[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: How to express "externally managed" IOMMU domains for VFIO/IOMMUFD ?
- To: Jason Gunthorpe <jgg@xxxxxxxx>
- From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
- Date: Thu, 7 May 2026 08:02:40 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pcnZj613tpFQBAUDwRchklhfCdz+IyCwboM0ZJtkehA=; b=Fmzhm55YiXz9L8m1D4l8K0+Dxw4fkO9074fVVjvcWswZJAH3BrnT2+/1jhPKZPehLxFrXa/kMUgICK+eahjcI3h+LoSXbkxzKN1+Moypwy9vqvgGv+ckYa99+jFCJ3PUSRly7R+A+H84CTYqI23S9k8YVErBdcxtYZSlcOQMhYoETefRjhmgZ6m2EpJPeerlqDhLu7wEKLzng8FuZ3hdY+aWCkRcFocG9XtW1vaKcfFYUY91z8LBtw2GaA0KbWAhy9AkfaeeYvo+cAnP8dgd4l+8C05aDdjNjfQEfIbiJIW3NvsIUw0Jd6SvQOiY65Dh7PcTr4bqjlOyVZP/l5RCug==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EIx0dIDsMSBZmpH57Ql10hs5s0ABl9zK+9Q368yZi5VsvaC+HF5IAfzFM//1UCp9yw3VHlBVsmSIh/us9xGQhOamivcPjlMA/ncdhuijMp0YolESRa1VxEiWY9YUpD8Hmqfk5SYfORGL5LLqkaytHrjce1yRc4u9pCvc2ZzlAk1jGhNmCR7nezBYWvigonwxuDMCWmvYOuci1ugoVs7reZofO4g70UXSEskevO31RlIbzqP4Kibluy50LYq+qGpgY4ODRWTTUBAYey0cpq1jlhmBzxTsO7KRX5yyoIxHBHz8bkkqLeGq3djHRG9zYHXmQeaREr6TNmAHC7eWMEHRzw==
- Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=Intel header.d=intel.com header.i="@intel.com" header.h="From:To:CC:Subject:Date:Message-ID:References:In-Reply-To:Content-Transfer-Encoding:MIME-Version"
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
- Cc: Teddy Astie <teddy.astie@xxxxxxxxxx>, "iommu@xxxxxxxxxxxxxxx" <iommu@xxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Thu, 07 May 2026 08:02:59 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHc0nD/HbUzotrTgkKZyZa10hSZGrXsSRwAgAUTsYCAEOr18A==
- Thread-topic: How to express "externally managed" IOMMU domains for VFIO/IOMMUFD ?
> From: Jason Gunthorpe <jgg@xxxxxxxx>
> Sent: Sunday, April 26, 2026 9:30 PM
>
> On Thu, Apr 23, 2026 at 08:01:50AM +0000, Tian, Kevin wrote:
> > > On Xen, we have a dedicated hypercalls for moving a device into another
> > > guest (so it no longer belongs in Dom0, at far as DMA is concerned).
> > >
> > > But it looks like there are no way to describe that idea of "attach that
> > > device to this VM" nor "the device is in a VM"; which makes that
> > > impracticable.
> > >
> > > There may be things that could be done with the vIOMMU objects, but
> > > there would be no "parent domain" in such case, as said earlier it
> > > doesn't exist in the IOMMU subsystem.
> > >
> > > What is expected to be done instead ?
> > >
> > > Teddy
> > >
> > > [1] https://www.youtube.com/watch?v=pLMGRgEJ-Eg
> > >
> >
> > It'd be much easier to collect comments if you can put plain words
> > to explain the problem rather than expecting other folks to watch
> > the video first...
>
> It sounds like CC and pkvm to me so I think it should re-use those
> mechanisms..
>
for CC and pkvm the guest memory is still allocated from host.
for Xen the guest memory is allocated from hypervisor and invisible
to Dom0. iirc its device assignment is implemented by the toolstack
issuing hypercall to hypervisor, bypassing the Dom0 kernel.
I don't know the latest status in Xen side. Seems it's still the case and
Astie is trying to find a way to orchestrate it via VFIO. But it's unclear
what his proposal is...
|
