[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 02/23] xen/arm: smmuv3: Add support for stage-1 and nested stage translation

To: Julien Grall <julien@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Milan Djokic <milan_djokic@xxxxxxxx>
Date: Mon, 8 Jun 2026 11:25:19 +0200
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=apLdSircczYnTWe9zXrJPb7nc9E74AgPYo3ia4U+13o=; b=l5VyjrjW7cFKk6AIq36DF9Lmy009tof+jNJkEXbqhhHnVzEyvumauv1zgnK4FPjkp6iIwYE2c5cZrvUdRgf9wNfNCnRpE9qsaaE80AFb96/bTODZzxVhkaSTbS8AAT7g3AMV0a/uD4pFuvECltFYoTVChhGLYstRuUf7UKhrY5E6vLf4XWFArCVHR+vNWzA0KMcpRgzSFp1c/KA1oaMHjtjVtD3YUNLRxzEFrNGN+RNQKxeWoERr9qIyrOOjwgAF/oq0lKkCkMgtr5VDky1NIfZu/zlDZUDiMbK+l2qbwmlu0g66CVCfYK/nUhKK5s80VzNKbbuHEE9D/hTdRcQRAw==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=uvXtUC/SdJxYSs1g3SXBRUpgZmHBXEgGcCUpBD3oKj9/53/x5FQw2J1k5GB3AohGaeSN4keedaDBobyvU48romkp5zYKRscjGKcluj7GKpvMVdI0n0vhGZhgnx1jQF+PjrImY8qhfehmtIeyRvqgaYjNDbeD0rAzaYCkab26dIm1UMR+OfBFkXNazSyzmOdkIpYIDG/HdvxYqeJ3WmUWsdQ4ekll0gHmE/LIUDPcOeFbPX9WuBMl/h21q4s17IBZ4Z8IpOdUMXIBow5ncJhahbMfjig3JtSBQ3Yya3TqiQSg5hNfnHWbzmB0Cgj/smgVtrEU61/KyJB7zHYK2WqRGw==
Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=epam.com header.i="@epam.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
Cc: Rahul Singh <rahul.singh@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
Delivery-date: Mon, 08 Jun 2026 09:25:41 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Julien,

On 5/24/26 13:00, Julien Grall wrote:

Hi Milan,

On 28/04/2026 11:16, Milan Djokic wrote:

The original idea was to also allow stage-1-only support. But I'm not
sure if stage-1-only usecase is useful or even valid for Xen.. I will
update the patch series with the missing parts for stage-1-only support,
pointed out by Luca, but the question remains if this is needed at all.
If not, I can revert to original state where stage-2 was always
required.


By "stage-1 only" support, do you mean Xen would use the stage-1 in
replacement of the stage-2? Or do you mean the guest will use the
stage-1 page-table and there will be no isolation from Xen?

If the former, then I believe the page tables don't have the exact same
format. Today, the page-tables are shared between the CPU and IOMMU, so
this would need to be duplicated. For now, I am not sure this is worth
to do.

If the latter, this would require the guest to be directly mapped (i.e.
IPA == PA) but it would also open a big hole. So I would want to
understand the exact use case first.


The latter. In this case, the guest would configure stage-1 while
stage-2 translation is not used, so there is no additional isolation
enforced by Xen. This would only be intended for specific usecases with
trusted domains. But yes, this opens a significant hole if used with
untrusted guests. If there is no strong usecase, we could restrict the
implementation to always require stage-2.


It is still unclear what would be the exact use-case. Is it a system
where the SMMU doesn't support stage-2? Performance reason?

This primarily targets systems where the SMMU does not support Stage-2translation.If we decide to keep this code, I will address the associated securityconsiderations and document the corresponding AoU in the design.Otherwise, we can fall back to supporting only the "nested" translationcase.

Overall, I would rather not add any extra code in Xen without any strong
use case.

Cheers,


BR,
Milan

Follow-Ups:
- Re: [PATCH v2 02/23] xen/arm: smmuv3: Add support for stage-1 and nested stage translation
  - From: Julien Grall

Prev by Date: Re: [PATCH for-4.22] docs: remove non-breaking space from xen-command-line
Next by Date: [PATCH] xenstore-paths: Allow subnet prefix in IP address
Previous by thread: [PATCH for-4.22] docs: remove non-breaking space from xen-command-line
Next by thread: Re: [PATCH v2 02/23] xen/arm: smmuv3: Add support for stage-1 and nested stage translation
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.