Re: [PATCH v5 7/9] vfio: Enable cdev noiommu mode under iommufd

Next message: Jisheng Zhang: "Re: [PATCH] usb: dwc2: remove useless check of !chan"
Previous message: Harry Yoo: "Re: [PATCH v3] memcg: cache obj_stock by memcg, not by objcg pointer"
Next in thread: Jacob Pan: "Re: [PATCH v5 7/9] vfio: Enable cdev noiommu mode under iommufd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Tue May 19 2026 - 19:40:34 EST

On Mon, May 11, 2026 at 11:41:12AM -0700, Jacob Pan wrote:
> @@ -110,6 +113,13 @@ long vfio_df_ioctl_bind_iommufd(struct vfio_device_file *df,
> if (df->group)
> return -EINVAL;
>
> + /*
> + * CAP_SYS_RAWIO is already checked at cdev open, recheck here
> + * in case the fd was passed to a less privileged process.
> + */
> + if (device->noiommu && !capable(CAP_SYS_RAWIO))
> + return -EPERM;

I don't think we should do this, an open only check is sufficient. It
is entirely reasonable to design a userspace to drop SYS_RAWIO after
it opens the FD to minimize retained privileges.

Jason