[pve-devel] [PATCH qemu-server/docs/manager v9 0/3] vIOMMU-Feature #3784

[pve-devel] [PATCH qemu-server/docs/manager v9 0/3] vIOMMU-Feature #3784

[Markus Frank]

I was able to clarify any ambiguity regarding vIOMMU:
https://lists.gnu.org/archive/html/qemu-devel/2023-10/msg02370.html

The iommu_platform parameter could be made an optional parameter for VirtIO
devices to add more isolation (with the downside of making them less performant)
in a follow-up patch series.


qemu-server:

v9:
* rebase to master
* changed if to elsif
* changed vIOMMU description
* renamed check_machine_config to assert_valid_machine_property
* added 2 test-cases with i440fx

Markus Frank (1):
  fix #3784: config: Parameter for guest vIOMMU + test-cases

 PVE/API2/Qemu.pm                           |  2 ++
 PVE/QemuServer.pm                          | 12 +++++++++++
 PVE/QemuServer/Machine.pm                  | 17 ++++++++++++++-
 test/cfg2cmd/i440fx-viommu-intel.conf      |  2 ++
 test/cfg2cmd/i440fx-viommu-virtio.conf     |  1 +
 test/cfg2cmd/i440fx-viommu-virtio.conf.cmd | 25 ++++++++++++++++++++++
 test/cfg2cmd/q35-viommu-intel.conf         |  1 +
 test/cfg2cmd/q35-viommu-intel.conf.cmd     | 23 ++++++++++++++++++++
 test/cfg2cmd/q35-viommu-virtio.conf        |  1 +
 test/cfg2cmd/q35-viommu-virtio.conf.cmd    | 23 ++++++++++++++++++++
 10 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 test/cfg2cmd/i440fx-viommu-intel.conf
 create mode 100644 test/cfg2cmd/i440fx-viommu-virtio.conf
 create mode 100644 test/cfg2cmd/i440fx-viommu-virtio.conf.cmd
 create mode 100644 test/cfg2cmd/q35-viommu-intel.conf
 create mode 100644 test/cfg2cmd/q35-viommu-intel.conf.cmd
 create mode 100644 test/cfg2cmd/q35-viommu-virtio.conf
 create mode 100644 test/cfg2cmd/q35-viommu-virtio.conf.cmd


docs:

v9:
* removed duplicate "to" in first paragraph
* changed multiple line breaks
* changed "passthrough" to "pass through"

Markus Frank (1):
  add vIOMMU documentation

 qm-pci-passthrough.adoc | 50 +++++++++++++++++++++++++++++++++++++++++
 qm.adoc                 |  1 +
 2 files changed, 51 insertions(+)


manager:

v9:
* added default text for default option "None"

Markus Frank (1):
  ui: machine: add viommu ComboBox

 www/manager6/qemu/MachineEdit.js | 45 ++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

-- 
2.39.2

[pve-devel] [PATCH qemu-server v9 1/3] fix #3784: config: Parameter for guest vIOMMU + test-cases

[Markus Frank]

vIOMMU enables the option to passthrough pci devices to L2 VMs
in L1 VMs via Nested Virtualisation and adds an extra isolation.

Uses the new property-string from the "config: define machine schema
as property-string"-commit to add the viommu option to the machine
parameter.

Currently there are two vIOMMU implementation in QEMU to choose:
intel or virtio

Virtio-iommu is more recent but less used in production than intel-iommu.

The assert_valid_machine_property function prevents using intel-iommu with
i440fx.

Signed-off-by: Markus Frank <m.frank@proxmox.com>
---
 PVE/API2/Qemu.pm                           |  2 ++
 PVE/QemuServer.pm                          | 12 +++++++++++
 PVE/QemuServer/Machine.pm                  | 17 ++++++++++++++-
 test/cfg2cmd/i440fx-viommu-intel.conf      |  2 ++
 test/cfg2cmd/i440fx-viommu-virtio.conf     |  1 +
 test/cfg2cmd/i440fx-viommu-virtio.conf.cmd | 25 ++++++++++++++++++++++
 test/cfg2cmd/q35-viommu-intel.conf         |  1 +
 test/cfg2cmd/q35-viommu-intel.conf.cmd     | 23 ++++++++++++++++++++
 test/cfg2cmd/q35-viommu-virtio.conf        |  1 +
 test/cfg2cmd/q35-viommu-virtio.conf.cmd    | 23 ++++++++++++++++++++
 10 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 test/cfg2cmd/i440fx-viommu-intel.conf
 create mode 100644 test/cfg2cmd/i440fx-viommu-virtio.conf
 create mode 100644 test/cfg2cmd/i440fx-viommu-virtio.conf.cmd
 create mode 100644 test/cfg2cmd/q35-viommu-intel.conf
 create mode 100644 test/cfg2cmd/q35-viommu-intel.conf.cmd
 create mode 100644 test/cfg2cmd/q35-viommu-virtio.conf
 create mode 100644 test/cfg2cmd/q35-viommu-virtio.conf.cmd

