> From: Jason Gunthorpe <jgg@xxxxxxxxxx> > Sent: Tuesday, March 21, 2023 10:58 PM > > On Tue, Mar 21, 2023 at 02:51:20PM +0000, Liu, Yi L wrote: > > > But still, this check should be done at device creation time just like > > > in group mode, not during each attach call. > > > > Seems like requiring a noiommu_capable flag in vfio_device. We > > set this flag only when the vfio_group->type==VFIO_NO_IOMMU > > or no real iommu_group (for the case in which vfio group code is > > compiled out). Perhaps the below check should be added as well. > > Then in the time of bind, just check the noiommu_capable flag > > and capable(CAP_SYS_RAWIO). > > > > if (!IS_ENABLED(CONFIG_VFIO_NOIOMMU) || !vfio_noiommu) > > Yes, and also only for physical devices Sure. BTW. in the time of creation, there is no vfio group yet. So may just check if the device has a real iommu_group. Another alternative is to set this flag at the time of vfio_device registration. Physical device driver and emulated device driver uses different register APIs. Hence they can be distinguished easily. Regards, Yi Liu
