Commit cfb5139b1d for qemu.org
commit cfb5139b1dff07e183c81483758a16c639ff0e54
Author: Yi Liu <yi.l.liu@intel.com>
Date: Tue Jan 6 01:12:58 2026 -0500
intel_iommu: Replay pasid bindings after context cache invalidation
This replays guest pasid bindings after context cache invalidation.
Actually, programmer should issue pasid cache invalidation with proper
granularity after issuing context cache invalidation.
We see old linux such as 6.7.0-rc2 not following the spec, it sends
pasid cache invalidation before context cache invalidation, then QEMU
depends on context cache invalidation to get pasid entry and setup
binding.
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20260106061304.314546-17-zhenzhong.duan@intel.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 3241af811c..08236b85ee 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -77,6 +77,8 @@ struct vtd_iotlb_key {
static void vtd_address_space_refresh_all(IntelIOMMUState *s);
static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n);
static void vtd_replay_pasid_bindings_all(IntelIOMMUState *s);
+static void vtd_pasid_cache_sync_locked(gpointer key, gpointer value,
+ gpointer user_data);
static void vtd_pasid_cache_reset_locked(IntelIOMMUState *s)
{
@@ -2322,6 +2324,37 @@ static void vtd_context_global_invalidate(IntelIOMMUState *s)
* VT-d emulation codes.
*/
vtd_iommu_replay_all(s);
+ /*
+ * Same for pasid cache invalidation, per VT-d spec 6.5.2.1, a global
+ * context cache invalidation should be followed by global PASID cache
+ * invalidation. In order to work with guest not following spec,
+ * handle global PASID cache invalidation here.
+ */
+ vtd_replay_pasid_bindings_all(s);
+}
+
+static void vtd_pasid_cache_devsi(VTDAddressSpace *vtd_as)
+{
+ IntelIOMMUState *s = vtd_as->iommu_state;
+ PCIBus *bus = vtd_as->bus;
+ uint8_t devfn = vtd_as->devfn;
+ struct vtd_as_key key = {
+ .bus = bus,
+ .devfn = devfn,
+ .pasid = vtd_as->pasid,
+ };
+ VTDPASIDCacheInfo pc_info;
+
+ if (!s->fsts || !s->root_scalable || !s->dmar_enabled) {
+ return;
+ }
+
+ trace_vtd_pasid_cache_devsi(pci_bus_num(bus),
+ VTD_PCI_SLOT(devfn), VTD_PCI_FUNC(devfn));
+
+ /* We fake to be global invalidation just to bypass all checks */
+ pc_info.type = VTD_INV_DESC_PASIDC_G_GLOBAL;
+ vtd_pasid_cache_sync_locked(&key, vtd_as, &pc_info);
}
/* Do a context-cache device-selective invalidation.
@@ -2382,6 +2415,15 @@ static void vtd_context_device_invalidate(IntelIOMMUState *s,
* happened.
*/
vtd_address_space_sync(vtd_as);
+ /*
+ * Per spec 6.5.2.1, context flush should be followed by PASID
+ * cache and iotlb flush. In order to work with a guest which does
+ * not follow spec and missed PASID cache flush, e.g., linux
+ * 6.7.0-rc2, we have vtd_pasid_cache_devsi() to invalidate PASID
+ * cache of passthrough device. Host iommu driver would flush
+ * piotlb when a pasid unbind is passed down to it.
+ */
+ vtd_pasid_cache_devsi(vtd_as);
}
}
}
diff --git a/hw/i386/trace-events b/hw/i386/trace-events
index 5a3ee1cf64..5fa5e93b68 100644
--- a/hw/i386/trace-events
+++ b/hw/i386/trace-events
@@ -28,6 +28,7 @@ vtd_pasid_cache_reset(void) ""
vtd_inv_desc_pasid_cache_gsi(void) ""
vtd_inv_desc_pasid_cache_dsi(uint16_t domain) "Domain selective PC invalidation domain 0x%"PRIx16
vtd_inv_desc_pasid_cache_psi(uint16_t domain, uint32_t pasid) "PASID selective PC invalidation domain 0x%"PRIx16" pasid 0x%"PRIx32
+vtd_pasid_cache_devsi(uint8_t bus, uint8_t dev, uint8_t fn) "Dev selective PC invalidation dev: %02"PRIx8":%02"PRIx8".%02"PRIx8
vtd_re_not_present(uint8_t bus) "Root entry bus %"PRIu8" not present"
vtd_ce_not_present(uint8_t bus, uint8_t devfn) "Context entry bus %"PRIu8" devfn %"PRIu8" not present"
vtd_iotlb_page_hit(uint16_t sid, uint64_t addr, uint64_t slpte, uint16_t domain) "IOTLB page hit sid 0x%"PRIx16" iova 0x%"PRIx64" slpte 0x%"PRIx64" domain 0x%"PRIx16