Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-132028

SNP guest + vhost-user-fs-pci fails with "iommu_platform=true is not supported" despite parameter not being set

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • rhel-10.2
    • qemu-kvm / Devices
    • None
    • None
    • None
    • rhel-virt-confidential-virt
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      Launch a VM with sev-snp-guest and a vhost-user-fs-pci device attached. Crucially, I did NOT explicitly set iommu_platform=true in the device configuration, the qemu process terminated with "vhost-user-fs-pci", "bus": "pcie-root-port-3", "addr": "0x0"}: iommu_platform=true is not supported by the device.

      What is the impact of this issue to you?

      The VM fails to start entirely. I am unable to use virtiofs in an snp guest because QEMU seems to implicitly enforce iommu_platform=true, which the device rejects.

      Please provide the package NVR for which the bug is seen:

      Host kernel: 6.12.0-164.el10.x86_64

      QEMU version: qemu-kvm-10.1.0-6.el10.x86_64

      virtiofsd version: virtiofsd-1.13.2-1.el10_0.x86_64

      How reproducible is this bug?:

      always

      Steps to reproduce

      1. Run the following QEMU command to launch a SNP guest  with vhost-user-fs-pci(note that iommu_platform is not included in the device string) 
        [stdlog] MALLOC_PERTURB_=1  /usr/libexec/qemu-kvm \
[stdlog]     -S  \
[stdlog]     -name 'avocado-vt-vm1'  \
[stdlog]     -sandbox on,elevateprivileges=deny,obsolete=deny,resourcecontrol=deny,spawn=deny \
[stdlog]     -machine q35,confidential-guest-support=lsec0 \
[stdlog]     -device '{"id": "pcie-root-port-0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x1", "chassis": 1}' \
[stdlog]     -device '{"id": "pcie-pci-bridge-0", "driver": "pcie-pci-bridge", "addr": "0x0", "bus": "pcie-root-port-0"}' \
[stdlog]     -object '{"id": "lsec0", "policy": 196608, "cbitpos": 51, "reduced-phys-bits": 5, "qom-type": "sev-snp-guest"}'  \
[stdlog]     -nodefaults \
[stdlog]     -device '{"driver": "VGA", "bus": "pcie.0", "addr": "0x2"}' \
[stdlog]     -m 8192 \
[stdlog]     -object '{"size": 8589934592, "mem-path": "/dev/shm", "share": true, "id": "mem-mem1", "qom-type": "memory-backend-file"}'  \
[stdlog]     -smp 48,maxcpus=48,cores=24,threads=1,dies=1,sockets=2  \
[stdlog]     -numa node,memdev=mem-mem1,nodeid=0  \
[stdlog]     -cpu 'host' \
[stdlog]     -chardev socket,path=/var/tmp/avocado_oj8xxhl3/monitor-qmpmonitor1-20251128-050751-cZbRr1sV,wait=off,server=on,id=qmp_id_qmpmonitor1  \
[stdlog]     -mon chardev=qmp_id_qmpmonitor1,mode=control \
[stdlog]     -chardev socket,path=/var/tmp/avocado_oj8xxhl3/monitor-catch_monitor-20251128-050751-cZbRr1sV,wait=off,server=on,id=qmp_id_catch_monitor  \
[stdlog]     -mon chardev=qmp_id_catch_monitor,mode=control \
[stdlog]     -device '{"ioport": 1285, "driver": "pvpanic", "id": "idzdWJxZ"}' \
[stdlog]     -chardev socket,path=/var/tmp/avocado_oj8xxhl3/serial-serial0-20251128-050751-cZbRr1sV,wait=off,server=on,id=chardev_serial0 \
[stdlog]     -device '{"id": "serial0", "driver": "isa-serial", "chardev": "chardev_serial0"}'  \
[stdlog]     -chardev socket,id=seabioslog_id_20251128-050751-cZbRr1sV,path=/var/tmp/avocado_oj8xxhl3/seabios-20251128-050751-cZbRr1sV,server=on,wait=off \