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index f3ce83d..3eabddd 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1136,6 +1136,7 @@ __PACKAGE__->register_method({
 			    $conf->{machine} = PVE::QemuServer::Machine::print_machine($machine_conf);
 			}
 		    }
+		    PVE::QemuServer::Machine::assert_valid_machine_property($conf, $machine_conf);
 
 		    $conf->{lock} = 'import' if $live_import_mapping;
 
@@ -2000,6 +2001,7 @@ my $update_vm_api  = sub {
 		    $conf->{pending}->{$opt} = $param->{$opt};
 		} elsif ($opt eq 'machine') {
 		    my $machine_conf = PVE::QemuServer::Machine::parse_machine($param->{$opt});
+		    PVE::QemuServer::Machine::assert_valid_machine_property($conf, $machine_conf);
 		    $conf->{pending}->{$opt} = $param->{$opt};
 		} else {
 		    $conf->{pending}->{$opt} = $param->{$opt};
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index abe175a..c94c90d 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -4080,6 +4080,18 @@ sub config_to_command {
     }
     push @$machineFlags, "type=${machine_type_min}";
 
+    PVE::QemuServer::Machine::assert_valid_machine_property($conf, $machine_conf);
+
+    my $viommu = $machine_conf->{viommu};
+    if ($viommu) {
+	if ($viommu eq 'intel') {
+	    unshift @$devices, '-device', 'intel-iommu,intremap=on,caching-mode=on';
+	    push @$machineFlags, 'kernel-irqchip=split';
+	} elsif ($viommu eq 'virtio') {
+	    push @$devices, '-device', 'virtio-iommu-pci';
+	}
+    }
+
     push @$cmd, @$devices;
     push @$cmd, '-rtc', join(',', @$rtcFlags) if scalar(@$rtcFlags);
     push @$cmd, '-machine', join(',', @$machineFlags) if scalar(@$machineFlags);
diff --git a/PVE/QemuServer/Machine.pm b/PVE/QemuServer/Machine.pm
index 5e3a75c..3d92c96 100644
--- a/PVE/QemuServer/Machine.pm
+++ b/PVE/QemuServer/Machine.pm
@@ -23,12 +23,19 @@ my $machine_fmt = {
 	format_description => 'machine type',
 	optional => 1,
     },
+    viommu => {
+	type => 'string',
+	description => "Enable and set guest vIOMMU variant (Intel vIOMMU needs q35 to be set as"
+	    ." machine type).",
+	enum => ['intel', 'virtio'],
+	optional => 1,
+    },
 };
 
 PVE::JSONSchema::register_format('pve-qemu-machine-fmt', $machine_fmt);
 
 PVE::JSONSchema::register_standard_option('pve-qemu-machine', {
-    description => "Specify the QEMU machine type.",
+    description => "Specify the QEMU machine.",
     type => 'string',
     optional => 1,
     format => PVE::JSONSchema::get_format('pve-qemu-machine-fmt'),
@@ -48,6 +55,14 @@ sub print_machine {
     return print_property_string($machine_conf, $machine_fmt);
 }
 
