vfio-iommufd: Move noiommu compat validation out of vfio_iommufd_bind()
This moves the noiommu compat validation logic into vfio_df_group_open(). This is more consistent with what will be done in vfio device cdev path. Reviewed-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jason Gunthorpe <jgg@nvidia.com> Tested-by: Terrence Xu <terrence.xu@intel.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Matthew Rosato <mjrosato@linux.ibm.com> Tested-by: Yanting Jiang <yanting.jiang@intel.com> Tested-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Tested-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Signed-off-by: Yi Liu <yi.l.liu@intel.com> Link: https://lore.kernel.org/r/20230718135551.6592-11-yi.l.liu@intel.com Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This commit is contained in:
parent
839e692fa4
commit
6086efe734
@ -192,6 +192,19 @@ static int vfio_df_group_open(struct vfio_device_file *df)
|
||||
vfio_device_group_get_kvm_safe(device);
|
||||
|
||||
df->iommufd = device->group->iommufd;
|
||||
if (df->iommufd && vfio_device_is_noiommu(device) && device->open_count == 0) {
|
||||
/*
|
||||
* Require no compat ioas to be assigned to proceed. The basic
|
||||
* statement is that the user cannot have done something that
|
||||
* implies they expected translation to exist
|
||||
*/
|
||||
if (!capable(CAP_SYS_RAWIO) ||
|
||||
vfio_iommufd_device_has_compat_ioas(device, df->iommufd))
|
||||
ret = -EPERM;
|
||||
else
|
||||
ret = 0;
|
||||
goto out_put_kvm;
|
||||
}
|
||||
|
||||
ret = vfio_df_open(df);
|
||||
if (ret) {
|
||||
|
@ -10,6 +10,14 @@
|
||||
MODULE_IMPORT_NS(IOMMUFD);
|
||||
MODULE_IMPORT_NS(IOMMUFD_VFIO);
|
||||
|
||||
bool vfio_iommufd_device_has_compat_ioas(struct vfio_device *vdev,
|
||||
struct iommufd_ctx *ictx)
|
||||
{
|
||||
u32 ioas_id;
|
||||
|
||||
return !iommufd_vfio_compat_ioas_get_id(ictx, &ioas_id);
|
||||
}
|
||||
|
||||
int vfio_iommufd_bind(struct vfio_device *vdev, struct iommufd_ctx *ictx)
|
||||
{
|
||||
u32 ioas_id;
|
||||
@ -18,20 +26,6 @@ int vfio_iommufd_bind(struct vfio_device *vdev, struct iommufd_ctx *ictx)
|
||||
|
||||
lockdep_assert_held(&vdev->dev_set->lock);
|
||||
|
||||
if (vfio_device_is_noiommu(vdev)) {
|
||||
if (!capable(CAP_SYS_RAWIO))
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
* Require no compat ioas to be assigned to proceed. The basic
|
||||
* statement is that the user cannot have done something that
|
||||
* implies they expected translation to exist
|
||||
*/
|
||||
if (!iommufd_vfio_compat_ioas_get_id(ictx, &ioas_id))
|
||||
return -EPERM;
|
||||
return 0;
|
||||
}
|
||||
|
||||
ret = vdev->ops->bind_iommufd(vdev, ictx, &device_id);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
@ -234,9 +234,18 @@ static inline void vfio_container_cleanup(void)
|
||||
#endif
|
||||
|
||||
#if IS_ENABLED(CONFIG_IOMMUFD)
|
||||
bool vfio_iommufd_device_has_compat_ioas(struct vfio_device *vdev,
|
||||
struct iommufd_ctx *ictx);
|
||||
int vfio_iommufd_bind(struct vfio_device *device, struct iommufd_ctx *ictx);
|
||||
void vfio_iommufd_unbind(struct vfio_device *device);
|
||||
#else
|
||||
static inline bool
|
||||
vfio_iommufd_device_has_compat_ioas(struct vfio_device *vdev,
|
||||
struct iommufd_ctx *ictx)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
static inline int vfio_iommufd_bind(struct vfio_device *device,
|
||||
struct iommufd_ctx *ictx)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user