Hi Jason,
> diff --git a/drivers/vfio/iommufd.c b/drivers/vfio/iommufd.c
> index 4f82a6fa7c6c7f..79a781a4e74c09 100644
> --- a/drivers/vfio/iommufd.c
> +++ b/drivers/vfio/iommufd.c
> @@ -18,6 +18,21 @@ int vfio_iommufd_bind(struct vfio_device *vdev,
> struct iommufd_ctx *ictx)
>
> lockdep_assert_held(&vdev->dev_set->lock);
>
> + if (IS_ENABLED(CONFIG_VFIO_NOIOMMU) &&
> + vdev->group->type == VFIO_NO_IOMMU) {
This should be done with a helper provided by group.c as it tries
to decode the group fields. Is it?
> + if (!capable(CAP_SYS_RAWIO))
> + return -EPERM;
> +
> + /*
> + * Require no compat ioas to be assigned to proceed. The
> basic
> + * statement is that the user cannot have done something
> that
> + * implies they expected translation to exist
> + */
> + if (!iommufd_vfio_compat_ioas_get_id(ictx, &ioas_id))
> + return -EPERM;
> + return 0;
> + }
> +
> /*
> * If the driver doesn't provide this op then it means the device does
> * not do DMA at all. So nothing to do.
> @@ -29,7 +44,7 @@ int vfio_iommufd_bind(struct vfio_device *vdev,
> struct iommufd_ctx *ictx)
> if (ret)
> return ret;
>
> - ret = iommufd_vfio_compat_ioas_id(ictx, &ioas_id);
> + ret = iommufd_vfio_compat_ioas_get_id(ictx, &ioas_id);
> if (ret)
> goto err_unbind;
> ret = vdev->ops->attach_ioas(vdev, &ioas_id);
> @@ -52,6 +67,10 @@ void vfio_iommufd_unbind(struct vfio_device *vdev)
> {
> lockdep_assert_held(&vdev->dev_set->lock);
>
> + if (IS_ENABLED(CONFIG_VFIO_NOIOMMU) &&
> + vdev->group->type == VFIO_NO_IOMMU)
Ditto.
Regards,
Yi Liu