+sub assert_valid_machine_property {
+    my ($conf, $machine_conf) = @_;
+    my $q35 = $machine_conf->{type} && ($machine_conf->{type} =~ m/q35/) ? 1 : 0;
+    if ($machine_conf->{viommu} && $machine_conf->{viommu} eq "intel" && !$q35) {
+	die "to use Intel vIOMMU please set the machine type to q35\n";
+    }
+}
+
 sub machine_type_is_q35 {
     my ($conf) = @_;
 
diff --git a/test/cfg2cmd/i440fx-viommu-intel.conf b/test/cfg2cmd/i440fx-viommu-intel.conf
new file mode 100644
index 0000000..bc1eb95
--- /dev/null
+++ b/test/cfg2cmd/i440fx-viommu-intel.conf
@@ -0,0 +1,2 @@
+# EXPECT_ERROR: to use Intel vIOMMU please set the machine type to q35
+machine: pc,viommu=intel
diff --git a/test/cfg2cmd/i440fx-viommu-virtio.conf b/test/cfg2cmd/i440fx-viommu-virtio.conf
new file mode 100644
index 0000000..fe7b514
--- /dev/null
+++ b/test/cfg2cmd/i440fx-viommu-virtio.conf
@@ -0,0 +1 @@
+machine: pc,viommu=virtio
diff --git a/test/cfg2cmd/i440fx-viommu-virtio.conf.cmd b/test/cfg2cmd/i440fx-viommu-virtio.conf.cmd
new file mode 100644
index 0000000..0352354
--- /dev/null
+++ b/test/cfg2cmd/i440fx-viommu-virtio.conf.cmd
@@ -0,0 +1,25 @@
+/usr/bin/kvm \
+  -id 8006 \
+  -name 'vm8006,debug-threads=on' \
+  -no-shutdown \
+  -chardev 'socket,id=qmp,path=/var/run/qemu-server/8006.qmp,server=on,wait=off' \
+  -mon 'chardev=qmp,mode=control' \
+  -chardev 'socket,id=qmp-event,path=/var/run/qmeventd.sock,reconnect=5' \
+  -mon 'chardev=qmp-event,mode=control' \
+  -pidfile /var/run/qemu-server/8006.pid \
+  -daemonize \
+  -smp '1,sockets=1,cores=1,maxcpus=1' \
+  -nodefaults \
+  -boot 'menu=on,strict=on,reboot-timeout=1000,splash=/usr/share/qemu-server/bootsplash.jpg' \
+  -vnc 'unix:/var/run/qemu-server/8006.vnc,password=on' \
+  -cpu kvm64,enforce,+kvm_pv_eoi,+kvm_pv_unhalt,+lahf_lm,+sep \
+  -m 512 \
+  -device 'pci-bridge,id=pci.1,chassis_nr=1,bus=pci.0,addr=0x1e' \
+  -device 'pci-bridge,id=pci.2,chassis_nr=2,bus=pci.0,addr=0x1f' \
+  -device 'piix3-usb-uhci,id=uhci,bus=pci.0,addr=0x1.0x2' \
+  -device 'usb-tablet,id=tablet,bus=uhci.0,port=1' \
+  -device 'VGA,id=vga,bus=pci.0,addr=0x2' \
+  -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3,free-page-reporting=on' \
+  -iscsi 'initiator-name=iqn.1993-08.org.debian:01:aabbccddeeff' \
+  -device virtio-iommu-pci \
+  -machine 'type=pc+pve0'
diff --git a/test/cfg2cmd/q35-viommu-intel.conf b/test/cfg2cmd/q35-viommu-intel.conf
new file mode 100644
index 0000000..e500ab0
--- /dev/null
+++ b/test/cfg2cmd/q35-viommu-intel.conf
@@ -0,0 +1 @@
+machine: q35,viommu=intel
diff --git a/test/cfg2cmd/q35-viommu-intel.conf.cmd b/test/cfg2cmd/q35-viommu-intel.conf.cmd
new file mode 100644
index 0000000..24e873d
