1 files changed, 7 insertions, 181 deletions
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index de632da2e22f..6070b793cbcb 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -62,7 +62,6 @@ struct vfio_container {
        struct rw_semaphore             group_lock;
        struct vfio_iommu_driver        *iommu_driver;
        void                            *iommu_data;
-        bool                            noiommu;
 };
 struct vfio_unbound_dev {
@@ -85,7 +84,6 @@ struct vfio_group {
        struct list_head                unbound_list;
        struct mutex                    unbound_lock;
        atomic_t                        opened;
-        bool                            noiommu;
 };
 struct vfio_device {
@@ -97,147 +95,6 @@ struct vfio_device {
        void                            *device_data;
 };
-#ifdef CONFIG_VFIO_NOIOMMU
-static bool noiommu __read_mostly;
-module_param_named(enable_unsafe_noiommu_support,
-                   noiommu, bool, S_IRUGO | S_IWUSR);
-MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode.  This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel.  If you do not know what this is for, step away. (default: false)");
-#endif
-/*
- * vfio_iommu_group_{get,put} are only intended for VFIO bus driver probe
- * and remove functions, any use cases other than acquiring the first
- * reference for the purpose of calling vfio_add_group_dev() or removing
- * that symmetric reference after vfio_del_group_dev() should use the raw
- * iommu_group_{get,put} functions.  In particular, vfio_iommu_group_put()
- * removes the device from the dummy group and cannot be nested.
- */
-struct iommu_group *vfio_iommu_group_get(struct device *dev)
-{
-        struct iommu_group *group;
-        int __maybe_unused ret;
-        group = iommu_group_get(dev);
-#ifdef CONFIG_VFIO_NOIOMMU
-        /*
-         * With noiommu enabled, an IOMMU group will be created for a device
-         * that doesn't already have one and doesn't have an iommu_ops on their
-         * bus.  We use iommu_present() again in the main code to detect these
-         * fake groups.
-         */
-        if (group || !noiommu || iommu_present(dev->bus))
-                return group;
-        group = iommu_group_alloc();
-        if (IS_ERR(group))
-                return NULL;
-        iommu_group_set_name(group, "vfio-noiommu");
-        ret = iommu_group_add_device(group, dev);
-        iommu_group_put(group);
-        if (ret)
-                return NULL;
-        /*
-         * Where to taint?  At this point we've added an IOMMU group for a
-         * device that is not backed by iommu_ops, therefore any iommu_
-         * callback using iommu_ops can legitimately Oops.  So, while we may
-         * be about to give a DMA capable device to a user without IOMMU
-         * protection, which is clearly taint-worthy, let's go ahead and do
-         * it here.
-         */
-        add_taint(TAINT_USER, LOCKDEP_STILL_OK);
-        dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n");
-#endif
-        return group;
-}
-EXPORT_SYMBOL_GPL(vfio_iommu_group_get);
-void vfio_iommu_group_put(struct iommu_group *group, struct device *dev)
-{
-#ifdef CONFIG_VFIO_NOIOMMU
-        if (!iommu_present(dev->bus))
-                iommu_group_remove_device(dev);
-#endif
-        iommu_group_put(group);
-}
-EXPORT_SYMBOL_GPL(vfio_iommu_group_put);
-#ifdef CONFIG_VFIO_NOIOMMU
-static void *vfio_noiommu_open(unsigned long arg)
-{
-        if (arg != VFIO_NOIOMMU_IOMMU)
-                return ERR_PTR(-EINVAL);
-        if (!capable(CAP_SYS_RAWIO))
-                return ERR_PTR(-EPERM);
-        return NULL;
-}
-static void vfio_noiommu_release(void *iommu_data)
-{
-}
-static long vfio_noiommu_ioctl(void *iommu_data,
-                               unsigned int cmd, unsigned long arg)
-{
-        if (cmd == VFIO_CHECK_EXTENSION)
-                return arg == VFIO_NOIOMMU_IOMMU ? 1 : 0;
-        return -ENOTTY;
-}
-static int vfio_iommu_present(struct device *dev, void *unused)
-{
-        return iommu_present(dev->bus) ? 1 : 0;
-}
-static int vfio_noiommu_attach_group(void *iommu_data,
-                                     struct iommu_group *iommu_group)
-{
-        return iommu_group_for_each_dev(iommu_group, NULL,
-                                        vfio_iommu_present) ? -EINVAL : 0;
-}
-static void vfio_noiommu_detach_group(void *iommu_data,
-                                      struct iommu_group *iommu_group)
-{
-}
-static struct vfio_iommu_driver_ops vfio_noiommu_ops = {
-        .name = "vfio-noiommu",
-        .owner = THIS_MODULE,
-        .open = vfio_noiommu_open,
-        .release = vfio_noiommu_release,
-        .ioctl = vfio_noiommu_ioctl,
-        .attach_group = vfio_noiommu_attach_group,
-        .detach_group = vfio_noiommu_detach_group,
-};
-static struct vfio_iommu_driver vfio_noiommu_driver = {
-        .ops = &vfio_noiommu_ops,
-};
-/*
- * Wrap IOMMU drivers, the noiommu driver is the one and only driver for
- * noiommu groups (and thus containers) and not available for normal groups.
