| Intel Graphics Device (IGD) assignment with vfio-pci |
| ==================================================== |
| |
| IGD has two different modes for assignment using vfio-pci: |
| |
| 1) Universal Pass-Through (UPT) mode: |
| |
| In this mode the IGD device is added as a *secondary* (ie. non-primary) |
| graphics device in combination with an emulated primary graphics device. |
| This mode *requires* guest driver support to remove the external |
| dependencies generally associated with IGD (see below). Those guest |
| drivers only support this mode for Broadwell and newer IGD, according to |
| Intel. Additionally, this mode by default, and as officially supported |
| by Intel, does not support direct video output. The intention is to use |
| this mode either to provide hardware acceleration to the emulated graphics |
| or to use this mode in combination with guest-based remote access software, |
| for example VNC (see below for optional output support). This mode |
| theoretically has no device specific handling dependencies on vfio-pci or |
| the VM firmware. |
| |
| 2) "Legacy" mode: |
| |
| In this mode the IGD device is intended to be the primary and exclusive |
| graphics device in the VM[1], as such QEMU does not facilitate any sort |
| of remote graphics to the VM in this mode. A connected physical monitor |
| is the intended output device for IGD. This mode includes several |
| requirements and restrictions: |
| |
| * IGD must be given address 02.0 on the PCI root bus in the VM |
| * The host kernel must support vfio extensions for IGD (v4.6) |
| * vfio VGA support very likely needs to be enabled in the host kernel |
| * The VM firmware must support specific fw_cfg enablers for IGD |
| * The VM machine type must support a PCI host bridge at 00.0 (standard) |
| * The VM machine type must provide or allow to be created a special |
| ISA/LPC bridge device (vfio-pci-igd-lpc-bridge) on the root bus at |
| PCI address 1f.0. |
| * The IGD device must have a VGA ROM, either provided via the romfile |
| option or loaded automatically through vfio (standard). rombar=0 |
| will disable legacy mode support. |
| * Hotplug of the IGD device is not supported. |
| * The IGD device must be a SandyBridge or newer model device. |
| |
| For either mode, depending on the host kernel, the i915 driver in the host |
| may generate faults and errors upon re-binding to an IGD device after it |
| has been assigned to a VM. It's therefore generally recommended to prevent |
| such driver binding unless the host driver is known to work well for this. |
| There are numerous ways to do this, i915 can be blacklisted on the host, |
| the driver_override option can be used to ensure that only vfio-pci can bind |
| to the device on the host[2], virsh nodedev-detach can be used to bind the |
| device to vfio drivers and then managed='no' set in the VM xml to prevent |
| re-binding to i915, etc. Also note that IGD is also typically the primary |
| graphics in the host and special options may be required beyond simply |
| blacklisting i915 or using pci-stub/vfio-pci to take ownership of IGD as a |
| PCI class device. Lower level drivers exist that may still claim the device. |
| It may therefore be necessary to use kernel boot options video=vesafb:off or |
| video=efifb:off (depending on host BIOS/UEFI) or these can be combined to |
| a catch-all, video=vesafb:off,efifb:off. Error messages such as: |
| |
| Failed to mmap 0000:00:02.0 BAR <>. Performance may be slow |
| |
| are a good indicator that such a problem exists. The host files /proc/iomem |
| and /proc/ioports are often useful for identifying drivers consuming ranges |
| of the device to cause such conflicts. |
| |
| Additionally, IGD device are known to generate small numbers of DMAR faults |
| when initially assigned. It is believed that this is simply the IGD attempting |
| to access the reserved GTT space after reset, which it no longer has access to |
| when accessed from userspace. So long as the DMAR faults are small in number |
| and most importantly, not ongoing, these are not an indication of an error. |
| |
| Additionally++, analog VGA output (as opposed to digital outputs like HDMI, |
| DVI, or DisplayPort) may be unsupported in some use cases. In the author's |
| experience, even DP to VGA adapters can be troublesome while adapters between |
| digital formats work well. |
| |
| Usage |
| ===== |
| The intention is for IGD assignment to be transparent for users and thus for |
| management tools like libvirt. To make use of legacy mode, simply remove all |
| other graphics options and use "-nographic" and either "-vga none" or |
| "-nodefaults", along with adding the device using vfio-pci: |
| |
| -device vfio-pci,host=00:02.0,id=hostdev0,bus=pci.0,addr=0x2 |
| |
| For UPT mode, retain the default emulated graphics and simply add the vfio-pci |
| device making use of any other bus address other than 02.0. libvirt will |
| default to assigning the device a UPT compatible address while legacy mode |
| users will need to manually edit the XML if using a tool like virt-manager |
| where the VM device address is not expressly specified. |
| |
| An experimental vfio-pci option also exists to enable OpRegion, and thus |
| external monitor support, for UPT mode. This can be enabled by adding |
| "x-igd-opregion=on" to the vfio-pci device options for the IGD device. As |
| with legacy mode, this requires the host to support features introduced in |
| the v4.6 kernel. If Intel chooses to embrace this support, the option may |
| be made non-experimental in the future, opening it to libvirt support. |
| |
| Developer ABI |
| ============= |
| Legacy mode IGD support imposes two fw_cfg requirements on the VM firmware: |
| |
| 1) "etc/igd-opregion" |
| |
| This fw_cfg file exposes the OpRegion for the IGD device. A reserved |
| region should be created below 4GB (recommended 4KB alignment), sized |
| sufficient for the fw_cfg file size, and the content of this file copied |
| to it. The dword based address of this reserved memory region must also |
| be written to the ASLS register at offset 0xFC on the IGD device. It is |
| recommended that firmware should make use of this fw_cfg entry for any |
| PCI class VGA device with Intel vendor ID. Multiple of such devices |
| within a VM is undefined. |
| |
| 2) "etc/igd-bdsm-size" |
| |
| This fw_cfg file contains an 8-byte, little endian integer indicating |
| the size of the reserved memory region required for IGD stolen memory. |
| Firmware must allocate a reserved memory below 4GB with required 1MB |
| alignment equal to this size. Additionally the base address of this |
| reserved region must be written to the dword BDSM register in PCI config |
| space of the IGD device at offset 0x5C. As this support is related to |
| running the IGD ROM, which has other dependencies on the device appearing |
| at guest address 00:02.0, it's expected that this fw_cfg file is only |
| relevant to a single PCI class VGA device with Intel vendor ID, appearing |
| at PCI bus address 00:02.0. |
| |
| Footnotes |
| ========= |
| [1] Nothing precludes adding additional emulated or assigned graphics devices |
| as non-primary, other than the combination typically not working. I only |
| intend to set user expectations, others are welcome to find working |
| combinations or fix whatever issues prevent this from working in the common |
| case. |
| [2] # echo "vfio-pci" > /sys/bus/pci/devices/0000:00:02.0/driver_override |
