> From: Liu, Yi L <yi.l.liu@xxxxxxxxx> > Sent: Tuesday, February 21, 2023 11:48 AM > > VFIO group has historically allowed multi-open of the device FD. This > was made secure because the "open" was executed via an ioctl to the > group FD which is itself only single open. > > However, no known use of multiple device FDs today. It is kind of a > strange thing to do because new device FDs can naturally be created > via dup(). > > When we implement the new device uAPI (only used in cdev path) there is > no natural way to allow the device itself from being multi-opened in a > secure manner. Without the group FD we cannot prove the security context > of the opener. > > Thus, when moving to the new uAPI we block the ability to multi-open > the device. Old group path still allows it. > > vfio_device_open() needs to sustain both the legacy behavior i.e. multi-open > in the group path and the new behavior i.e. single-open in the cdev path. > This mixture leads to the introduction of a new is_cdev_device flag in struct > vfio_device_file. > > Signed-off-by: Yi Liu <yi.l.liu@xxxxxxxxx> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>
