[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v6 1/5] xen/domctl: extend XEN_DOMCTL_assign_device to handle not only iommu

  • To: Oleksii Moisieiev <Oleksii_Moisieiev@xxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 12 Jan 2026 16:40:50 +0100
  • Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Grygorii Strashko <grygorii_strashko@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 12 Jan 2026 15:41:00 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 12.01.2026 16:16, Oleksii Moisieiev wrote:
> On 06/11/2025 12:09, Jan Beulich wrote:
>> On 01.11.2025 12:56, Oleksii Moisieiev wrote:
>>> @@ -827,7 +828,32 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
>>> u_domctl)
>>>       case XEN_DOMCTL_test_assign_device:
>>>       case XEN_DOMCTL_deassign_device:
>>>       case XEN_DOMCTL_get_device_group:
>>> +        int ret1;
>>> +
>>> +        /*
>>> +         * Add chained handling of assigned DT devices to support
>>> +         * access-controller functionality through SCI framework, so
>>> +         * DT device assign request can be passed to FW for processing and
>>> +         * enabling VM access to requested device.
>>> +         * The access-controller DT device processing is chained before 
>>> IOMMU
>>> +         * processing preserving return code and expected to be executed 
>>> for
>>> +         * any DT device regardless if DT device is protected by IOMMU or
>>> +         * not (or IOMMU is disabled).
>>> +         */
>>> +        ret1 = sci_do_domctl(op, d, u_domctl);
>> Why would this not be the initializer of the new variable? (I also don't 
>> think
>> that we've decided to permit variable declarations at other than the top of
>> scopes or within e.g. a for() loop control construct.)
>>
> +
>>>           ret = iommu_do_domctl(op, d, u_domctl);
>>> +        if ( ret < 0 )
>>> +            return ret;
>> Why would you invoke both in all cases? If sci_do_domctl() handled the 
>> request,
>> there isn't any point in also invoking iommu_do_domctl(), is there? Or else 
>> is
>> there maybe some crucial aspect missing from the description (or not explicit
>> enough there for a non-SCI person like me)?
>>
>> Also this doesn't look to fit the description saying "The SCI 
>> access-controller
>> DT device processing is chained after IOMMU processing ..."
>>
> We call both because SCI and IOMMU cover different concerns and a DT 
> device may need
> both: SCI for FW-mediated access control (power/clocks/reset) and IOMMU 
> for DMA isolation.
> SCI returning success does not mean the IOMMU work is redundant.

Can the comment then please be updated to properly call out this dual
requirement?

> - sci_do_domctl() returns -ENXIO when it has nothing to do (non-DT, no 
> mediator, mediator lacks assign hook).
> That is the “not handled by SCI” sentinel; in that case the code 
> proceeds to IOMMU normally.
> -  When sci_do_domctl() succeeds (0), the device may still require IOMMU 
> programming
> (e.g., DT device has an iommus property). Skipping iommu_do_domctl() 
> would leave DMA isolation unprogrammed.
> 
> The final if (ret1 != -ENXIO) ret = ret1; ensures that if both paths ran 
> and IOMMU succeeded,
> an SCI failure is still reported to the caller.
> 
> Device-tree examples to illustrate the dual roles:
> 1. Access-controlled DT device (not necessarily IOMMU-protected):
> 
> i2c3: i2c@e6508000 {
>      compatible = "renesas,rcar-gen3-i2c";
>      reg = <0 0xe6508000 0 0x40>;
>      power-domains = <&scmi_pd 5>;      // FW-managed power domain
>      clocks = <&scmi_clk 12>;
>      clock-names = "fck";
>      access-controllers = <&scmi_xen 0>;
>      // no iommus property: SCI may need to authorize/power this device; 
> IOMMU has nothing to do
> };
> 
> 2. IOMMU-protected DT device that still may need SCI mediation:
> vpu: video@e6ef0000 {
>      compatible = "renesas,rcar-vpu";
>      reg = <0 0xe6ef0000 0 0x10000>;
>      iommus = <&ipmmu 0 0>;             // needs IOMMU mapping for DMA 
> isolation
>      power-domains = <&scmi_pd 7>;      // FW-managed power/clock/reset
>      clocks = <&scmi_clk 34>;
>      access-controllers = <&scmi_xen 0>;
>      clock-names = "vpu";
> };
>>> --- a/xen/drivers/passthrough/device_tree.c
>>> +++ b/xen/drivers/passthrough/device_tree.c
>>> @@ -379,6 +379,12 @@ int iommu_do_dt_domctl(struct xen_domctl *domctl, 
>>> struct domain *d,
>>>               break;
>>>           }
>>>   
>>> +        if ( !dt_device_is_protected(dev) )
>>> +        {
>>> +            ret = 0;
>>> +            break;
>>> +        }
>>> +
>>>           ret = iommu_assign_dt_device(d, dev);
>>>   
>>>           if ( ret )
>> How are DT and PCI different in this regard?
> Please find examples above.

Sorry, but I can't spot anything PCI-ish in the examples above. Then again I
also no longer recall why I compared with PCI here. Oh, perhaps because the
PCI side isn't being modified at all.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.