- */
-#define vfio_for_each_iommu_driver(con, pos)                            \
-        for (pos = con->noiommu ? &vfio_noiommu_driver :                \
-             list_first_entry(&vfio.iommu_drivers_list,                 \
-                              struct vfio_iommu_driver, vfio_next);     \
-             (con->noiommu ? pos != NULL :                              \
-                        &pos->vfio_next != &vfio.iommu_drivers_list);   \
-              pos = con->noiommu ? NULL : list_next_entry(pos, vfio_next))
-#else
-#define vfio_for_each_iommu_driver(con, pos)                            \
-        list_for_each_entry(pos, &vfio.iommu_drivers_list, vfio_next)
-#endif
 /**
 * IOMMU driver registration
 */
@@ -342,8 +199,7 @@ static void vfio_group_unlock_and_free(struct vfio_group *group)
 /**
 * Group objects - create, release, get, put, search
 */
-static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group,
+static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group)
-                                            bool noiommu)
 {
        struct vfio_group *group, *tmp;
        struct device *dev;
@@ -361,7 +217,6 @@ static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group,
        atomic_set(&group->container_users, 0);
        atomic_set(&group->opened, 0);
        group->iommu_group = iommu_group;
-        group->noiommu = noiommu;
        group->nb.notifier_call = vfio_iommu_group_notifier;
@@ -397,8 +252,7 @@ static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group,
        dev = device_create(vfio.class, NULL,
                            MKDEV(MAJOR(vfio.group_devt), minor),
-                            group, "%s%d", noiommu ? "noiommu-" : "",
+                            group, "%d", iommu_group_id(iommu_group));
-                            iommu_group_id(iommu_group));
        if (IS_ERR(dev)) {
                vfio_free_group_minor(minor);
                vfio_group_unlock_and_free(group);
@@ -682,7 +536,7 @@ static int vfio_group_nb_add_dev(struct vfio_group *group, struct device *dev)
                return 0;
        /* TODO Prevent device auto probing */
-        WARN("Device %s added to live group %d!\n", dev_name(dev),
+        WARN(1, "Device %s added to live group %d!\n", dev_name(dev),
             iommu_group_id(group->iommu_group));
        return 0;
@@ -786,8 +640,7 @@ int vfio_add_group_dev(struct device *dev,
        group = vfio_group_get_from_iommu(iommu_group);
        if (!group) {
-                group = vfio_create_group(iommu_group,
+                group = vfio_create_group(iommu_group);
-                                          !iommu_present(dev->bus));
                if (IS_ERR(group)) {
                        iommu_group_put(iommu_group);
                        return PTR_ERR(group);
@@ -999,7 +852,8 @@ static long vfio_ioctl_check_extension(struct vfio_container *container,
                 */
                if (!driver) {
                        mutex_lock(&vfio.iommu_drivers_lock);
-                        vfio_for_each_iommu_driver(container, driver) {
+                        list_for_each_entry(driver, &vfio.iommu_drivers_list,
+                                            vfio_next) {
                                if (!try_module_get(driver->ops->owner))
                                        continue;
@@ -1068,7 +922,7 @@ static long vfio_ioctl_set_iommu(struct vfio_container *container,
        }
        mutex_lock(&vfio.iommu_drivers_lock);
-        vfio_for_each_iommu_driver(container, driver) {
+        list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
                void *data;
                if (!try_module_get(driver->ops->owner))
@@ -1333,9 +1187,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
        if (atomic_read(&group->container_users))
                return -EINVAL;
-        if (group->noiommu && !capable(CAP_SYS_RAWIO))
-                return -EPERM;
        f = fdget(container_fd);
        if (!f.file)
                return -EBADF;
@@ -1351,13 +1202,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
