On Mon, Jul 14, 2025 at 04:59:37PM +0100, Shameer Kolothum wrote: > On ARM, when a device is behind an IOMMU, its MSI doorbell address is > subject to translation by the IOMMU. This behavior affects vfio-pci > passthrough devices assigned to guests using an accelerated SMMUv3. > > In this setup, we configure the host SMMUv3 in nested mode, where > VFIO sets up the Stage-2 (S2) mappings for guest RAM, while the guest > controls Stage-1 (S1). To allow VFIO to correctly configure S2 mappings, > we currently return the system address space via the get_address_space() > callback for vfio-pci devices. > > However, QEMU/KVM also uses this same callback path when resolving the > address space for MSI doorbells: > > kvm_irqchip_add_msi_route() > kvm_arch_fixup_msi_route() > pci_device_iommu_address_space() > > This leads to problems when MSI doorbells need to be translated. > > To fix this, introduce an optional get_msi_address_space() callback. > In the SMMUv3 accelerated case, this callback returns the IOMMU address > space if the guest has set up S1 translations for the vfio-pci device. > Otherwise, it returns the system address space. > > Suggested-by: Nicolin Chen <nicol...@nvidia.com> > Signed-off-by: Shameer Kolothum <shameerali.kolothum.th...@huawei.com> > --- > hw/arm/smmuv3-accel.c | 25 +++++++++++++++++++++++++ > hw/pci/pci.c | 19 +++++++++++++++++++ > include/hw/pci/pci.h | 16 ++++++++++++++++ > target/arm/kvm.c | 2 +-
I think we need to separate core changes and smmu changes, like how pci_device_set/unset_iommu_device were introduced. Thanks Nicolin