--- /dev/null
+++ b/test/cfg2cmd/q35-viommu-intel.conf.cmd
@@ -0,0 +1,23 @@
+/usr/bin/kvm \
+  -id 8006 \
+  -name 'vm8006,debug-threads=on' \
+  -no-shutdown \
+  -chardev 'socket,id=qmp,path=/var/run/qemu-server/8006.qmp,server=on,wait=off' \
+  -mon 'chardev=qmp,mode=control' \
+  -chardev 'socket,id=qmp-event,path=/var/run/qmeventd.sock,reconnect=5' \
+  -mon 'chardev=qmp-event,mode=control' \
+  -pidfile /var/run/qemu-server/8006.pid \
+  -daemonize \
+  -smp '1,sockets=1,cores=1,maxcpus=1' \
+  -nodefaults \
+  -boot 'menu=on,strict=on,reboot-timeout=1000,splash=/usr/share/qemu-server/bootsplash.jpg' \
+  -vnc 'unix:/var/run/qemu-server/8006.vnc,password=on' \
+  -cpu kvm64,enforce,+kvm_pv_eoi,+kvm_pv_unhalt,+lahf_lm,+sep \
+  -m 512 \
+  -device 'intel-iommu,intremap=on,caching-mode=on' \
+  -readconfig /usr/share/qemu-server/pve-q35-4.0.cfg \
+  -device 'usb-tablet,id=tablet,bus=ehci.0,port=1' \
+  -device 'VGA,id=vga,bus=pcie.0,addr=0x1' \
+  -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3,free-page-reporting=on' \
+  -iscsi 'initiator-name=iqn.1993-08.org.debian:01:aabbccddeeff' \
+  -machine 'type=q35+pve0,kernel-irqchip=split'
diff --git a/test/cfg2cmd/q35-viommu-virtio.conf b/test/cfg2cmd/q35-viommu-virtio.conf
new file mode 100644
index 0000000..d31b339
--- /dev/null
+++ b/test/cfg2cmd/q35-viommu-virtio.conf
@@ -0,0 +1 @@
+machine: type=q35,viommu=virtio
diff --git a/test/cfg2cmd/q35-viommu-virtio.conf.cmd b/test/cfg2cmd/q35-viommu-virtio.conf.cmd
new file mode 100644
index 0000000..294c353
--- /dev/null
+++ b/test/cfg2cmd/q35-viommu-virtio.conf.cmd
@@ -0,0 +1,23 @@
+/usr/bin/kvm \
+  -id 8006 \
+  -name 'vm8006,debug-threads=on' \
+  -no-shutdown \
+  -chardev 'socket,id=qmp,path=/var/run/qemu-server/8006.qmp,server=on,wait=off' \
+  -mon 'chardev=qmp,mode=control' \
+  -chardev 'socket,id=qmp-event,path=/var/run/qmeventd.sock,reconnect=5' \
+  -mon 'chardev=qmp-event,mode=control' \
+  -pidfile /var/run/qemu-server/8006.pid \
+  -daemonize \
+  -smp '1,sockets=1,cores=1,maxcpus=1' \
+  -nodefaults \
+  -boot 'menu=on,strict=on,reboot-timeout=1000,splash=/usr/share/qemu-server/bootsplash.jpg' \
+  -vnc 'unix:/var/run/qemu-server/8006.vnc,password=on' \
+  -cpu kvm64,enforce,+kvm_pv_eoi,+kvm_pv_unhalt,+lahf_lm,+sep \
+  -m 512 \
+  -readconfig /usr/share/qemu-server/pve-q35-4.0.cfg \
+  -device 'usb-tablet,id=tablet,bus=ehci.0,port=1' \
+  -device 'VGA,id=vga,bus=pcie.0,addr=0x1' \
+  -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3,free-page-reporting=on' \
+  -iscsi 'initiator-name=iqn.1993-08.org.debian:01:aabbccddeeff' \
+  -device virtio-iommu-pci \
+  -machine 'type=q35+pve0'
-- 
2.39.2

