::JSONSchema::register_format('pve-qemu-machine-fmt', $machine_fmt);
>  
>  PVE::JSONSchema::register_standard_option('pve-qemu-machine', {
> -    description => "Specify the QEMU machine type.",
> +    description => "Specify the QEMU machine type & enable/disable vIOMMU.",
>      type => 'string',
>      optional => 1,
>      format => PVE::JSONSchema::get_format('pve-qemu-machine-fmt'),
> @@ -48,6 +55,14 @@ sub print_machine {
>      return print_property_string($machine_conf, $machine_fmt);
>  }
>  
> +sub check_machine_config {

maybe name that `assert_valid_machine_property` to better convey that it can die

> +    my ($conf, $machine_conf) = @_;
> +    my $q35 = $machine_conf->{type} && ($machine_conf->{type} =~ m/q35/) ? 1 : 0;
> +    if ($machine_conf->{viommu} && $machine_conf->{viommu} eq "intel" && !$q35) {
> +	die "to use Intel vIOMMU please set the machine type to q35\n";
> +    }
> +}
> +
>  sub machine_type_is_q35 {
>      my ($conf) = @_;
>  
> diff --git a/test/cfg2cmd/q35-viommu-intel.conf b/test/cfg2cmd/q35-viommu-intel.conf
> new file mode 100644
> index 0000000..e500ab0
> --- /dev/null
> +++ b/test/cfg2cmd/q35-viommu-intel.conf

one test is great, but they do not cost that much (even if big line-wise) so maybe
also test the `virtio` one and some error behavior (e.g., enabled on a VM that has
i440fx as machine-type (one can specify an expected error in a source config, grep
"EXPECT_ERROR" for examples).

next prev parent reply	other threads:[~2024-04-11  8:31 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-24  9:49 [pve-devel] [PATCH qemu-server/docs/manager v8 0/4] vIOMMU-Feature #3784 Markus Frank
2024-01-24  9:49 ` [pve-devel] [PATCH qemu-server v8 1/4] machine as property-string Markus Frank
2024-04-11  8:20   ` [pve-devel] applied: " Thomas Lamprecht
2024-01-24  9:49 ` [pve-devel] [PATCH qemu-server v8 2/4] fix #3784: Parameter for guest vIOMMU + test-cases Markus Frank
2024-04-11  8:30   ` Thomas Lamprecht [this message]
2024-01-24  9:49 ` [pve-devel] [PATCH docs v8 3/4] added vIOMMU documentation Markus Frank
2024-01-24  9:49 ` [pve-devel] [PATCH manager v8 4/4] ui: MachineEdit with viommu ComboBox Markus Frank

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=55b9f4ca-7d09-4300-bb6d-6aa52b34833a@proxmox.com \
    --to=t.lamprecht@proxmox.com \
    --cc=m.frank@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal