From: Jason Gunthorpe <jgg@nvidia.com>
To: Jacob Pan <jacob.pan@linux.microsoft.com>
Cc: linux-kernel@vger.kernel.org,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
Alex Williamson <alex@shazbot.org>,
Joerg Roedel <joro@8bytes.org>,
Mostafa Saleh <smostafa@google.com>,
David Matlack <dmatlack@google.com>,
Robin Murphy <robin.murphy@arm.com>,
Nicolin Chen <nicolinc@nvidia.com>,
"Tian, Kevin" <kevin.tian@intel.com>, Yi Liu <yi.l.liu@intel.com>,
Saurabh Sengar <ssengar@linux.microsoft.com>,
skhawaja@google.com, pasha.tatashin@soleen.com,
Will Deacon <will@kernel.org>,
Baolu Lu <baolu.lu@linux.intel.com>
Subject: Re: [PATCH v5 7/9] vfio: Enable cdev noiommu mode under iommufd
Date: Tue, 19 May 2026 20:40:05 -0300 [thread overview]
Message-ID: <20260519234005.GO3602937@nvidia.com> (raw)
In-Reply-To: <20260511184116.3687392-8-jacob.pan@linux.microsoft.com>
On Mon, May 11, 2026 at 11:41:12AM -0700, Jacob Pan wrote:
> @@ -110,6 +113,13 @@ long vfio_df_ioctl_bind_iommufd(struct vfio_device_file *df,
> if (df->group)
> return -EINVAL;
>
> + /*
> + * CAP_SYS_RAWIO is already checked at cdev open, recheck here
> + * in case the fd was passed to a less privileged process.
> + */
> + if (device->noiommu && !capable(CAP_SYS_RAWIO))
> + return -EPERM;
I don't think we should do this, an open only check is sufficient. It
is entirely reasonable to design a userspace to drop SYS_RAWIO after
it opens the FD to minimize retained privileges.
Jason
next prev parent reply other threads:[~2026-05-19 23:40 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-11 18:41 [PATCH v5 0/9] iommufd: Enable noiommu mode for cdev Jacob Pan
2026-05-11 18:41 ` [PATCH v5 1/9] vfio: Rename VFIO_NOIOMMU to VFIO_GROUP_NOIOMMU Jacob Pan
2026-05-19 23:34 ` Jason Gunthorpe
2026-05-11 18:41 ` [PATCH v5 2/9] iommufd: Support a HWPT without an iommu driver for noiommu Jacob Pan
2026-05-13 6:58 ` Baolu Lu
2026-05-13 21:30 ` Jacob Pan
2026-05-13 19:18 ` Samiullah Khawaja
2026-05-20 7:19 ` Yi Liu
2026-05-20 16:15 ` Jacob Pan
2026-05-11 18:41 ` [PATCH v5 3/9] iommufd: Move igroup allocation to a function Jacob Pan
2026-05-13 7:18 ` Baolu Lu
2026-05-11 18:41 ` [PATCH v5 4/9] iommufd: Allow binding to a noiommu device Jacob Pan
2026-05-13 7:37 ` Baolu Lu
2026-05-13 22:08 ` Jacob Pan
2026-05-14 6:51 ` Baolu Lu
2026-05-19 21:25 ` Jacob Pan
2026-05-20 7:20 ` Yi Liu
2026-05-20 15:54 ` Jacob Pan
2026-05-21 3:27 ` Yi Liu
2026-05-11 18:41 ` [PATCH v5 5/9] iommufd: Add an ioctl to query PA from IOVA for noiommu mode Jacob Pan
2026-05-11 18:58 ` Jacob Pan
2026-05-13 7:53 ` Baolu Lu
2026-05-13 12:22 ` Jason Gunthorpe
2026-05-13 22:20 ` Jacob Pan
2026-05-13 23:26 ` Jason Gunthorpe
2026-05-20 7:20 ` Yi Liu
2026-05-20 7:31 ` Yi Liu
2026-05-20 14:22 ` Jason Gunthorpe
2026-05-20 14:39 ` Yi Liu
2026-05-20 17:02 ` Jacob Pan
2026-05-11 18:41 ` [PATCH v5 6/9] vfio/group: Add VFIO_CDEV_NOIOMMU Kconfig and tolerate NULL group Jacob Pan
2026-05-20 3:45 ` Alex Williamson
2026-05-20 17:08 ` Jacob Pan
2026-05-11 18:41 ` [PATCH v5 7/9] vfio: Enable cdev noiommu mode under iommufd Jacob Pan
2026-05-19 23:40 ` Jason Gunthorpe [this message]
2026-05-20 2:56 ` Jacob Pan
2026-05-20 3:46 ` Alex Williamson
2026-05-20 7:20 ` Yi Liu
2026-05-20 18:15 ` Jacob Pan
2026-05-21 3:25 ` Yi Liu
2026-05-21 16:49 ` Jacob Pan
2026-05-11 18:41 ` [PATCH v5 8/9] selftests/vfio: Add iommufd noiommu mode selftest for cdev Jacob Pan
2026-05-11 18:41 ` [PATCH v5 9/9] Documentation: Update VFIO NOIOMMU mode Jacob Pan
2026-05-20 7:20 ` Yi Liu
2026-05-20 16:26 ` Jacob Pan
2026-05-21 3:24 ` Yi Liu
2026-05-19 18:01 ` [PATCH v5 0/9] iommufd: Enable noiommu mode for cdev Jason Gunthorpe
2026-05-19 21:03 ` Jacob Pan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260519234005.GO3602937@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex@shazbot.org \
--cc=baolu.lu@linux.intel.com \
--cc=dmatlack@google.com \
--cc=iommu@lists.linux.dev \
--cc=jacob.pan@linux.microsoft.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=pasha.tatashin@soleen.com \
--cc=robin.murphy@arm.com \
--cc=skhawaja@google.com \
--cc=smostafa@google.com \
--cc=ssengar@linux.microsoft.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.