[pve-devel] [PATCH docs v9 2/3] add vIOMMU documentation

[Markus Frank]

Signed-off-by: Markus Frank <m.frank@proxmox.com>
---
 qm-pci-passthrough.adoc | 50 +++++++++++++++++++++++++++++++++++++++++
 qm.adoc                 |  1 +
 2 files changed, 51 insertions(+)

diff --git a/qm-pci-passthrough.adoc b/qm-pci-passthrough.adoc
index 3abeb50..bbd6b85 100644
--- a/qm-pci-passthrough.adoc
+++ b/qm-pci-passthrough.adoc
@@ -499,6 +499,56 @@ properly used with HA and hardware changes are detected and non root users
 can configure them. See xref:resource_mapping[Resource Mapping]
 for details on that.
 
+[[qm_pci_viommu]]
+vIOMMU (emulated IOMMU)
+~~~~~~~~~~~~~~~~~~~~~~~
+
+vIOMMU is the emulation of a hardware IOMMU within a virtual machine, providing
+improved memory access control and security for virtualized I/O devices. Using
+the vIOMMU option also allows you to pass through PCI devices to level-2 VMs in
+level-1 VMs via https://pve.proxmox.com/wiki/Nested_Virtualization[Nested Virtualization].
+There are currently two vIOMMU implementations available: Intel and VirtIO.
+
+Host requirement:
+
+* Add `intel_iommu=on` or `amd_iommu=on` depending on your CPU to your kernel
+command line.
+
+Intel vIOMMU
+^^^^^^^^^^^^
+
+Intel vIOMMU specific VM requirements:
+
+* Whether you are using an Intel or AMD CPU on your host, it is important to set
+`intel_iommu=on` in the VMs kernel parameters.
+
+* To use Intel vIOMMU you need to set *q35* as the machine type.
+
+If all requirements are met, you can add `viommu=intel` to the machine parameter
+in the configuration of the VM that should be able to pass through PCI devices.
+
+----
+# qm set VMID -machine q35,viommu=intel
+----
+
+https://wiki.qemu.org/Features/VT-d[QEMU documentation for VT-d]
+
+VirtIO vIOMMU
+^^^^^^^^^^^^^
+
+This vIOMMU implementation is more recent and does not have as many limitations
+as Intel vIOMMU but is currently less used in production and less documentated.
+
+With VirtIO vIOMMU there is *no* need to set any kernel parameters. It is also
+*not* necessary to use q35 as the machine type, but it is advisable if you want
+to use PCIe.
+
+----
+# qm set VMID -machine q35,viommu=virtio
+----
+
+https://web.archive.org/web/20230804075844/https://michael2012z.medium.com/virtio-iommu-789369049443[Blog-Post by Michael Zhao explaining virtio-iommu]
+
 ifdef::wiki[]
 
 See Also
diff --git a/qm.adoc b/qm.adoc
index 91f3617..45e3a57 100644
--- a/qm.adoc
+++ b/qm.adoc
@@ -152,6 +152,7 @@ https://en.wikipedia.org/wiki/Intel_440FX[Intel 440FX] or the
 https://ark.intel.com/content/www/us/en/ark/products/31918/intel-82q35-graphics-and-memory-controller.html[Q35]
 chipset, which also provides a virtual PCIe bus, and thus may be
 desired if you want to pass through PCIe hardware.
+Additionally, you can select a xref:qm_pci_viommu[vIOMMU] implementation.
 
 Machine Version
 +++++++++++++++
-- 
2.39.2

[pve-devel] [PATCH manager v9 3/3] ui: machine: add viommu ComboBox

[Markus Frank]

Added a proxmoxKVComboBox for selecting a vIOMMU implementation for a
VM. If i440fx is selected, a hint tells that q35 is required for Intel vIOMMU.

The UI also needs to parse the new machine parameter as PropertyString.

Signed-off-by: Markus Frank <m.frank@proxmox.com>
---
 www/manager6/qemu/MachineEdit.js | 45 ++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/www/manager6/qemu/MachineEdit.js b/www/manager6/qemu/MachineEdit.js
index f928c80c..45f3d34d 100644
--- a/www/manager6/qemu/MachineEdit.js
+++ b/www/manager6/qemu/MachineEdit.js
@@ -1,6 +1,7 @@
 Ext.define('PVE.qemu.MachineInputPanel', {
     extend: 'Proxmox.panel.InputPanel',
     xtype: 'pveMachineInputPanel',
+    onlineHelp: 'qm_system_settings',
 
