viriommufd: Set IOMMU_OPTION_RLIMIT_MODE only when running privileged

author Pavel Hrdina <phrdina@redhat.com>

Fri, 13 Mar 2026 09:50:36 +0000 (10:50 +0100)

committer Pavel Hrdina <phrdina@redhat.com>

Fri, 13 Mar 2026 16:03:27 +0000 (17:03 +0100)
author Pavel Hrdina <phrdina@redhat.com>
Fri, 13 Mar 2026 09:50:36 +0000 (10:50 +0100)
committer Pavel Hrdina <phrdina@redhat.com>
Fri, 13 Mar 2026 16:03:27 +0000 (17:03 +0100)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c

index ab7cf03c0eb19579fc71330e23fdb1e7d25620c4..ecd05b4bf6b85ca890f732f10d0a75fb7376b716 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7732,7 +7732,7 @@ qemuProcessOpenIommuFd(virDomainObj *vm)
  
      VIR_DEBUG("Opening IOMMU FD for domain %s", vm->def->name);
  
-    if ((iommufd = virIOMMUFDOpenDevice()) < 0)
+    if ((iommufd = virIOMMUFDOpenDevice(priv->driver->privileged)) < 0)
          return -1;
  
      if (qemuSecuritySetImageFDLabel(priv->driver->securityManager, vm->def, iommufd) < 0)
diff --git a/src/util/viriommufd.c b/src/util/viriommufd.c

index b62d59241d0412ff6f62063f5671718f612d9b7d..82920923a2351dc77294e75ed4bcb4596d499224 100644 (file)
--- a/src/util/viriommufd.c
+++ b/src/util/viriommufd.c
@@ -80,14 +80,14 @@ virIOMMUFDSetRLimitMode(int fd, bool processAccounting)
  }
  
  int
-virIOMMUFDOpenDevice(void)
+virIOMMUFDOpenDevice(bool privileged)
  {
      int fd = -1;
  
      if ((fd = open(VIR_IOMMU_DEV_PATH, O_RDWR | O_CLOEXEC)) < 0)
          virReportSystemError(errno, "%s", _("cannot open IOMMUFD device"));
  
-    if (virIOMMUFDSetRLimitMode(fd, true) < 0) {
+    if (privileged && virIOMMUFDSetRLimitMode(fd, true) < 0) {
          VIR_FORCE_CLOSE(fd);
          return -1;
      }
@@ -98,7 +98,7 @@ virIOMMUFDOpenDevice(void)
  #else
  
  int
-virIOMMUFDOpenDevice(void)
+virIOMMUFDOpenDevice(bool privileged G_GNUC_UNUSED)
  {
      virReportError(VIR_ERR_NO_SUPPORT, "%s",
                     _("IOMMUFD is not supported on this platform"));
diff --git a/src/util/viriommufd.h b/src/util/viriommufd.h

index 223f44eb5c32df4a0c22d869d704c583f726b779..7bad5c7472417d94fc5a5dfec6e922c8d7b04eb8 100644 (file)
--- a/src/util/viriommufd.h
+++ b/src/util/viriommufd.h
@@ -22,6 +22,6 @@
  
  #define VIR_IOMMU_DEV_PATH "/dev/iommu"
  
-int virIOMMUFDOpenDevice(void);
+int virIOMMUFDOpenDevice(bool privileged);
  
  bool virIOMMUFDSupported(void);
author	Pavel Hrdina <phrdina@redhat.com>
	Fri, 13 Mar 2026 09:50:36 +0000 (10:50 +0100)
committer	Pavel Hrdina <phrdina@redhat.com>
	Fri, 13 Mar 2026 16:03:27 +0000 (17:03 +0100)
src/qemu/qemu_process.c		patch \| blob \| blame \| history
src/util/viriommufd.c		patch \| blob \| blame \| history
src/util/viriommufd.h		patch \| blob \| blame \| history