[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 00/23] Add SMMUv3 Stage 1 Support for Xen guests

To: Milan Djokic <milan_djokic@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Tue, 14 Apr 2026 11:21:52 +0900
Cc: Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Nick Rosbrook <enr0n@xxxxxxxxxx>, George Dunlap <gwd@xxxxxxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 14 Apr 2026 02:22:05 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Milan,

On 31/03/2026 10:51, Milan Djokic wrote:

This patch series provides emulated SMMUv3 support in Xen, enabling stage-1
translation for the guest OS.

Stage 1 translation support is required to provide isolation between different
devices within OS. Xen already supports Stage 2 translation but there is no
support for Stage 1 translation. The goal of this work is to support Stage 1
translation for Xen guests.

This patch series represents a continuation of work from Rahul Singh:
https://patchwork.kernel.org/project/xen-devel/cover/cover.1669888522.git.rahul.singh@xxxxxxx/
Original patch series is aligned with the newest Xen structure, with the
addition
of translation layer which provides 1:N vIOMMU->pIOMMU mapping, in order to
support passthrough of the devices attached to different physical IOMMUs.

We cannot trust the guest OS to control the SMMUv3 hardware directly as
compromised guest OS can corrupt the SMMUv3 configuration and make the system
vulnerable. The guest gets the ownership of the stage 1 page tables and also
owns stage 1 configuration structures. The Xen handles the root configuration
structure (for security reasons), including the stage 2 configuration.

XEN will emulate the SMMUv3 hardware and expose the virtual SMMUv3 to the
guest. Guest can use the native SMMUv3 driver to configure the stage 1
translation. When the guest configures the SMMUv3 for Stage 1, XEN will trap
the access and configure hardware.

SMMUv3 Driver(Guest OS) -> Configure the Stage-1 translation ->
XEN trap access -> XEN SMMUv3 driver configure the HW.

The final patch series commit provides a design document for the emulated
IOMMU (arm-viommu.rst), which was previously discussed with the maintainers.
Details regarding implementation, future work and security risks are outlined
in this document.

---
Changes in v2:
- Updated design and implementation with vIOMMU->pIOMMU mapping layer
- Addressed security risks in the design, provided initial performance
measurements
- Addressed comments from previous version
- Tested on Renesas R-Car platform, initial performance measurements for
stage-1 vs stage-1-less guests
---

---
Changes in v3:
- Bump domctl version, added explicit padding for the new domctl structures
- Remove unnecessary changes according to review comments
- Add "ARM" prefix for vIOMMU Kconfig options, since only ARM architecture is
supported at this point
- Re-generate go code
- Add missing commit sign-off tags

Can you please avoid posting new revision in reply-to a previous one?This makes tracking quite difficult on the reviewer side. So I ended upstarting to post comments on v2. Please have a look at them.


Cheers,

--
Julien Grall

Prev by Date: Re: [PATCH v2 02/23] xen/arm: smmuv3: Add support for stage-1 and nested stage translation
Next by Date: [PATCH] xen/arm64: flushtlb: Optimize ARM64_WORKAROUND_REPEAT_TLBI
Previous by thread: Re: [PATCH v2 02/23] xen/arm: smmuv3: Add support for stage-1 and nested stage translation
Next by thread: [PATCH] xen/arm64: flushtlb: Optimize ARM64_WORKAROUND_REPEAT_TLBI
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.