        down_write(&container->group_lock);
-        /* Real groups and fake groups cannot mix */
-        if (!list_empty(&container->group_list) &&
-            container->noiommu != group->noiommu) {
-                ret = -EPERM;
-                goto unlock_out;
-        }
        driver = container->iommu_driver;
        if (driver) {
                ret = driver->ops->attach_group(container->iommu_data,
@@ -1367,7 +1211,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
        }
        group->container = container;
-        container->noiommu = group->noiommu;
        list_add(&group->container_next, &container->group_list);
        /* Get a reference on the container and mark a user within the group */
@@ -1398,9 +1241,6 @@ static int vfio_group_get_device_fd(struct vfio_group *group, char *buf)
            !group->container->iommu_driver || !vfio_group_viable(group))
                return -EINVAL;
-        if (group->noiommu && !capable(CAP_SYS_RAWIO))
-                return -EPERM;
        device = vfio_device_get_from_name(group, buf);
        if (!device)
                return -ENODEV;
@@ -1443,10 +1283,6 @@ static int vfio_group_get_device_fd(struct vfio_group *group, char *buf)
        fd_install(ret, filep);
-        if (group->noiommu)
-                dev_warn(device->dev, "vfio-noiommu device opened by user "
-                         "(%s:%d)\n", current->comm, task_pid_nr(current));
        return ret;
 }
@@ -1535,11 +1371,6 @@ static int vfio_group_fops_open(struct inode *inode, struct file *filep)
        if (!group)
                return -ENODEV;
-        if (group->noiommu && !capable(CAP_SYS_RAWIO)) {
-                vfio_group_put(group);
-                return -EPERM;
-        }
        /* Do we need multiple instances of the group open?  Seems not. */
        opened = atomic_cmpxchg(&group->opened, 0, 1);
        if (opened) {
@@ -1702,11 +1533,6 @@ struct vfio_group *vfio_group_get_external_user(struct file *filep)
        if (!atomic_inc_not_zero(&group->container_users))
                return ERR_PTR(-EINVAL);
-        if (group->noiommu) {
-                atomic_dec(&group->container_users);
-                return ERR_PTR(-EPERM);
-        }
        if (!group->container->iommu_driver ||
                        !vfio_group_viable(group)) {
                atomic_dec(&group->container_users);

diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c index de632da2e22f..6070b793cbcb 100644 --- a/drivers/vfio/vfio.c +++ b/drivers/vfio/vfio.c
@@ -62,7 +62,6 @@ struct vfio_container {
62	struct rw_semaphore group_lock;	62	struct rw_semaphore group_lock;
63	struct vfio_iommu_driver *iommu_driver;	63	struct vfio_iommu_driver *iommu_driver;
64	void *iommu_data;	64	void *iommu_data;
65	bool noiommu;
66	};	65	};
67		66
68	struct vfio_unbound_dev {	67	struct vfio_unbound_dev {
@@ -85,7 +84,6 @@ struct vfio_group {
85	struct list_head unbound_list;	84	struct list_head unbound_list;
86	struct mutex unbound_lock;	85	struct mutex unbound_lock;
87	atomic_t opened;	86	atomic_t opened;
88	bool noiommu;
89	};	87	};
90		88
91	struct vfio_device {	89	struct vfio_device {
@@ -97,147 +95,6 @@ struct vfio_device {
97	void *device_data;	95	void *device_data;
98	};	96	};
99		97
100	#ifdef CONFIG_VFIO_NOIOMMU
101	static bool noiommu __read_mostly;
102	module_param_named(enable_unsafe_noiommu_support,
103	noiommu, bool, S_IRUGO \| S_IWUSR);
104	MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode. This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel. If you do not know what this is for, step away. (default: false)");
105	#endif
106
107	/*
108	* vfio_iommu_group_{get,put} are only intended for VFIO bus driver probe
109	* and remove functions, any use cases other than acquiring the first
110	* reference for the purpose of calling vfio_add_group_dev() or removing
111	* that symmetric reference after vfio_del_group_dev() should use the raw
112	* iommu_group_{get,put} functions. In particular, vfio_iommu_group_put()
113	* removes the device from the dummy group and cannot be nested.
