Xen project Mailing List

Re: [PATCH v3 18/23] xen/riscv: implement IRQ routing for device passthrough

To: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>

Date: Thu, 25 Jun 2026 08:08:07 +0200

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:From:Content-Language:References:Cc:To:Subject:User-Agent:MIME-Version:Date:Message-ID"

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Romain Caritey <Romain.Caritey@xxxxxxxxxxxxx>, Alistair Francis <alistair.francis@xxxxxxx>, Connor Davis <connojdavis@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 25 Jun 2026 06:08:17 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 24.06.2026 17:21, Oleksii Kurochko wrote: > On 6/22/26 5:57 PM, Jan Beulich wrote: >> On 17.06.2026 13:17, Oleksii Kurochko wrote: >>> --- a/xen/arch/riscv/include/asm/intc.h >>> +++ b/xen/arch/riscv/include/asm/intc.h >>> @@ -13,6 +13,7 @@ enum intc_version { >>> }; >>> >>> struct cpu_user_regs; >>> +struct domain; >>> struct irq_desc; >>> struct kernel_info; >>> struct vcpu; >>> @@ -32,6 +33,9 @@ struct intc_hw_operations { >>> /* hw_irq_controller to enable/disable/eoi host irq */ >>> const struct hw_interrupt_type *host_irq_type; >>> >>> + /* hw_irq_controller to enable/disable/eoi guest irq */ >>> + const struct hw_interrupt_type *guest_irq_type; >> >> It's likely my limited RISC-V knowledge that I find this extremely odd: >> Separate struct hw_interrupt_type-s for host and guest? > > The guest and host interrupt controllers may handle some > hw_irq_controller operations differently, even though the operations > themselves are conceptually the same. The hw_irq_controller interface > provides fairly abstract interrupt controller operations, but the > underlying implementation may differ depending on whether the controller > is used by the host or a guest. > > As an example, the Arm code already follows this approach: > > /* XXX different for level vs edge */ > static hw_irq_controller gicv2_host_irq_type = { > .typename = "gic-v2", > .startup = gicv2_irq_startup, > .shutdown = gicv2_irq_shutdown, > .enable = gicv2_irq_enable, > .disable = gicv2_irq_disable, > .ack = gicv2_irq_ack, > .end = gicv2_host_irq_end, > .set_affinity = gicv2_irq_set_affinity, > }; > > static hw_irq_controller gicv2_guest_irq_type = { > .typename = "gic-v2", > .startup = gicv2_irq_startup, > .shutdown = gicv2_irq_shutdown, > .enable = gicv2_irq_enable, > .disable = gicv2_irq_disable, > .ack = gicv2_irq_ack, > .end = gicv2_guest_irq_end, > .set_affinity = gicv2_irq_set_affinity, > }; > > These implementations reuse almost all interrupt controller operations, > differing only in the .end callback. Which I'm having trouble with as well. Interrupts are handled by Xen. What guests get to see are virtualized interrupts (no matter how much HW acceleration may be in use). Hence I'm having difficulty to see such a split justified. >>> +#ifdef CONFIG_IRQ_HAS_MULTIPLE_ACTION >>> + for ( ;; ) >>> + { >>> + action = *action_ptr; >>> + if ( !action ) >>> + { >>> + printk(XENLOG_WARNING "Trying to free already-free IRQ %u\n", >>> irq); >>> + spin_unlock_irqrestore(&desc->lock, flags); >>> + return; >>> + } >>> + >>> + if ( action->dev_id == dev_id ) >>> + break; >>> + >>> + action_ptr = &action->next; >>> + } >>> + >>> + /* Found it - remove it from the action list */ >>> + *action_ptr = action->next; >>> +#else >>> + action = *action_ptr; >>> + *action_ptr = NULL; >>> +#endif >>> + >>> + /* If this was the last action, shut down the IRQ */ >>> + if ( !desc->action ) >>> + { >>> + desc->handler->shutdown(desc); >>> + __clear_bit(_IRQ_GUEST, &desc->status); >>> + } >>> + >>> + spin_unlock_irqrestore(&desc->lock,flags); >>> + >>> + /* Wait to make sure it's not being used on another CPU */ >>> + do { smp_mb(); } while ( test_bit(_IRQ_INPROGRESS, &desc->status) ); >> >> Can you explain to me what the purpose of this barrier is? > > if do_IRQ() was called and: > desc->status |= IRQ_INPROGRESS; > was called we have to wait while irq will be handled to avoid NULL > pointer derefenece caused by in do_IRQ(): > action = desc->action; > > So if release_irq() and do_irq() are called on different CPUs we want to > be sure that do_IRQ() make desc->status visiable for all CPUs. For that you need smp_rmb(), not smp_mb(). And then it needs to be clear what the write-side counterpart is (presumably the spin-unlock in do_IRQ()). >>> +int release_guest_irq(struct domain *d, unsigned int virq) >>> +{ >>> + struct irq_desc *desc = irq_to_desc(virq); >>> + struct irq_guest *info; >>> + unsigned long flags; >>> + >>> + spin_lock_irqsave(&desc->lock, flags); >>> + >>> + if ( !test_bit(_IRQ_GUEST, &desc->status) ) >>> + goto unlock_err; >>> + >>> + info = irq_get_guest_info(desc); >>> + if ( d != info->d ) >>> + goto unlock_err; >>> + >>> + spin_unlock_irqrestore(&desc->lock, flags); >>> + >>> + release_irq(desc->irq, info); >>> + xvfree(info); >> >> So you drop the lock keeping the info associated with desc in place. How >> do you know what you free here is the correct thing, and isn't in use >> elsewhere? > > The object freed is captured under desc->lock (info = > irq_get_guest_info(desc)), so it is by construction the dev_id of the > action attached to this desc, it can't be a stale or wrong pointer. Why would this be? Another request_irq() (or whatever it is) can race this, can't it? Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.