id = 2956
title = "AMD SEV-SNP: vhost-user-fs-pci iommu_platform=true is not supported by the device"
state = "opened"
created_at = "2025-05-07T18:45:15.363Z"
closed_at = "n/a"
labels = ["accel: KVM", "target: i386"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/2956"
host-os = "Ubuntu Linux 24.04"
host-arch = "x86_64 (AMD EPYC 9474F - AMD SEV-SNP)"
qemu-version = "10.0.0"
guest-os = "Ubuntu 24.04"
guest-arch = "x86_64"
description = """Trying to make use of `vhost-user-fs-pci` with `sev-snp-guest` enabled doesn't work.
The system reports that `vhost-user-fs-pci` doesn't support IOMMU but as far as I understand
we need IOMMU for the virtio protocol to fully function."""
reproduce = """1. Ensure you are running on a system with AMD SNP support:
```
sudo dmesg | grep -i sev
[    0.000000] SEV-SNP: RMP table physical range [0x000000bfbd000000 - 0x000000c07d8fffff]
[    0.003807] SEV-SNP: Reserving start/end of RMP table on a 2MB boundary [0x000000c07d800000]
[    8.085220] ccp 0000:06:00.5: sev enabled
[   16.226155] ccp 0000:06:00.5: SEV API:1.55 build:28
[   16.226162] ccp 0000:06:00.5: SEV-SNP API:1.55 build:28
[   16.239284] kvm_amd: SEV enabled (ASIDs 15 - 1006)
[   16.239289] kvm_amd: SEV-ES enabled (ASIDs 1 - 14)
[   16.239292] kvm_amd: SEV-SNP enabled (ASIDs 1 - 14)
```
2. Use an OVMF which supports AMD SNP: https://github.com/tianocore/edk2.git branch: edk2-stable202502
3. Launch the virtiofs daemon process.
4. Launch qemu with device `vhost-user-fs-pci`
5. The qemu process will terminate with the following error message:

```
qemu-system-x86_64: -device vhost-user-fs-pci,chardev=fs0,tag=cfg: iommu_platform=true is not supported by the device
```"""
additional = """It does launch if I disable any AMD SEV-SNP functionality from the VM:

```
sudo ./qemu-system-x86_64  \\
         -nodefaults \\
\t -enable-kvm \\
\t -cpu host \\
\t -object memory-backend-memfd,id=mem0,size=2048M,share=on \\
\t -machine q35,memory-backend=mem0 \\
\t -smp cpus=1 \\
\t -drive file=ubuntu.qcow2,if=none,id=disk0,format=qcow2 \\
\t -device virtio-blk-pci,drive=disk0 \\
\t -device amd-iommu \\
\t -chardev socket,id=fs0,path=/var/run/virtiofs/cfg.sock \\
\t -device vhost-user-fs-pci,chardev=fs0,tag=cfg \\
\t -bios ./ovmf-dist/x86_64/OVMF.fd \\
\t -kernel ./linux-guest-6.12.15-1-/boot/vmlinuz-6.12.15-1 \\
\t -initrd ./initrd/initrd.img \\
\t -append 'console=ttyS0' \\
\t -display none
\t -nographic
\t -chardev stdio,id=stdio0,signal=off \\
\t -serial chardev:stdio0 \\
\t -D /tmp/qemu-vmm.log \\
\t -d 'guest_errors,unimp,trace:virtio*'
```

BTW: I've also managed to reproduce the same bug on AMD's fork:
- Repo: https://github.com/AMDESE/qemu.git
- Branch: snp-latest

Configure flags:
```
    --target-list=x86_64-softmmu \\
    --prefix=/builder/out/qemu-dist \\
    --sysconfdir=/builder/out/qemu-dist/etc \\
    --libdir=/builder/out/qemu-dist/lib \\
    --libexecdir=/builder/out/qemu-dist/lib/qemu \\
    --localstatedir=/builder/out/qemu-dist/var \\
    --ninja=/usr/bin/ninja \\
    --python=/usr/bin/python3 \\
    --with-pkgversion=qemu \\
    --cc=/usr/bin/x86_64-linux-gnu-gcc-13 \\
    --static \\
    --disable-cocoa \\
    --disable-curses \\
    --disable-dbus-display \\
    --disable-gtk \\
    --disable-gtk-clipboard \\
    --disable-opengl \\
    --disable-png \\
    --disable-sdl \\
    --disable-sdl-image \\
    --disable-spice \\
    --disable-spice-protocol \\
    --disable-virglrenderer \\
    --disable-vnc \\
    --disable-vnc-jpeg \\
    --disable-vnc-sasl \\
    --disable-vte \\
    --disable-alsa \\