     controller: {
 	xclass: 'Ext.app.ViewController',
@@ -12,11 +13,14 @@ Ext.define('PVE.qemu.MachineInputPanel', {
 	onMachineChange: function(field, value) {
 	    let me = this;
 	    let version = me.lookup('version');
+	    let q35Hint = me.lookup('q35Hint');
 	    let store = version.getStore();
 	    let oldRec = store.findRecord('id', version.getValue(), 0, false, false, true);
 	    let type = value === 'q35' ? 'q35' : 'i440fx';
 	    store.clearFilter();
 	    store.addFilter(val => val.data.id === 'latest' || val.data.type === type);
+	    // show hint when Intel vIOMMU cannot be used
+	    q35Hint.setVisible(type === 'i440fx');
 	    if (!me.getView().isWindows) {
 		version.setValue('latest');
 	    } else {
@@ -40,12 +44,30 @@ Ext.define('PVE.qemu.MachineInputPanel', {
 	    delete values.delete;
 	}
 	delete values.version;
+	if (values.machine === undefined) {
+	    if (values.viommu) {
+		delete values.delete;
+		values.machine = "pc";
+	    } else {
+		values.delete = "machine";
+	    }
+	}
+	if (values.viommu) {
+	    values.machine += ",viommu=" + values.viommu;
+	}
+	if (values.delete === "viommu") {
+	    delete values.delete;
+	}
+	delete values.viommu;
 	return values;
     },
 
     setValues: function(values) {
 	let me = this;
 
+	let machineConf = PVE.Parser.parsePropertyString(values.machine, "type");
+	values.machine = machineConf.type;
+
 	me.isWindows = values.isWindows;
 	if (values.machine === 'pc') {
 	    values.machine = '__default__';
@@ -58,6 +80,9 @@ Ext.define('PVE.qemu.MachineInputPanel', {
 		values.version = 'pc-q35-5.1';
 	    }
 	}
+
+	values.viommu = machineConf.viommu || "__default__";
+
 	if (values.machine !== '__default__' && values.machine !== 'q35') {
 	    values.version = values.machine;
 	    values.machine = values.version.match(/q35/) ? 'q35' : '__default__';
@@ -113,6 +138,26 @@ Ext.define('PVE.qemu.MachineInputPanel', {
 	    fieldLabel: gettext('Note'),
 	    value: gettext('Machine version change may affect hardware layout and settings in the guest OS.'),
 	},
+	{
+	    xtype: 'proxmoxKVComboBox',
+	    fieldLabel: gettext('vIOMMU'),
+	    name: 'viommu',
+	    reference: 'viommu',
+	    value: '__default__',
+	    comboItems: [
+		['__default__', Proxmox.Utils.defaultText + ' (None)'],
+		['intel', 'Intel'],
+		['virtio', 'VirtIO'],
+	    ],
+	},
+	{
+	    xtype: 'displayfield',
+	    name: 'q35Hint',
+	    reference: 'q35Hint',
+	    userCls: 'pmx-hint',
+	    value: gettext('Intel vIOMMU needs the q35 machine type'),
+	    hidden: true,
+	},
     ],
 });
 
-- 
2.39.2

[pve-devel] applied: Re: [PATCH qemu-server v9 1/3] fix #3784: config: Parameter for guest vIOMMU + test-cases

[Thomas Lamprecht]

On 11/04/2024 12:48, Markus Frank wrote:
> vIOMMU enables the option to passthrough pci devices to L2 VMs
> in L1 VMs via Nested Virtualisation and adds an extra isolation.
> 
> Uses the new property-string from the "config: define machine schema
> as property-string"-commit to add the viommu option to the machine
> parameter.
> 
> Currently there are two vIOMMU implementation in QEMU to choose:
> intel or virtio
> 
> Virtio-iommu is more recent but less used in production than intel-iommu.
> 
> The assert_valid_machine_property function prevents using intel-iommu with
> i440fx.
> 
> Signed-off-by: Markus Frank <m.frank@proxmox.com>
> ---
>  PVE/API2/Qemu.pm                           |  2 ++
>  PVE/QemuServer.pm                          | 12 +++++++++++
>  PVE/QemuServer/Machine.pm                  | 17 ++++++++++++++-
>  test/cfg2cmd/i440fx-viommu-intel.conf      |  2 ++
>  test/cfg2cmd/i440fx-viommu-virtio.conf     |  1 +
>  test/cfg2cmd/i440fx-viommu-virtio.conf.cmd | 25 ++++++++++++++++++++++
>  test/cfg2cmd/q35-viommu-intel.conf         |  1 +
>  test/cfg2cmd/q35-viommu-intel.conf.cmd     | 23 ++++++++++++++++++++
>  test/cfg2cmd/q35-viommu-virtio.conf        |  1 +
>  test/cfg2cmd/q35-viommu-virtio.conf.cmd    | 23 ++++++++++++++++++++
>  10 files changed, 106 insertions(+), 1 deletion(-)
>  create mode 100644 test/cfg2cmd/i440fx-viommu-intel.conf
>  create mode 100644 test/cfg2cmd/i440fx-viommu-virtio.conf
>  create mode 100644 test/cfg2cmd/i440fx-viommu-virtio.conf.cmd
>  create mode 100644 test/cfg2cmd/q35-viommu-intel.conf
>  create mode 100644 test/cfg2cmd/q35-viommu-intel.conf.cmd
>  create mode 100644 test/cfg2cmd/q35-viommu-virtio.conf
>  create mode 100644 test/cfg2cmd/q35-viommu-virtio.conf.cmd
> 
>

