[qemu.git] / docs / bypass-iommu.txt

BYPASS IOMMU PROPERTY
=====================

Description
===========
Traditionally, there is a global switch to enable/disable vIOMMU. All
devices in the system can only support go through vIOMMU or not, which
is not flexible. We introduce this bypass iommu property to support
coexist of devices go through vIOMMU and devices not. This is useful to
passthrough devices with no-iommu mode and devices go through vIOMMU in
the same virtual machine.

PCI host bridges have a bypass_iommu property. This property is used to
determine whether the devices attached on the PCI host bridge will bypass
virtual iommu. The bypass_iommu property is valid only when there is a
virtual iommu in the system, it is implemented to allow some devices to
bypass vIOMMU. When bypass_iommu property is not set for a host bridge,
the attached devices will go through vIOMMU by default.

Usage
=====
The bypass iommu feature support PXB host bridge and default main host
bridge, we add a bypass_iommu property for PXB and default_bus_bypass_iommu
for machine. Note that default_bus_bypass_iommu is available only when
the 'q35' machine type on x86 architecture and the 'virt' machine type
on AArch64. Other machine types do not support bypass iommu for default
root bus.

1. The following is the bypass iommu options:
 (1) PCI expander bridge
     qemu -device pxb-pcie,bus_nr=0x10,addr=0x1,bypass_iommu=true
 (2) Arm default host bridge
     qemu -machine virt,iommu=smmuv3,default_bus_bypass_iommu=true
 (3) X86 default root bus bypass iommu:
     qemu -machine q35,default_bus_bypass_iommu=true

2. Here is the detailed qemu command line for 'virt' machine with PXB on
AArch64:

qemu-system-aarch64 \
 -machine virt,kernel_irqchip=on,iommu=smmuv3,default_bus_bypass_iommu=true \
 -device pxb-pcie,bus_nr=0x10,id=pci.10,bus=pcie.0,addr=0x3.0x1 \
 -device pxb-pcie,bus_nr=0x20,id=pci.20,bus=pcie.0,addr=0x3.0x2,bypass_iommu=true \

And we got:
 - a default host bridge which bypass SMMUv3
 - a pxb host bridge which go through SMMUv3
 - a pxb host bridge which bypass SMMUv3

3. Here is the detailed qemu command line for 'q35' machine with PXB on
x86 architecture:

qemu-system-x86_64 \
 -machine q35,accel=kvm,default_bus_bypass_iommu=true \
 -device pxb-pcie,bus_nr=0x10,id=pci.10,bus=pcie.0,addr=0x3 \
 -device pxb-pcie,bus_nr=0x20,id=pci.20,bus=pcie.0,addr=0x4,bypass_iommu=true \
 -device intel-iommu \

And we got:
 - a default host bridge which bypass iommu
 - a pxb host bridge which go through iommu
 - a pxb host bridge which bypass iommu

Limitations
===========
There might be potential security risk when devices bypass iommu, because
devices might send malicious dma request to virtual machine if there is no
iommu isolation. So it would be necessary to only bypass iommu for trusted
device.