    --disable-coreaudio \\
    --disable-dsound \\
    --disable-jack \\
    --disable-oss \\
    --disable-pa \\
    --disable-pipewire \\
    --disable-sndio \\
    --disable-vvfat \\
    --disable-vdi \\
    --disable-qed \\
    --disable-qcow1 \\
    --disable-bochs \\
    --disable-cloop \\
    --disable-dmg \\
    --disable-parallels \\
    --disable-vpc \\
    --disable-vmdk \\
    --disable-vhdx \\
    --disable-bzip2 \\
    --disable-lzfse \\
    --disable-snappy \\
    --disable-lzo \\
    --disable-netmap \\
    --disable-l2tpv3 \\
    --disable-slirp-smbd \\
    --disable-vde \\
    --disable-vmnet \\
    --disable-vhost-user-blk-server \\
    --disable-vfio-user-server \\
    --disable-curl \\
    --disable-glusterfs \\
    --disable-libiscsi \\
    --disable-libnfs \\
    --disable-libssh \\
    --disable-mpath \\
    --disable-rbd \\
    --disable-vduse-blk-export \\
    --disable-virtfs \\
    --disable-fuse \\
    --disable-fuse-lseek \\
    --disable-blkio \\
    --disable-nettle \\
    --disable-gcrypt \\
    --disable-gnutls \\
    --disable-crypto-afalg \\
    --disable-libkeyutils \\
    --disable-libkeyutils \\
    --disable-auth-pam \\
    --disable-keyring \\
    --disable-selinux \\
    --disable-u2f \\
    --disable-brlapi \\
    --disable-canokey \\
    --disable-hvf \\
    --disable-hv-balloon \\
    --disable-libdaxctl \\
    --disable-libudev \\
    --disable-libusb \\
    --disable-nvmm \\
    --disable-rdma \\
    --disable-smartcard \\
    --disable-usb-redir \\
    --disable-whpx \\
    --disable-xen \\
    --disable-xen-pci-passthrough \\
    --disable-guest-agent \\
    --disable-guest-agent-msi \\
    --disable-colo-proxy \\
    --disable-rutabaga-gfx \\
    --disable-vhost-crypto \\
    --disable-capstone \\
    --disable-docs \\
    --disable-gettext \\
    --disable-iconv \\
    --disable-libdw \\
    --disable-pixman \\
    --disable-sparse \\
    --disable-xkbcommon \\
    --disable-attr \\
    --disable-gio \\
    --disable-multiprocess \\
    --disable-plugins \\
    --disable-qpl \\
    --disable-replication \\
    --disable-uadk \\
    --disable-libvduse \\
    --disable-libpmem \\
    --disable-user \\
    --disable-bsd-user \\
    --disable-linux-user \\
    --disable-tcg \\
    --disable-debug-tcg \\
    --disable-tcg-interpreter \\
    --disable-hexagon-idef-parser \\
    --disable-qom-cast-debug \\
    --enable-kvm \\
    --enable-system \\
    --enable-pie \\
    --enable-lto \\
    --enable-af-xdp \\
    --enable-slirp \\
    --enable-vhost-kernel \\
    --enable-vhost-net \\
    --enable-vhost-user \\
    --enable-vhost-vdpa \\
    --enable-bpf \\
    --enable-coroutine-pool \\
    --enable-linux-aio \\
    --enable-linux-io-uring \\
    --enable-malloc-trim \\
    --enable-membarrier \\
    --enable-cap-ng \\
    --enable-seccomp \\
    --enable-stack-protector \\
    --enable-tpm \\
    --enable-zstd \\
    --enable-numa \\
    --enable-fdt=disabled \\
    --enable-install-blobs \\
    --enable-tools \\
    --enable-trace-backends=log \\
    --enable-strip \\
    --x86-version=4 \\
    --extra-cflags=-O2 -fno-semantic-interposition -fdevirtualize-at-ltrans -flto=auto -fuse-linker-plugin -falign-functions=32 -D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-error=stringop-overflow -Wformat -Werror=format-security -Werror=implicit-function-declaration -fstack-protector-strong -fstack-clash-protection -fcf-protection -fipa-pta \\
    --extra-ldflags=-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,-O1 -Wl,--as-needed
```"""