applied, thanks!

[pve-devel] applied: Re: [PATCH docs v9 2/3] add vIOMMU documentation

[Thomas Lamprecht]

On 11/04/2024 12:48, Markus Frank wrote:
> Signed-off-by: Markus Frank <m.frank@proxmox.com>
> ---
>  qm-pci-passthrough.adoc | 50 +++++++++++++++++++++++++++++++++++++++++
>  qm.adoc                 |  1 +
>  2 files changed, 51 insertions(+)
> 
>

applied, thanks!

Re: [pve-devel] [PATCH manager v9 3/3] ui: machine: add viommu ComboBox

[Thomas Lamprecht]

On 11/04/2024 12:48, Markus Frank wrote:
> Added a proxmoxKVComboBox for selecting a vIOMMU implementation for a
> VM. If i440fx is selected, a hint tells that q35 is required for Intel vIOMMU.
> 
> The UI also needs to parse the new machine parameter as PropertyString.
> 
> Signed-off-by: Markus Frank <m.frank@proxmox.com>
> ---
>  www/manager6/qemu/MachineEdit.js | 45 ++++++++++++++++++++++++++++++++
>  1 file changed, 45 insertions(+)
> 
> diff --git a/www/manager6/qemu/MachineEdit.js b/www/manager6/qemu/MachineEdit.js
> index f928c80c..45f3d34d 100644
> --- a/www/manager6/qemu/MachineEdit.js
> +++ b/www/manager6/qemu/MachineEdit.js
> @@ -1,6 +1,7 @@
>  Ext.define('PVE.qemu.MachineInputPanel', {
>      extend: 'Proxmox.panel.InputPanel',
>      xtype: 'pveMachineInputPanel',
> +    onlineHelp: 'qm_system_settings',
nit: this could be done in a separate patch.

>  
>      controller: {
>  	xclass: 'Ext.app.ViewController',

> @@ -40,12 +44,30 @@ Ext.define('PVE.qemu.MachineInputPanel', {
>  	    delete values.delete;
>  	}
>  	delete values.version;
> +	if (values.machine === undefined) {
> +	    if (values.viommu) {
> +		delete values.delete;
> +		values.machine = "pc";
> +	    } else {
> +		values.delete = "machine";
> +	    }
> +	}
> +	if (values.viommu) {
> +	    values.machine += ",viommu=" + values.viommu;
> +	}
> +	if (values.delete === "viommu") {
> +	    delete values.delete;
> +	}
> +	delete values.viommu;

can't we use printPropertyString here (with a bit less code preparing the object
passed to it), or at least try making it a bit less convoluted..

>  	    fieldLabel: gettext('Note'),
>  	    value: gettext('Machine version change may affect hardware layout and settings in the guest OS.'),
>  	},
> +	{
> +	    xtype: 'proxmoxKVComboBox',
> +	    fieldLabel: gettext('vIOMMU'),
> +	    name: 'viommu',
> +	    reference: 'viommu',
> +	    value: '__default__',
> +	    comboItems: [
> +		['__default__', Proxmox.Utils.defaultText + ' (None)'],
> +		['intel', 'Intel'],
> +		['virtio', 'VirtIO'],
> +	    ],
> +	},
> +	{
> +	    xtype: 'displayfield',
> +	    name: 'q35Hint',
> +	    reference: 'q35Hint',
> +	    userCls: 'pmx-hint',
> +	    value: gettext('Intel vIOMMU needs the q35 machine type'),

maybe we could mark the field invalid (if that text is returned in the
validity check it will be shown as tooltip) instead of using the hint?

> +	    hidden: true,
> +	},
>      ],
>  });
>