Re: [PATCH v4 4/7] iommu: Switch __iommu_domain_alloc() to device ops
From: Jason Gunthorpe
Date: Mon Oct 02 2023 - 10:16:32 EST
On Mon, Oct 02, 2023 at 02:49:12PM +0100, Robin Murphy wrote:
> @@ -2120,20 +2120,30 @@ static struct iommu_domain *__iommu_domain_alloc(const struct iommu_ops *ops,
> return domain;
> }
>
> -static struct iommu_domain *
> -__iommu_group_domain_alloc(struct iommu_group *group, unsigned int type)
> +static int __iommu_domain_alloc_dev(struct device *dev, void *data)
> {
Why? The point of this design is that drivers are not allowed to
allocate different things for devices in the same group. So we always
force the driver to see only the first device in the group even if we
have a more specific device available in the call chain.
This patch has undone this design and passed in more specific devs :(
The new code here:
> struct iommu_domain *iommu_domain_alloc(const struct bus_type *bus)
> {
> - if (bus == NULL || bus->iommu_ops == NULL)
> + struct device *dev = NULL;
> +
> + /* We always check the whole bus, so the return value isn't useful */
> + bus_for_each_dev(bus, NULL, &dev, __iommu_domain_alloc_dev);
> + if (!dev)
> return NULL;
> - return __iommu_domain_alloc(bus->iommu_ops, NULL,
> - IOMMU_DOMAIN_UNMANAGED);
> +
> + return __iommu_domain_alloc(dev, IOMMU_DOMAIN_UNMANAGED);
> }
> EXPORT_SYMBOL_GPL(iommu_domain_alloc);
Should just obtain any group for the bus and pass that to
__iommu_group_domain_alloc().
Also, how does the locking work here? Definately can't pass dev
outside the bus_for_each_dev() like this.
If this needs to sweep over arbitary devices that are not the caller's
probe'd device it needs to hold at least the device_lock to prevent
racing with release.
So I'd structure this to find the matching device, lock the
device_lock, get the group refcount, unlock the device_lock then
get the group_mutex, check for non-empty and then call
__iommu_group_domain_alloc()
(there is a missing lockdep annotation in
__iommu_group_domain_alloc(), the group mutex is needed)
Jason