[stdlog]     -device isa-debugcon,chardev=seabioslog_id_20251128-050751-cZbRr1sV,iobase=0x402 \
[stdlog]     -device '{"id": "pcie-root-port-1", "port": 1, "driver": "pcie-root-port", "addr": "0x1.0x1", "bus": "pcie.0", "chassis": 2}' \
[stdlog]     -device '{"driver": "qemu-xhci", "id": "usb1", "bus": "pcie-root-port-1", "addr": "0x0"}' \
[stdlog]     -device '{"driver": "usb-tablet", "id": "usb-tablet1", "bus": "usb1.0", "port": "1"}' \
[stdlog]     -device '{"id": "pcie-root-port-2", "port": 2, "driver": "pcie-root-port", "addr": "0x1.0x2", "bus": "pcie.0", "chassis": 3}' \
[stdlog]     -device '{"id": "virtio_scsi_pci0", "driver": "virtio-scsi-pci", "bus": "pcie-root-port-2", "addr": "0x0"}' \
[stdlog]     -blockdev '{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/rhel102-64-virtio-scsi-ovmf.qcow2", "cache": {"direct": true, "no-flush": false}}' \
[stdlog]     -blockdev '{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_image1"}' \
[stdlog]     -device '{"driver": "scsi-hd", "id": "image1", "drive": "drive_image1", "write-cache": "on"}' \
[stdlog]     -chardev socket,id=char_virtiofs_fs,path=/var/tmp/avocado_oj8xxhl3/avocado-vt-vm1-fs-virtiofsd.sock \
[stdlog]     -device '{"id": "pcie-root-port-3", "port": 3, "driver": "pcie-root-port", "addr": "0x1.0x3", "bus": "pcie.0", "chassis": 4}' \
[stdlog]     -device '{"id": "vufs_virtiofs_fs", "chardev": "char_virtiofs_fs", "tag": "myfs", "queue-size": 1024, "driver": "vhost-user-fs-pci", "bus": "pcie-root-port-3", "addr": "0x0"}' \
[stdlog]     -device '{"id": "pcie-root-port-4", "port": 4, "driver": "pcie-root-port", "addr": "0x1.0x4", "bus": "pcie.0", "chassis": 5}' \
[stdlog]     -device '{"driver": "virtio-net-pci", "mac": "9a:24:89:0b:89:62", "id": "idT0LoZz", "netdev": "idVQbZAX", "bus": "pcie-root-port-4", "addr": "0x0"}' \
[stdlog]     -netdev  '{"id": "idVQbZAX", "type": "tap", "vhost": true, "vhostfd": "16", "fd": "9"}'  \
[stdlog]     -vnc :0  \
[stdlog]     -rtc base=utc,clock=host,driftfix=slew  \
[stdlog]     -boot menu=off,order=cdn,once=c,strict=off \
[stdlog]     -bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \
[stdlog]     -chardev socket,id=char_vtpm_avocado-vt-vm1_tpm0,path=/root/avocado/data/avocado-vt/swtpm/avocado-vt-vm1_tpm0_swtpm.sock \
[stdlog]     -tpmdev emulator,chardev=char_vtpm_avocado-vt-vm1_tpm0,id=emulator_vtpm_avocado-vt-vm1_tpm0 \
[stdlog]     -device '{"id": "tpm-crb_vtpm_avocado-vt-vm1_tpm0", "tpmdev": "emulator_vtpm_avocado-vt-vm1_tpm0", "driver": "tpm-crb"}' \
[stdlog]     -enable-kvm \
[stdlog]     -device '{"id": "pcie_extra_root_port_0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x3", "chassis": 6}'

      Expected results

      The VM should boot successfully. If SEV-SNP requires iommu_platform=true, the vhost-user-fs-pci device should either support it or QEMU should handle the implicit default without crashing/rejecting the device.

      Actual results

      'qemu-kvm: -device {"id": "vufs_virtiofs_fs", "chardev": "char_virtiofs_fs", "tag": "myfs", "queue-size": 1024, "driver": "vhost-user-fs-pci", "bus": "pcie-root-port-3", "addr": "0x0"}: iommu_platform=true is not supported by the device'

              virt-maint virt-maint
              rhn-support-yihyu Yihuang Yu
              virt-maint virt-maint
              Jin Liu Jin Liu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: