Re: [PATCH v5 7/9] vfio: Enable cdev noiommu mode under iommufd

Next message: Bard Liao: "[PATCH] soundwire: only handle alert events when the peripheral is attached"
Previous message: Pengjie Zhang: "Re: [PATCH 0/2] CPPC: reduce FFH feedback-counter sampling skew on arm64"
In reply to: Jason Gunthorpe: "Re: [PATCH v5 7/9] vfio: Enable cdev noiommu mode under iommufd"
Next in thread: Alex Williamson: "Re: [PATCH v5 7/9] vfio: Enable cdev noiommu mode under iommufd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jacob Pan

Date: Tue May 19 2026 - 22:56:50 EST

Hi Jason,

On Tue, 19 May 2026 20:40:05 -0300
Jason Gunthorpe <jgg@xxxxxxxxxx> wrote:

> On Mon, May 11, 2026 at 11:41:12AM -0700, Jacob Pan wrote:
> > @@ -110,6 +113,13 @@ long vfio_df_ioctl_bind_iommufd(struct
> > vfio_device_file *df, if (df->group)
> > return -EINVAL;
> >
> > + /*
> > + * CAP_SYS_RAWIO is already checked at cdev open, recheck
> > here
> > + * in case the fd was passed to a less privileged process.
> > + */
> > + if (device->noiommu && !capable(CAP_SYS_RAWIO))
> > + return -EPERM;
>
> I don't think we should do this, an open only check is sufficient. It
> is entirely reasonable to design a userspace to drop SYS_RAWIO after
> it opens the FD to minimize retained privileges.
right, will remove. VFIO group also only checks at open not during
SET_CONTAINER.