[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v6 1/5] xen/domctl: extend XEN_DOMCTL_assign_device to handle not only iommu

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Oleksii Moisieiev <Oleksii_Moisieiev@xxxxxxxx>
  • Date: Mon, 12 Jan 2026 15:54:08 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/Ql83DLzwt2KYkFDfneGGmEtBaBuXc+nDX+/yAANOHI=; b=vOEM3Z4LxgdVVAQYosCINrt/0otIDp9fhmuqKQjKpwN74NDmmGzDrl7BRjiuNSA5OSlHIt8YTsz+0anajCFZk+2+hhcJVBccGsgUTuo9Uf6CbFzTFxrn56EzcElaPWfeY+/pOFhggF14t9d+sDHgLJfouMIuifHHKhrynhZEuj3dHr94VABJ1xmSqZ8UVq55b5swjJ5e1OW/0+za3d0ju9T0ssL/zoEqwKidGXuN5XzVnZmCcvVJq9j2w64nU9dMTWXLpc60DycK86dHp9Kw0EWNdiXBLUNFu6lEnVjLg8L7DMxg2/pKcCmcYCm+XWuQDlVcYr4TAAIDa/KAO7ehxQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=iJdeRu7uBldq23dVPVVkKtCXCEkJ+lSloucfQnx+lZAZf70FhLelg4PkUSB68IlUtG6iY+1LytdLzORHNU6zkCK/KeFt/vasqt2sY4r/peuBKOQzZY7ccO2arzAq5cZGn2xeMojzDcNHevkdbhGQCD5AQetuLk/QWMTKT9+w9czK/qxhcWttxbTw+gJW/Z25awbv8YygC9tV74Rg2DfrHIk+/oN3+SazDMl6wrFi8+l+Gf/sNuHepob3e3q5TjqYGqOUUuB9QfPYkOP4Wnkb0kvbt8JQrCG1VP5aZtQeH+Xp8E+iAKNl+wp5TNBSxtyQOodZuu6/Bb7SllqjbceGWQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Grygorii Strashko <grygorii_strashko@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 12 Jan 2026 15:54:27 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHcSyafS16SOr0Uk0OkeRdy8jd8CrVPHVoAgAADtoA=
  • Thread-topic: [PATCH v6 1/5] xen/domctl: extend XEN_DOMCTL_assign_device to handle not only iommu

On 12/01/2026 17:40, Jan Beulich wrote:
> On 12.01.2026 16:16, Oleksii Moisieiev wrote:
>> On 06/11/2025 12:09, Jan Beulich wrote:
>>> On 01.11.2025 12:56, Oleksii Moisieiev wrote:
>>>> @@ -827,7 +828,32 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
>>>> u_domctl)
>>>>        case XEN_DOMCTL_test_assign_device:
>>>>        case XEN_DOMCTL_deassign_device:
>>>>        case XEN_DOMCTL_get_device_group:
>>>> +        int ret1;
>>>> +
>>>> +        /*
>>>> +         * Add chained handling of assigned DT devices to support
>>>> +         * access-controller functionality through SCI framework, so
>>>> +         * DT device assign request can be passed to FW for processing and
>>>> +         * enabling VM access to requested device.
>>>> +         * The access-controller DT device processing is chained before 
>>>> IOMMU
>>>> +         * processing preserving return code and expected to be executed 
>>>> for
>>>> +         * any DT device regardless if DT device is protected by IOMMU or
>>>> +         * not (or IOMMU is disabled).
>>>> +         */
>>>> +        ret1 = sci_do_domctl(op, d, u_domctl);
>>> Why would this not be the initializer of the new variable? (I also don't 
>>> think
>>> that we've decided to permit variable declarations at other than the top of
>>> scopes or within e.g. a for() loop control construct.)
>>>
>> +
>>>>            ret = iommu_do_domctl(op, d, u_domctl);
>>>> +        if ( ret < 0 )
>>>> +            return ret;
>>> Why would you invoke both in all cases? If sci_do_domctl() handled the 
>>> request,
>>> there isn't any point in also invoking iommu_do_domctl(), is there? Or else 
>>> is
>>> there maybe some crucial aspect missing from the description (or not 
>>> explicit
>>> enough there for a non-SCI person like me)?
>>>
>>> Also this doesn't look to fit the description saying "The SCI 
>>> access-controller
>>> DT device processing is chained after IOMMU processing ..."
>>>
>> We call both because SCI and IOMMU cover different concerns and a DT
>> device may need
>> both: SCI for FW-mediated access control (power/clocks/reset) and IOMMU
>> for DMA isolation.
>> SCI returning success does not mean the IOMMU work is redundant.
> Can the comment then please be updated to properly call out this dual
> requirement?
Yes, for sure.
>> - sci_do_domctl() returns -ENXIO when it has nothing to do (non-DT, no
>> mediator, mediator lacks assign hook).
>> That is the “not handled by SCI” sentinel; in that case the code
>> proceeds to IOMMU normally.
>> -  When sci_do_domctl() succeeds (0), the device may still require IOMMU
>> programming
>> (e.g., DT device has an iommus property). Skipping iommu_do_domctl()
>> would leave DMA isolation unprogrammed.
>>
>> The final if (ret1 != -ENXIO) ret = ret1; ensures that if both paths ran
>> and IOMMU succeeded,
>> an SCI failure is still reported to the caller.
>>
>> Device-tree examples to illustrate the dual roles:
>> 1. Access-controlled DT device (not necessarily IOMMU-protected):
>>
>> i2c3: i2c@e6508000 {
>>       compatible = "renesas,rcar-gen3-i2c";
>>       reg = <0 0xe6508000 0 0x40>;
>>       power-domains = <&scmi_pd 5>;      // FW-managed power domain
>>       clocks = <&scmi_clk 12>;
>>       clock-names = "fck";
>>       access-controllers = <&scmi_xen 0>;
>>       // no iommus property: SCI may need to authorize/power this device;
>> IOMMU has nothing to do
>> };
>>
>> 2. IOMMU-protected DT device that still may need SCI mediation:
>> vpu: video@e6ef0000 {
>>       compatible = "renesas,rcar-vpu";
>>       reg = <0 0xe6ef0000 0 0x10000>;
>>       iommus = <&ipmmu 0 0>;             // needs IOMMU mapping for DMA
>> isolation
>>       power-domains = <&scmi_pd 7>;      // FW-managed power/clock/reset
>>       clocks = <&scmi_clk 34>;
>>       access-controllers = <&scmi_xen 0>;
>>       clock-names = "vpu";
>> };
>>>> --- a/xen/drivers/passthrough/device_tree.c
>>>> +++ b/xen/drivers/passthrough/device_tree.c
>>>> @@ -379,6 +379,12 @@ int iommu_do_dt_domctl(struct xen_domctl *domctl, 
>>>> struct domain *d,
>>>>                break;
>>>>            }
>>>>    
>>>> +        if ( !dt_device_is_protected(dev) )
>>>> +        {
>>>> +            ret = 0;
>>>> +            break;
>>>> +        }
>>>> +
>>>>            ret = iommu_assign_dt_device(d, dev);
>>>>    
>>>>            if ( ret )
>>> How are DT and PCI different in this regard?
>> Please find examples above.
> Sorry, but I can't spot anything PCI-ish in the examples above. Then again I
> also no longer recall why I compared with PCI here. Oh, perhaps because the
> PCI side isn't being modified at all.
>
> Jan
Correct, pci code wasn't touched by these changes.

BR,
Oleksii

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.