On Thu, Mar 19, 2026 at 17:36:55 +0100, Pavel Hrdina via Devel wrote: > From: Pavel Hrdina <[email protected]> > > This will allow management applications running libvirt without > necessary permissions to pass FD for /dev/iommu with per-process > locked memory accounting enabled. > > Kernel uses per-user locked memory accounting by default which may > cause error while starting multiple VMs with host devices using IOMMUFD. > > Signed-off-by: Pavel Hrdina <[email protected]> > --- > docs/formatdomain.rst | 8 +++++++- > src/conf/domain_conf.c | 7 +++++++ > src/conf/domain_conf.h | 1 + > src/conf/domain_validate.c | 16 ++++++++++++++++ > src/conf/schemas/domaincommon.rng | 3 +++ > tests/genericxml2xmlindata/iommufd.xml | 2 +- > 6 files changed, 35 insertions(+), 2 deletions(-) > > diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst > index f6096b2b9b..412b2b4ddd 100644 > --- a/docs/formatdomain.rst > +++ b/docs/formatdomain.rst > @@ -1389,7 +1389,7 @@ Host Device IOMMUFD > > <domain> > ... > - <iommufd enabled='yes'/> > + <iommufd enabled='yes' fdgroup='iommu'/> > ... > </domain> > > @@ -1403,6 +1403,12 @@ Host Device IOMMUFD > This controls IOMMUFD usage for all host devices, each device can change > this > global default by setting ``iommufd`` attribute for ``driver`` element. > > + Optional ``fdgroup`` attribute can be used together with > + ``virDomainFDAssociate()`` to pass /dev/iommu FD instead of letting
Consider linking the API docs: `virDomainFDAssociate() <html/libvirt-libvirt-domain.html#virDomainFDAssociate>`__ > + libvirt to open it. Caller is responsible for setting per-process locked > + memory accounting otherwise starting multiple VMs with host devices using > + IOMMUFD may fail. > + > Resource partitioning > --------------------- > > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c > index 950c755ad9..71488a0840 100644 > --- a/src/conf/domain_conf.c > +++ b/src/conf/domain_conf.c > @@ -4242,6 +4242,8 @@ void virDomainDefFree(virDomainDef *def) > g_free(def->kvm_features); > g_free(def->tcg_features); > > + g_free(def->iommufd_fdgroup); > + > virBlkioDeviceArrayClear(def->blkio.devices, > def->blkio.ndevices); > g_free(def->blkio.devices); > @@ -19905,6 +19907,8 @@ virDomainDefIommufdParse(virDomainDef *def, > if (virXMLPropTristateBool(nodes[0], "enabled", VIR_XML_PROP_REQUIRED, > &def->iommufd) < 0) > return -1; > > + def->iommufd_fdgroup = virXMLPropString(nodes[0], "fdgroup"); > + > return 0; > } > > @@ -28212,6 +28216,9 @@ virDomainDefIommufdFormat(virBuffer *buf, > virBufferAsprintf(&attrBuf, " enabled='%s'", > virTristateBoolTypeToString(def->iommufd)); > > + if (def->iommufd_fdgroup) > + virBufferAsprintf(&attrBuf, " fdgroup='%s'", def->iommufd_fdgroup); User originating XML values *must* be formatted using virBufferEscapeString (which doesn't require the NULL check). > + > virXMLFormatElement(buf, "iommufd", &attrBuf, NULL); Reviewed-by: Peter Krempa <[email protected]>
