RE: How to express "externally managed" IOMMU domains for VFIO/IOMMUFD ?

Next message: Marc Zyngier: "Re: [PATCH] KVM: arm64: Validate the FF-A memory access descriptor placement"
Previous message: Bartosz Golaszewski: "Re: [RFC PATCH v2 0/3] gpio: add PMIO support to gpio-mmio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tian, Kevin

Date: Thu Apr 23 2026 - 04:08:46 EST

> From: Teddy Astie
> Sent: Wednesday, April 22, 2026 11:59 PM
>
> Hello,
>
> On Xen, for PV-IOMMU [1], we have IOMMU support in Dom0, which in
> particular allows using VFIO and IOMMUFD from Dom0.
>
> However, its interactions with PCI Passthrough are unclear, and it would

VFIO manages PCI passthrough. since it's already allowed which part of
interaction is unclear?

> be preferable to let the kernel handle some of this logic. That would
> for instance avoid situations where toolstack causes Xen and Linux to go
> out of sync on where devices belong.

what is 'some of this logic' and what is the exact out-of-sync scenario?

>
> On Xen, we have a dedicated hypercalls for moving a device into another
> guest (so it no longer belongs in Dom0, at far as DMA is concerned).
>
> But it looks like there are no way to describe that idea of "attach that
> device to this VM" nor "the device is in a VM"; which makes that
> impracticable.
>
> There may be things that could be done with the vIOMMU objects, but
> there would be no "parent domain" in such case, as said earlier it
> doesn't exist in the IOMMU subsystem.
>
> What is expected to be done instead ?
>
> Teddy
>
> [1] https://www.youtube.com/watch?v=pLMGRgEJ-Eg
>

It'd be much easier to collect comments if you can put plain words
to explain the problem rather than expecting other folks to watch
the video first...