On Fri, Jan 30, 2026 at 10:59:11AM -0800, Nathan Chen via Devel wrote:
Hi,
This is a follow up to the fifth patch series [0] for using iommufd to propagate DMA mappings to the kernel for VM-assigned host devices in a qemu VM.
We add a new 'iommufd' attribute for hostdev devices to be associated with the iommufd object.
For instance, specifying the iommufd object and associated hostdev in a VM definition:
<devices> ... <hostdev mode='subsystem' type='pci' managed='no'> <driver iommufd='yes'/> <source> <address domain='0x0009' bus='0x01' slot='0x00' function='0x0'/> </source> <address type='pci' domain='0x0000' bus='0x15' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='no'> <driver iommufd='yes'/> <source> <address domain='0x0019' bus='0x01' slot='0x00' function='0x0'/> </source> <address type='pci' domain='0x0000' bus='0x16' slot='0x00' function='0x0'/> </hostdev> ... </devices>
This would get translated to a qemu command line with the arguments below. Note that libvirt will open the /dev/iommu and VFIO cdev, passing the associated fd number to qemu:
-object '{"qom-type":"iommufd","id":"iommufd0","fd":"24"}' \ -device '{"driver":"vfio-pci","host":"0009:01:00.0","id":"hostdev0","iommufd":"iommufd0","fd":"22","bus":"pci.21","addr":"0x0"}' \ -device '{"driver":"vfio-pci","host":"0019:01:00.0","id":"hostdev1","iommufd":"iommufd0","fd":"25","bus":"pci.22","addr":"0x0"}' \
Changes from v5: - Updated documentation to point to 12.1.0 (QEMU and KVM only) - Move define and VIR_LOG_INIT out of #ifdef __linux__ block in viriommufd.h - Remove unneeded virPCIDeviceFree() from AppArmorSetSecurityHostdevLabel - Always error out if per-process accounting failed
Changes from v4: - Move qemuProcessOpenVfioFds() to qemu_process.h in patch 4/7 - Add `linux/iommufd.h` into headers list in the meson.build file - Correct viriommufd.c pre-processor definition indentations - Restore call to virIOMMUFDSetRLimitMode() in patch 5/7 - Fix indentations for various print function calls - Move the qemuProcessOpenVfioFds() call to qemuProcessPrepareHost() - Make qemuProcessOpenVfioFds() static - Remove unnecessary formatting and comment in virPCIDeviceGetVfioPath() - Clean up namespace and cgroup changes with conditional check for iommufd - Remove virIOMMUFDSupported() - Fix seclabel return logic - In Apparmor seclabel logic, use g_autoptr for virPCIDevice pointer
Changes from v3: - Resolved issue from v2 where stale FD from previous VM boot was in use - Remove second approach for retrieving VFIO device path in virPCIDeviceGetVfioPath() - Resolve broken build of libvirt on non-Linux platforms - Conditionally define iommufd headers and use system headers where possible - Add non-fatal handling + warning print for EPERM for the IOMMU_OPTION_RLIMIT_MODE ioctl - Replace references to /dev/iommu with VIR_IOMMU_DEV_PATH - Implement virIOMMUFDSupported(void) to check for existence of /dev/iommu on host - Include tests for multiple hostdevs
Changes from v2: - Set per-process memory accounting mode for iommufd - Separated out formatting of iommufd object from qemuBuildHostdevCommandLine - Placed hostdev private data implementation in a separate commit - Allocate hostdev private data unconditionally - Compare FDs against -1 - Integrated callback function in virQEMUDriverPrivateDataCallbacks for qemuDomainHostdevPrivateNew - Dropped qemuProcessCloseVfioFds - Addressed other feedback from v2 (formatting, includes, etc.) - Revised seclabel logic to be device-specific for AppArmor and to allow paths for SELinux/DAC
This series is on Github: https://github.com/NathanChenNVIDIA/libvirt/commits/iommufd-v6-01-26
Thanks, Nathan
[0] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/GKSDP...
Nathan Chen (7): qemu: Implement support for associating iommufd to hostdev qemu: Introduce privateData for hostdevs qemu: Support per-process memory accounting for iommufd qemu: open VFIO FDs from libvirt backend qemu: open iommufd FD from libvirt backend qemu: Update Cgroup, namespace, and seclabel for iommufd tests: qemuxmlconfdata: provide iommufd sample XML and CLI args
Once we decide what error reporting to use in PATCH 3. Reviewed-by: Pavel Hrdina <phrdina@redhat.com>