114	*/
115	struct iommu_group vfio_iommu_group_get(struct device dev)
116	{
117	struct iommu_group *group;
118	int __maybe_unused ret;
119
120	group = iommu_group_get(dev);
121
122	#ifdef CONFIG_VFIO_NOIOMMU
123	/*
124	* With noiommu enabled, an IOMMU group will be created for a device
125	* that doesn't already have one and doesn't have an iommu_ops on their
126	* bus. We use iommu_present() again in the main code to detect these
127	* fake groups.
128	*/
129	if (group \|\| !noiommu \|\| iommu_present(dev->bus))
130	return group;
131
132	group = iommu_group_alloc();
133	if (IS_ERR(group))
134	return NULL;
135
136	iommu_group_set_name(group, "vfio-noiommu");
137	ret = iommu_group_add_device(group, dev);
138	iommu_group_put(group);
139	if (ret)
140	return NULL;
141
142	/*
143	* Where to taint? At this point we've added an IOMMU group for a
144	* device that is not backed by iommu_ops, therefore any iommu_
145	* callback using iommu_ops can legitimately Oops. So, while we may
146	* be about to give a DMA capable device to a user without IOMMU
147	* protection, which is clearly taint-worthy, let's go ahead and do
148	* it here.
149	*/
150	add_taint(TAINT_USER, LOCKDEP_STILL_OK);
151	dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n");
152	#endif
153
154	return group;
155	}
156	EXPORT_SYMBOL_GPL(vfio_iommu_group_get);
157
158	void vfio_iommu_group_put(struct iommu_group group, struct device dev)
159	{
160	#ifdef CONFIG_VFIO_NOIOMMU
161	if (!iommu_present(dev->bus))
162	iommu_group_remove_device(dev);
163	#endif
164
165	iommu_group_put(group);
166	}
167	EXPORT_SYMBOL_GPL(vfio_iommu_group_put);
168
169	#ifdef CONFIG_VFIO_NOIOMMU
170	static void *vfio_noiommu_open(unsigned long arg)
171	{
172	if (arg != VFIO_NOIOMMU_IOMMU)
173	return ERR_PTR(-EINVAL);
174	if (!capable(CAP_SYS_RAWIO))
175	return ERR_PTR(-EPERM);
176
177	return NULL;
178	}
179
180	static void vfio_noiommu_release(void *iommu_data)
181	{
182	}
183
184	static long vfio_noiommu_ioctl(void *iommu_data,
185	unsigned int cmd, unsigned long arg)
186	{
187	if (cmd == VFIO_CHECK_EXTENSION)
188	return arg == VFIO_NOIOMMU_IOMMU ? 1 : 0;
189
190	return -ENOTTY;
191	}
192
193	static int vfio_iommu_present(struct device dev, void unused)
194	{
195	return iommu_present(dev->bus) ? 1 : 0;
196	}
197
198	static int vfio_noiommu_attach_group(void *iommu_data,
199	struct iommu_group *iommu_group)
200	{
201	return iommu_group_for_each_dev(iommu_group, NULL,
202	vfio_iommu_present) ? -EINVAL : 0;
203	}
204
205	static void vfio_noiommu_detach_group(void *iommu_data,
206	struct iommu_group *iommu_group)
207	{
208	}
209
210	static struct vfio_iommu_driver_ops vfio_noiommu_ops = {
211	.name = "vfio-noiommu",
212	.owner = THIS_MODULE,
213	.open = vfio_noiommu_open,
214	.release = vfio_noiommu_release,
215	.ioctl = vfio_noiommu_ioctl,
216	.attach_group = vfio_noiommu_attach_group,
217	.detach_group = vfio_noiommu_detach_group,
218	};
219
220	static struct vfio_iommu_driver vfio_noiommu_driver = {
221	.ops = &vfio_noiommu_ops,
222	};
223
224	/*
225	* Wrap IOMMU drivers, the noiommu driver is the one and only driver for
226	* noiommu groups (and thus containers) and not available for normal groups.
