Re: [PATCH 01/11] iommu: Add device dma ownership set/release interfaces

From: Jörg Rödel
Date: Fri Nov 19 2021 - 10:06:27 EST


On Fri, Nov 19, 2021 at 07:14:10PM +0800, Lu Baolu wrote:
> The singleton group requirement for iommu_attach/detach_device() was
> added by below commit:
>
> commit 426a273834eae65abcfc7132a21a85b3151e0bce
> Author: Joerg Roedel <jroedel@xxxxxxx>
> Date: Thu May 28 18:41:30 2015 +0200
>
> iommu: Limit iommu_attach/detach_device to devices with their own group
>
> This patch changes the behavior of the iommu_attach_device
> and iommu_detach_device functions. With this change these
> functions only work on devices that have their own group.
> For all other devices the iommu_group_attach/detach
> functions must be used.
>
> Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
>
> Joerg,can you please shed some light on the background of this
> requirement? Does above idea of transition from singleton group
> to group with single driver bound make sense to you?

This change came to be because the iommu_attach/detach_device()
interface doesn't fit well into a world with iommu-groups. Devices
within a group are by definition not isolated between each other, so
they must all be in the same address space (== iommu_domain). So it
doesn't make sense to allow attaching a single device within a group to
a different iommu_domain.

I know that in theory it is safe to allow devices within a group to be
in different domains because there iommu-groups catch multiple
non-isolation cases:

1) Devices behind a non-ACS capable bridge or multiple functions
of a PCI device. Here it is safe to put the devices into
different iommu-domains as long as all affected devices are
controlled by the same owner.

2) Devices which share a single request-id and can't be
differentiated by the IOMMU hardware. These always need to be
in the same iommu_domain.

To lift the single-domain-per-group requirement the iommu core code
needs to learn the difference between the two cases above.

Regards,

Joerg