summary refs log tree commit diff stats
path: root/gitlab/issues/target_i386/host_missing/accel_KVM/2956.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_i386/host_missing/accel_KVM/2956.toml')
-rw-r--r--gitlab/issues/target_i386/host_missing/accel_KVM/2956.toml222
1 files changed, 222 insertions, 0 deletions
diff --git a/gitlab/issues/target_i386/host_missing/accel_KVM/2956.toml b/gitlab/issues/target_i386/host_missing/accel_KVM/2956.toml
new file mode 100644
index 000000000..a7fda0f66
--- /dev/null
+++ b/gitlab/issues/target_i386/host_missing/accel_KVM/2956.toml
@@ -0,0 +1,222 @@
+id = 2956
+title = "AMD SEV-SNP: vhost-user-fs-pci iommu_platform=true is not supported by the device"
+state = "opened"
+created_at = "2025-05-07T18:45:15.363Z"
+closed_at = "n/a"
+labels = ["accel: KVM", "target: i386"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2956"
+host-os = "Ubuntu Linux 24.04"
+host-arch = "x86_64 (AMD EPYC 9474F - AMD SEV-SNP)"
+qemu-version = "10.0.0"
+guest-os = "Ubuntu 24.04"
+guest-arch = "x86_64"
+description = """Trying to make use of `vhost-user-fs-pci` with `sev-snp-guest` enabled doesn't work.
+The system reports that `vhost-user-fs-pci` doesn't support IOMMU but as far as I understand
+we need IOMMU for the virtio protocol to fully function."""
+reproduce = """1. Ensure you are running on a system with AMD SNP support:
+```
+sudo dmesg | grep -i sev
+[    0.000000] SEV-SNP: RMP table physical range [0x000000bfbd000000 - 0x000000c07d8fffff]
+[    0.003807] SEV-SNP: Reserving start/end of RMP table on a 2MB boundary [0x000000c07d800000]
+[    8.085220] ccp 0000:06:00.5: sev enabled
+[   16.226155] ccp 0000:06:00.5: SEV API:1.55 build:28
+[   16.226162] ccp 0000:06:00.5: SEV-SNP API:1.55 build:28
+[   16.239284] kvm_amd: SEV enabled (ASIDs 15 - 1006)
+[   16.239289] kvm_amd: SEV-ES enabled (ASIDs 1 - 14)
+[   16.239292] kvm_amd: SEV-SNP enabled (ASIDs 1 - 14)
+```
+2. Use an OVMF which supports AMD SNP: https://github.com/tianocore/edk2.git branch: edk2-stable202502
+3. Launch the virtiofs daemon process.
+4. Launch qemu with device `vhost-user-fs-pci`
+5. The qemu process will terminate with the following error message:
+
+```
+qemu-system-x86_64: -device vhost-user-fs-pci,chardev=fs0,tag=cfg: iommu_platform=true is not supported by the device
+```"""
+additional = """It does launch if I disable any AMD SEV-SNP functionality from the VM:
+
+```
+sudo ./qemu-system-x86_64  \\
+         -nodefaults \\
+\t -enable-kvm \\
+\t -cpu host \\
+\t -object memory-backend-memfd,id=mem0,size=2048M,share=on \\
+\t -machine q35,memory-backend=mem0 \\
+\t -smp cpus=1 \\
+\t -drive file=ubuntu.qcow2,if=none,id=disk0,format=qcow2 \\
+\t -device virtio-blk-pci,drive=disk0 \\
+\t -device amd-iommu \\
+\t -chardev socket,id=fs0,path=/var/run/virtiofs/cfg.sock \\
+\t -device vhost-user-fs-pci,chardev=fs0,tag=cfg \\
+\t -bios ./ovmf-dist/x86_64/OVMF.fd \\
+\t -kernel ./linux-guest-6.12.15-1-/boot/vmlinuz-6.12.15-1 \\
+\t -initrd ./initrd/initrd.img \\
+\t -append 'console=ttyS0' \\
+\t -display none
+\t -nographic
+\t -chardev stdio,id=stdio0,signal=off \\
+\t -serial chardev:stdio0 \\
+\t -D /tmp/qemu-vmm.log \\
+\t -d 'guest_errors,unimp,trace:virtio*'
+```
+
+BTW: I've also managed to reproduce the same bug on AMD's fork:
+- Repo: https://github.com/AMDESE/qemu.git
+- Branch: snp-latest
+
+Configure flags:
+```
+    --target-list=x86_64-softmmu \\
+    --prefix=/builder/out/qemu-dist \\
+    --sysconfdir=/builder/out/qemu-dist/etc \\
+    --libdir=/builder/out/qemu-dist/lib \\
+    --libexecdir=/builder/out/qemu-dist/lib/qemu \\
+    --localstatedir=/builder/out/qemu-dist/var \\
+    --ninja=/usr/bin/ninja \\
+    --python=/usr/bin/python3 \\
+    --with-pkgversion=qemu \\
+    --cc=/usr/bin/x86_64-linux-gnu-gcc-13 \\
+    --static \\
+    --disable-cocoa \\
+    --disable-curses \\
+    --disable-dbus-display \\
+    --disable-gtk \\
+    --disable-gtk-clipboard \\
+    --disable-opengl \\
