1BYPASS IOMMU PROPERTY 2===================== 3 4Description 5=========== 6Traditionally, there is a global switch to enable/disable vIOMMU. All 7devices in the system can only support go through vIOMMU or not, which 8is not flexible. We introduce this bypass iommu property to support 9coexist of devices go through vIOMMU and devices not. This is useful to 10passthrough devices with no-iommu mode and devices go through vIOMMU in 11the same virtual machine. 12 13PCI host bridges have a bypass_iommu property. This property is used to 14determine whether the devices attached on the PCI host bridge will bypass 15virtual iommu. The bypass_iommu property is valid only when there is a 16virtual iommu in the system, it is implemented to allow some devices to 17bypass vIOMMU. When bypass_iommu property is not set for a host bridge, 18the attached devices will go through vIOMMU by default. 19 20Usage 21===== 22The bypass iommu feature support PXB host bridge and default main host 23bridge, we add a bypass_iommu property for PXB and default_bus_bypass_iommu 24for machine. Note that default_bus_bypass_iommu is available only when 25the 'q35' machine type on x86 architecture and the 'virt' machine type 26on AArch64. Other machine types do not support bypass iommu for default 27root bus. 28 291. The following is the bypass iommu options: 30 (1) PCI expander bridge 31 qemu -device pxb-pcie,bus_nr=0x10,addr=0x1,bypass_iommu=true 32 (2) Arm default host bridge 33 qemu -machine virt,iommu=smmuv3,default_bus_bypass_iommu=true 34 (3) X86 default root bus bypass iommu: 35 qemu -machine q35,default_bus_bypass_iommu=true 36 372. Here is the detailed qemu command line for 'virt' machine with PXB on 38AArch64: 39 40qemu-system-aarch64 \ 41 -machine virt,kernel_irqchip=on,iommu=smmuv3,default_bus_bypass_iommu=true \ 42 -device pxb-pcie,bus_nr=0x10,id=pci.10,bus=pcie.0,addr=0x3.0x1 \ 43 -device pxb-pcie,bus_nr=0x20,id=pci.20,bus=pcie.0,addr=0x3.0x2,bypass_iommu=true \ 44 45And we got: 46 - a default host bridge which bypass SMMUv3 47 - a pxb host bridge which go through SMMUv3 48 - a pxb host bridge which bypass SMMUv3 49 503. Here is the detailed qemu command line for 'q35' machine with PXB on 51x86 architecture: 52 53qemu-system-x86_64 \ 54 -machine q35,accel=kvm,default_bus_bypass_iommu=true \ 55 -device pxb-pcie,bus_nr=0x10,id=pci.10,bus=pcie.0,addr=0x3 \ 56 -device pxb-pcie,bus_nr=0x20,id=pci.20,bus=pcie.0,addr=0x4,bypass_iommu=true \ 57 -device intel-iommu \ 58 59And we got: 60 - a default host bridge which bypass iommu 61 - a pxb host bridge which go through iommu 62 - a pxb host bridge which bypass iommu 63 64Limitations 65=========== 66There might be potential security risk when devices bypass iommu, because 67devices might send malicious dma request to virtual machine if there is no 68iommu isolation. So it would be necessary to only bypass iommu for trusted 69device. 70 71Implementation 72============== 73The bypass iommu feature includes: 74 - Address space 75 Add bypass iommu property check of PCI Host and do not get iommu address 76 space for devices bypass iommu. 77 - Arm SMMUv3 support 78 We traverse all PCI root bus and get bus number ranges, then build explicit 79 RID mapping for devices which do not bypass iommu. 80 - X86 IOMMU support 81 To support Intel iommu, we traverse all PCI host bridge and get information 82 of devices which do not bypass iommu, then fill the DMAR drhd struct with 83 explicit device scope info. To support AMD iommu, add check of bypass iommu 84 when traverse the PCI hsot bridge. 85 - Machine and PXB options 86 We add bypass iommu options in machine option for default root bus, and add 87 option for PXB also. Note that the default value of bypass iommu is false, 88 so that the devices will by default go through iommu if there exist one. 89 90