Implementation
==============
The bypass iommu feature includes:
 - Address space
   Add bypass iommu property check of PCI Host and do not get iommu address
   space for devices bypass iommu.
 - Arm SMMUv3 support
   We traverse all PCI root bus and get bus number ranges, then build explicit
   RID mapping for devices which do not bypass iommu.
 - X86 IOMMU support
   To support Intel iommu, we traverse all PCI host bridge and get information
   of devices which do not bypass iommu, then fill the DMAR drhd struct with
   explicit device scope info. To support AMD iommu, add check of bypass iommu
   when traverse the PCI hsot bridge.
 - Machine and PXB options
   We add bypass iommu options in machine option for default root bus, and add
   option for PXB also. Note that the default value of bypass iommu is false,
   so that the devices will by default go through iommu if there exist one.
Commit	Line	Data
732de3e7 XW	1	BYPASS IOMMU PROPERTY
	2	=====================
	3
	4	Description
	5	===========
	6	Traditionally, there is a global switch to enable/disable vIOMMU. All
	7	devices in the system can only support go through vIOMMU or not, which
	8	is not flexible. We introduce this bypass iommu property to support
	9	coexist of devices go through vIOMMU and devices not. This is useful to
	10	passthrough devices with no-iommu mode and devices go through vIOMMU in
	11	the same virtual machine.
	12
	13	PCI host bridges have a bypass_iommu property. This property is used to
	14	determine whether the devices attached on the PCI host bridge will bypass
	15	virtual iommu. The bypass_iommu property is valid only when there is a
	16	virtual iommu in the system, it is implemented to allow some devices to
	17	bypass vIOMMU. When bypass_iommu property is not set for a host bridge,
	18	the attached devices will go through vIOMMU by default.
	19
	20	Usage
	21	=====
	22	The bypass iommu feature support PXB host bridge and default main host
	23	bridge, we add a bypass_iommu property for PXB and default_bus_bypass_iommu
	24	for machine. Note that default_bus_bypass_iommu is available only when
	25	the 'q35' machine type on x86 architecture and the 'virt' machine type
	26	on AArch64. Other machine types do not support bypass iommu for default
	27	root bus.
	28
	29	1. The following is the bypass iommu options:
	30	(1) PCI expander bridge
	31	qemu -device pxb-pcie,bus_nr=0x10,addr=0x1,bypass_iommu=true
	32	(2) Arm default host bridge
	33	qemu -machine virt,iommu=smmuv3,default_bus_bypass_iommu=true
	34	(3) X86 default root bus bypass iommu:
	35	qemu -machine q35,default_bus_bypass_iommu=true
	36
	37	2. Here is the detailed qemu command line for 'virt' machine with PXB on
	38	AArch64:
	39
	40	qemu-system-aarch64 \
	41	-machine virt,kernel_irqchip=on,iommu=smmuv3,default_bus_bypass_iommu=true \
	42	-device pxb-pcie,bus_nr=0x10,id=pci.10,bus=pcie.0,addr=0x3.0x1 \
	43	-device pxb-pcie,bus_nr=0x20,id=pci.20,bus=pcie.0,addr=0x3.0x2,bypass_iommu=true \
	44
	45	And we got:
	46	- a default host bridge which bypass SMMUv3
	47	- a pxb host bridge which go through SMMUv3
	48	- a pxb host bridge which bypass SMMUv3
	49
	50	3. Here is the detailed qemu command line for 'q35' machine with PXB on
	51	x86 architecture:
	52
	53	qemu-system-x86_64 \
	54	-machine q35,accel=kvm,default_bus_bypass_iommu=true \
	55	-device pxb-pcie,bus_nr=0x10,id=pci.10,bus=pcie.0,addr=0x3 \
	56	-device pxb-pcie,bus_nr=0x20,id=pci.20,bus=pcie.0,addr=0x4,bypass_iommu=true \
	57	-device intel-iommu \
	58
	59	And we got:
	60	- a default host bridge which bypass iommu
	61	- a pxb host bridge which go through iommu
	62	- a pxb host bridge which bypass iommu
	63
	64	Limitations
65	===========
66	There might be potential security risk when devices bypass iommu, because
67	devices might send malicious dma request to virtual machine if there is no
68	iommu isolation. So it would be necessary to only bypass iommu for trusted
69	device.
70
71	Implementation
72	==============
73	The bypass iommu feature includes:
74	- Address space
75	Add bypass iommu property check of PCI Host and do not get iommu address
76	space for devices bypass iommu.
77	- Arm SMMUv3 support
78	We traverse all PCI root bus and get bus number ranges, then build explicit
79	RID mapping for devices which do not bypass iommu.
80	- X86 IOMMU support
81	To support Intel iommu, we traverse all PCI host bridge and get information
82	of devices which do not bypass iommu, then fill the DMAR drhd struct with
83	explicit device scope info. To support AMD iommu, add check of bypass iommu
84	when traverse the PCI hsot bridge.
85	- Machine and PXB options
86	We add bypass iommu options in machine option for default root bus, and add
87	option for PXB also. Note that the default value of bypass iommu is false,
88	so that the devices will by default go through iommu if there exist one.
89