Commit 6086efe7 authored by Yi Liu's avatar Yi Liu Committed by Alex Williamson

vfio-iommufd: Move noiommu compat validation out of vfio_iommufd_bind()

This moves the noiommu compat validation logic into vfio_df_group_open().
This is more consistent with what will be done in vfio device cdev path.
Reviewed-by: default avatarKevin Tian <kevin.tian@intel.com>
Reviewed-by: default avatarJason Gunthorpe <jgg@nvidia.com>
Tested-by: default avatarTerrence Xu <terrence.xu@intel.com>
Tested-by: default avatarNicolin Chen <nicolinc@nvidia.com>
Tested-by: default avatarMatthew Rosato <mjrosato@linux.ibm.com>
Tested-by: default avatarYanting Jiang <yanting.jiang@intel.com>
Tested-by: default avatarShameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Tested-by: default avatarZhenzhong Duan <zhenzhong.duan@intel.com>
Signed-off-by: default avatarYi Liu <yi.l.liu@intel.com>
Link: https://lore.kernel.org/r/20230718135551.6592-11-yi.l.liu@intel.comSigned-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
parent 839e692f
...@@ -192,6 +192,19 @@ static int vfio_df_group_open(struct vfio_device_file *df) ...@@ -192,6 +192,19 @@ static int vfio_df_group_open(struct vfio_device_file *df)
vfio_device_group_get_kvm_safe(device); vfio_device_group_get_kvm_safe(device);
df->iommufd = device->group->iommufd; df->iommufd = device->group->iommufd;
if (df->iommufd && vfio_device_is_noiommu(device) && device->open_count == 0) {
/*
* Require no compat ioas to be assigned to proceed. The basic
* statement is that the user cannot have done something that
* implies they expected translation to exist
*/
if (!capable(CAP_SYS_RAWIO) ||
vfio_iommufd_device_has_compat_ioas(device, df->iommufd))
ret = -EPERM;
else
ret = 0;
goto out_put_kvm;
}
ret = vfio_df_open(df); ret = vfio_df_open(df);
if (ret) { if (ret) {
......
...@@ -10,6 +10,14 @@ ...@@ -10,6 +10,14 @@
MODULE_IMPORT_NS(IOMMUFD); MODULE_IMPORT_NS(IOMMUFD);
MODULE_IMPORT_NS(IOMMUFD_VFIO); MODULE_IMPORT_NS(IOMMUFD_VFIO);
bool vfio_iommufd_device_has_compat_ioas(struct vfio_device *vdev,
struct iommufd_ctx *ictx)
{
u32 ioas_id;
return !iommufd_vfio_compat_ioas_get_id(ictx, &ioas_id);
}
int vfio_iommufd_bind(struct vfio_device *vdev, struct iommufd_ctx *ictx) int vfio_iommufd_bind(struct vfio_device *vdev, struct iommufd_ctx *ictx)
{ {
u32 ioas_id; u32 ioas_id;
...@@ -18,20 +26,6 @@ int vfio_iommufd_bind(struct vfio_device *vdev, struct iommufd_ctx *ictx) ...@@ -18,20 +26,6 @@ int vfio_iommufd_bind(struct vfio_device *vdev, struct iommufd_ctx *ictx)
lockdep_assert_held(&vdev->dev_set->lock); lockdep_assert_held(&vdev->dev_set->lock);
if (vfio_device_is_noiommu(vdev)) {
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
/*
* Require no compat ioas to be assigned to proceed. The basic
* statement is that the user cannot have done something that
* implies they expected translation to exist
*/
if (!iommufd_vfio_compat_ioas_get_id(ictx, &ioas_id))
return -EPERM;
return 0;
}
ret = vdev->ops->bind_iommufd(vdev, ictx, &device_id); ret = vdev->ops->bind_iommufd(vdev, ictx, &device_id);
if (ret) if (ret)
return ret; return ret;
......
...@@ -234,9 +234,18 @@ static inline void vfio_container_cleanup(void) ...@@ -234,9 +234,18 @@ static inline void vfio_container_cleanup(void)
#endif #endif
#if IS_ENABLED(CONFIG_IOMMUFD) #if IS_ENABLED(CONFIG_IOMMUFD)
bool vfio_iommufd_device_has_compat_ioas(struct vfio_device *vdev,
struct iommufd_ctx *ictx);
int vfio_iommufd_bind(struct vfio_device *device, struct iommufd_ctx *ictx); int vfio_iommufd_bind(struct vfio_device *device, struct iommufd_ctx *ictx);
void vfio_iommufd_unbind(struct vfio_device *device); void vfio_iommufd_unbind(struct vfio_device *device);
#else #else
static inline bool
vfio_iommufd_device_has_compat_ioas(struct vfio_device *vdev,
struct iommufd_ctx *ictx)
{
return false;
}
static inline int vfio_iommufd_bind(struct vfio_device *device, static inline int vfio_iommufd_bind(struct vfio_device *device,
struct iommufd_ctx *ictx) struct iommufd_ctx *ictx)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment