Re: [PATCH V3 03/10] iommufd: Allow binding to a noiommu device
From: Jason Gunthorpe
Date: Thu Apr 09 2026 - 13:07:30 EST
On Thu, Apr 02, 2026 at 10:11:39PM -0700, Jacob Pan wrote:
> From: Jason Gunthorpe <jgg@xxxxxxxxxx>
>
> Allow iommufd to bind devices without an IOMMU (noiommu mode) by creating
> a dummy IOMMU group for such devices and skipping hwpt operations.
>
> This enables noiommu devices to operate through the same iommufd API as IOMMU-
> capable devices.
>
> Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Signed-off-by: Jacob Pan <jacob.pan@xxxxxxxxxxxxxxxxxxx>
>
> ---
> v3:
> - handle new error cases iommufd_device_bind. (Mostafa)
> ---
> drivers/iommu/iommufd/device.c | 126 +++++++++++++++++++++++----------
> 1 file changed, 87 insertions(+), 39 deletions(-)
> @@ -294,11 +334,10 @@ struct iommufd_device *iommufd_device_bind(struct iommufd_ctx *ictx,
> *id = idev->obj.id;
> return idev;
>
> -out_release_owner:
> - iommu_device_release_dma_owner(dev);
> -out_group_put:
> - iommufd_put_group(igroup);
> +err_out:
> + iommufd_object_abort_and_destroy(ictx, &idev->obj);
> return ERR_PTR(rc);
I fed this to Sashiko and it pointed out the abort flow here will call
iommufd_device_destroy() bit it isn't prepared to handle a partially
initialized idev. It looks like igroup is only set once it is
sufficiently initialized so:
@@ -211,6 +211,8 @@ void iommufd_device_destroy(struct iommufd_object *obj)
struct iommufd_device *idev =
container_of(obj, struct iommufd_device, obj);
+ if (!idev->igroup)
+ return;
if (!is_vfio_noiommu(idev))
iommu_device_release_dma_owner(idev->dev);
iommufd_put_group(idev->igroup);
Should fix it, but lets add a comment because it is pretty fragile:
@@ -335,6 +337,10 @@ struct iommufd_device *iommufd_device_bind(struct iommufd_ctx *ictx,
return idev;
err_out:
+ /*
+ * Be careful that iommufd_device_destroy() can handle partial
+ * initialization.
+ */
iommufd_object_abort_and_destroy(ictx, &idev->obj);
return ERR_PTR(rc);
Jason