On Fri, Nov 19, 2021 at 07:14:10PM +0800, Lu Baolu wrote: > The singleton group requirement for iommu_attach/detach_device() was > added by below commit: > > commit 426a273834eae65abcfc7132a21a85b3151e0bce > Author: Joerg Roedel <jroedel@xxxxxxx> > Date: Thu May 28 18:41:30 2015 +0200 > > iommu: Limit iommu_attach/detach_device to devices with their own group > > This patch changes the behavior of the iommu_attach_device > and iommu_detach_device functions. With this change these > functions only work on devices that have their own group. > For all other devices the iommu_group_attach/detach > functions must be used. > > Signed-off-by: Joerg Roedel <jroedel@xxxxxxx> > > Joerg,can you please shed some light on the background of this > requirement? Does above idea of transition from singleton group > to group with single driver bound make sense to you? This change came to be because the iommu_attach/detach_device() interface doesn't fit well into a world with iommu-groups. Devices within a group are by definition not isolated between each other, so they must all be in the same address space (== iommu_domain). So it doesn't make sense to allow attaching a single device within a group to a different iommu_domain. I know that in theory it is safe to allow devices within a group to be in different domains because there iommu-groups catch multiple non-isolation cases: 1) Devices behind a non-ACS capable bridge or multiple functions of a PCI device. Here it is safe to put the devices into different iommu-domains as long as all affected devices are controlled by the same owner. 2) Devices which share a single request-id and can't be differentiated by the IOMMU hardware. These always need to be in the same iommu_domain. To lift the single-domain-per-group requirement the iommu core code needs to learn the difference between the two cases above. Regards, Joerg