227	*/
228	#define vfio_for_each_iommu_driver(con, pos) \
229	for (pos = con->noiommu ? &vfio_noiommu_driver : \
230	list_first_entry(&vfio.iommu_drivers_list, \
231	struct vfio_iommu_driver, vfio_next); \
232	(con->noiommu ? pos != NULL : \
233	&pos->vfio_next != &vfio.iommu_drivers_list); \
234	pos = con->noiommu ? NULL : list_next_entry(pos, vfio_next))
235	#else
236	#define vfio_for_each_iommu_driver(con, pos) \
237	list_for_each_entry(pos, &vfio.iommu_drivers_list, vfio_next)
238	#endif
239
240
241	/**	98	/**
242	* IOMMU driver registration	99	* IOMMU driver registration
243	*/	100	*/
@@ -342,8 +199,7 @@ static void vfio_group_unlock_and_free(struct vfio_group *group)
342	/**	199	/**
343	* Group objects - create, release, get, put, search	200	* Group objects - create, release, get, put, search
344	*/	201	*/
345	static struct vfio_group vfio_create_group(struct iommu_group iommu_group,	202	static struct vfio_group vfio_create_group(struct iommu_group iommu_group)
346	bool noiommu)
347	{	203	{
348	struct vfio_group group, tmp;	204	struct vfio_group group, tmp;
349	struct device *dev;	205	struct device *dev;
@@ -361,7 +217,6 @@ static struct vfio_group vfio_create_group(struct iommu_group iommu_group,
361	atomic_set(&group->container_users, 0);	217	atomic_set(&group->container_users, 0);
362	atomic_set(&group->opened, 0);	218	atomic_set(&group->opened, 0);
363	group->iommu_group = iommu_group;	219	group->iommu_group = iommu_group;
364	group->noiommu = noiommu;
365		220
366	group->nb.notifier_call = vfio_iommu_group_notifier;	221	group->nb.notifier_call = vfio_iommu_group_notifier;
367		222
@@ -397,8 +252,7 @@ static struct vfio_group vfio_create_group(struct iommu_group iommu_group,
397		252
398	dev = device_create(vfio.class, NULL,	253	dev = device_create(vfio.class, NULL,
399	MKDEV(MAJOR(vfio.group_devt), minor),	254	MKDEV(MAJOR(vfio.group_devt), minor),
400	group, "%s%d", noiommu ? "noiommu-" : "",	255	group, "%d", iommu_group_id(iommu_group));
401	iommu_group_id(iommu_group));
402	if (IS_ERR(dev)) {	256	if (IS_ERR(dev)) {
403	vfio_free_group_minor(minor);	257	vfio_free_group_minor(minor);
404	vfio_group_unlock_and_free(group);	258	vfio_group_unlock_and_free(group);
@@ -682,7 +536,7 @@ static int vfio_group_nb_add_dev(struct vfio_group group, struct device dev)
682	return 0;	536	return 0;
683		537
684	/* TODO Prevent device auto probing */	538	/* TODO Prevent device auto probing */
685	WARN("Device %s added to live group %d!\n", dev_name(dev),	539	WARN(1, "Device %s added to live group %d!\n", dev_name(dev),
686	iommu_group_id(group->iommu_group));	540	iommu_group_id(group->iommu_group));
687		541
688	return 0;	542	return 0;
@@ -786,8 +640,7 @@ int vfio_add_group_dev(struct device *dev,
786		640
787	group = vfio_group_get_from_iommu(iommu_group);	641	group = vfio_group_get_from_iommu(iommu_group);
788	if (!group) {	642	if (!group) {
789	group = vfio_create_group(iommu_group,	643	group = vfio_create_group(iommu_group);
790	!iommu_present(dev->bus));
791	if (IS_ERR(group)) {	644	if (IS_ERR(group)) {
792	iommu_group_put(iommu_group);	645	iommu_group_put(iommu_group);
793	return PTR_ERR(group);	646	return PTR_ERR(group);
@@ -999,7 +852,8 @@ static long vfio_ioctl_check_extension(struct vfio_container *container,
999	*/	852	*/
1000	if (!driver) {	853	if (!driver) {
1001	mutex_lock(&vfio.iommu_drivers_lock);	854	mutex_lock(&vfio.iommu_drivers_lock);
1002	vfio_for_each_iommu_driver(container, driver) {	855	list_for_each_entry(driver, &vfio.iommu_drivers_list,
		856	vfio_next) {
1003	if (!try_module_get(driver->ops->owner))	857	if (!try_module_get(driver->ops->owner))
1004	continue;	858	continue;
1005		859
@@ -1068,7 +922,7 @@ static long vfio_ioctl_set_iommu(struct vfio_container *container,
1068	}	922	}
1069		923
1070	mutex_lock(&vfio.iommu_drivers_lock);	924	mutex_lock(&vfio.iommu_drivers_lock);