+    --disable-png \\
+    --disable-sdl \\
+    --disable-sdl-image \\
+    --disable-spice \\
+    --disable-spice-protocol \\
+    --disable-virglrenderer \\
+    --disable-vnc \\
+    --disable-vnc-jpeg \\
+    --disable-vnc-sasl \\
+    --disable-vte \\
+    --disable-alsa \\
+    --disable-coreaudio \\
+    --disable-dsound \\
+    --disable-jack \\
+    --disable-oss \\
+    --disable-pa \\
+    --disable-pipewire \\
+    --disable-sndio \\
+    --disable-vvfat \\
+    --disable-vdi \\
+    --disable-qed \\
+    --disable-qcow1 \\
+    --disable-bochs \\
+    --disable-cloop \\
+    --disable-dmg \\
+    --disable-parallels \\
+    --disable-vpc \\
+    --disable-vmdk \\
+    --disable-vhdx \\
+    --disable-bzip2 \\
+    --disable-lzfse \\
+    --disable-snappy \\
+    --disable-lzo \\
+    --disable-netmap \\
+    --disable-l2tpv3 \\
+    --disable-slirp-smbd \\
+    --disable-vde \\
+    --disable-vmnet \\
+    --disable-vhost-user-blk-server \\
+    --disable-vfio-user-server \\
+    --disable-curl \\
+    --disable-glusterfs \\
+    --disable-libiscsi \\
+    --disable-libnfs \\
+    --disable-libssh \\
+    --disable-mpath \\
+    --disable-rbd \\
+    --disable-vduse-blk-export \\
+    --disable-virtfs \\
+    --disable-fuse \\
+    --disable-fuse-lseek \\
+    --disable-blkio \\
+    --disable-nettle \\
+    --disable-gcrypt \\
+    --disable-gnutls \\
+    --disable-crypto-afalg \\
+    --disable-libkeyutils \\
+    --disable-libkeyutils \\
+    --disable-auth-pam \\
+    --disable-keyring \\
+    --disable-selinux \\
+    --disable-u2f \\
+    --disable-brlapi \\
+    --disable-canokey \\
+    --disable-hvf \\
+    --disable-hv-balloon \\
+    --disable-libdaxctl \\
+    --disable-libudev \\
+    --disable-libusb \\
+    --disable-nvmm \\
+    --disable-rdma \\
+    --disable-smartcard \\
+    --disable-usb-redir \\
+    --disable-whpx \\
+    --disable-xen \\
+    --disable-xen-pci-passthrough \\
+    --disable-guest-agent \\
+    --disable-guest-agent-msi \\
+    --disable-colo-proxy \\
+    --disable-rutabaga-gfx \\
+    --disable-vhost-crypto \\
+    --disable-capstone \\
+    --disable-docs \\
+    --disable-gettext \\
+    --disable-iconv \\
+    --disable-libdw \\
+    --disable-pixman \\
+    --disable-sparse \\
+    --disable-xkbcommon \\
+    --disable-attr \\
+    --disable-gio \\
+    --disable-multiprocess \\
+    --disable-plugins \\
+    --disable-qpl \\
+    --disable-replication \\
+    --disable-uadk \\
+    --disable-libvduse \\
+    --disable-libpmem \\
+    --disable-user \\
+    --disable-bsd-user \\
+    --disable-linux-user \\
+    --disable-tcg \\
+    --disable-debug-tcg \\
+    --disable-tcg-interpreter \\
+    --disable-hexagon-idef-parser \\
+    --disable-qom-cast-debug \\
+    --enable-kvm \\
+    --enable-system \\
+    --enable-pie \\
+    --enable-lto \\
+    --enable-af-xdp \\
+    --enable-slirp \\
+    --enable-vhost-kernel \\
+    --enable-vhost-net \\
+    --enable-vhost-user \\
+    --enable-vhost-vdpa \\
+    --enable-bpf \\
+    --enable-coroutine-pool \\
+    --enable-linux-aio \\
+    --enable-linux-io-uring \\
+    --enable-malloc-trim \\
+    --enable-membarrier \\
+    --enable-cap-ng \\
+    --enable-seccomp \\
+    --enable-stack-protector \\
+    --enable-tpm \\
+    --enable-zstd \\
+    --enable-numa \\
+    --enable-fdt=disabled \\
+    --enable-install-blobs \\
+    --enable-tools \\
+    --enable-trace-backends=log \\
+    --enable-strip \\
+    --x86-version=4 \\
+    --extra-cflags=-O2 -fno-semantic-interposition -fdevirtualize-at-ltrans -flto=auto -fuse-linker-plugin -falign-functions=32 -D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-error=stringop-overflow -Wformat -Werror=format-security -Werror=implicit-function-declaration -fstack-protector-strong -fstack-clash-protection -fcf-protection -fipa-pta \\
+    --extra-ldflags=-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,-O1 -Wl,--as-needed
+```"""