On Fri, Dec 09, 2022 at 04:44:06PM +0000, Robin Murphy wrote:
> Isn't the problem with this that it's super-early, and a device's MSI domain
> may not actually be resolved until someone starts requesting MSIs for it?
> Maybe Thomas' ongoing per-device stuff changes that, but I'm not
> sure :/
Yes, this looks correct, OK, so I will do Kevin's thought
Thanks!
> Furthermore, even if the system does have a topology with multiple
> heterogeneous MSI controllers reachable by devices behind the same
> IOMMU,
Sure, but this doesn't exist and my thinking was to put a big red flag
here in case someone actually wants to try to do it - most likely it
is a bug not a real thing
I re-did things to use this new function, iommufd and vfio just
trivially call it
+/**
+ * iommu_group_has_isolated_msi() - Compute msi_device_has_isolated_msi()
+ * for a group
+ * @group: Group to query
+ *
+ * IOMMU groups should not have differing values of
+ * msi_device_has_isolated_msi() for devices in a group. However nothing
+ * directly prevents this, so ensure mistakes don't result in isolation failures
+ * by checking that all the devices are the same.
+ */
+bool iommu_group_has_isolated_msi(struct iommu_group *group)
+{
+ struct group_device *group_dev;
+ bool ret = true;
+
+ mutex_lock(&group->mutex);
+ list_for_each_entry(group_dev, &group->devices, list)
+ ret &= msi_device_has_isolated_msi(group_dev->dev) ||
+ device_iommu_capable(group_dev->dev,
+ IOMMU_CAP_INTR_REMAP);
+ mutex_unlock(&group->mutex);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(iommu_group_has_isolated_msi);