1071	vfio_for_each_iommu_driver(container, driver) {	925	list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
1072	void *data;	926	void *data;
1073		927
1074	if (!try_module_get(driver->ops->owner))	928	if (!try_module_get(driver->ops->owner))
@@ -1333,9 +1187,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
1333	if (atomic_read(&group->container_users))	1187	if (atomic_read(&group->container_users))
1334	return -EINVAL;	1188	return -EINVAL;
1335		1189
1336	if (group->noiommu && !capable(CAP_SYS_RAWIO))
1337	return -EPERM;
1338
1339	f = fdget(container_fd);	1190	f = fdget(container_fd);
1340	if (!f.file)	1191	if (!f.file)
1341	return -EBADF;	1192	return -EBADF;
@@ -1351,13 +1202,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
1351		1202
1352	down_write(&container->group_lock);	1203	down_write(&container->group_lock);
1353		1204
1354	/* Real groups and fake groups cannot mix */
1355	if (!list_empty(&container->group_list) &&
1356	container->noiommu != group->noiommu) {
1357	ret = -EPERM;
1358	goto unlock_out;
1359	}
1360
1361	driver = container->iommu_driver;	1205	driver = container->iommu_driver;
1362	if (driver) {	1206	if (driver) {
1363	ret = driver->ops->attach_group(container->iommu_data,	1207	ret = driver->ops->attach_group(container->iommu_data,
@@ -1367,7 +1211,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
1367	}	1211	}
1368		1212
1369	group->container = container;	1213	group->container = container;
1370	container->noiommu = group->noiommu;
1371	list_add(&group->container_next, &container->group_list);	1214	list_add(&group->container_next, &container->group_list);
1372		1215
1373	/* Get a reference on the container and mark a user within the group */	1216	/* Get a reference on the container and mark a user within the group */
@@ -1398,9 +1241,6 @@ static int vfio_group_get_device_fd(struct vfio_group group, char buf)
1398	!group->container->iommu_driver \|\| !vfio_group_viable(group))	1241	!group->container->iommu_driver \|\| !vfio_group_viable(group))
1399	return -EINVAL;	1242	return -EINVAL;
1400		1243
1401	if (group->noiommu && !capable(CAP_SYS_RAWIO))
1402	return -EPERM;
1403
1404	device = vfio_device_get_from_name(group, buf);	1244	device = vfio_device_get_from_name(group, buf);
1405	if (!device)	1245	if (!device)
1406	return -ENODEV;	1246	return -ENODEV;
@@ -1443,10 +1283,6 @@ static int vfio_group_get_device_fd(struct vfio_group group, char buf)
1443		1283
1444	fd_install(ret, filep);	1284	fd_install(ret, filep);
1445		1285
1446	if (group->noiommu)
1447	dev_warn(device->dev, "vfio-noiommu device opened by user "
1448	"(%s:%d)\n", current->comm, task_pid_nr(current));
1449
1450	return ret;	1286	return ret;
1451	}	1287	}
1452		1288
@@ -1535,11 +1371,6 @@ static int vfio_group_fops_open(struct inode inode, struct file filep)
1535	if (!group)	1371	if (!group)
1536	return -ENODEV;	1372	return -ENODEV;
1537		1373
1538	if (group->noiommu && !capable(CAP_SYS_RAWIO)) {
1539	vfio_group_put(group);
1540	return -EPERM;
1541	}
1542
1543	/* Do we need multiple instances of the group open? Seems not. */	1374	/* Do we need multiple instances of the group open? Seems not. */
1544	opened = atomic_cmpxchg(&group->opened, 0, 1);	1375	opened = atomic_cmpxchg(&group->opened, 0, 1);
1545	if (opened) {	1376	if (opened) {
@@ -1702,11 +1533,6 @@ struct vfio_group vfio_group_get_external_user(struct file filep)
1702	if (!atomic_inc_not_zero(&group->container_users))	1533	if (!atomic_inc_not_zero(&group->container_users))
1703	return ERR_PTR(-EINVAL);	1534	return ERR_PTR(-EINVAL);
1704		1535
1705	if (group->noiommu) {
1706	atomic_dec(&group->container_users);
1707	return ERR_PTR(-EPERM);
1708	}
1709
1710	if (!group->container->iommu_driver \|\|	1536	if (!group->container->iommu_driver \|\|
1711	!vfio_group_viable(group)) {	1537	!vfio_group_viable(group)) {
1712	atomic_dec(&group->container_users);	1538	atomic_dec(&group->container_users);