1. Patchew
  2. Libvirt
  3. View series

[libvirt PATCH] viriommufd: Set IOMMU_OPTION_RLIMIT_MODE only when running privileged

Pavel Hrdina via Devel posted 1 patch 1 week, 3 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/39cff9b2fefe850e25b927a7671b7737100407e1.1773395552.git.phrdina@redhat.com
src/qemu/qemu_process.c | 2 +-
src/util/viriommufd.c   | 6 +++---
src/util/viriommufd.h   | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
[libvirt PATCH] viriommufd: Set IOMMU_OPTION_RLIMIT_MODE only when running privileged
Posted by Pavel Hrdina via Devel 1 week, 3 days ago 
From: Pavel Hrdina <phrdina@redhat.com>

If libvirt daemon is running unprivileged it will fail so we should not
even try to set it.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/qemu/qemu_process.c | 2 +-
 src/util/viriommufd.c   | 6 +++---
 src/util/viriommufd.h   | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index ab7cf03c0e..ecd05b4bf6 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7732,7 +7732,7 @@ qemuProcessOpenIommuFd(virDomainObj *vm)
 
     VIR_DEBUG("Opening IOMMU FD for domain %s", vm->def->name);
 
-    if ((iommufd = virIOMMUFDOpenDevice()) < 0)
+    if ((iommufd = virIOMMUFDOpenDevice(priv->driver->privileged)) < 0)
         return -1;
 
     if (qemuSecuritySetImageFDLabel(priv->driver->securityManager, vm->def, iommufd) < 0)
diff --git a/src/util/viriommufd.c b/src/util/viriommufd.c
index b62d59241d..82920923a2 100644
--- a/src/util/viriommufd.c
+++ b/src/util/viriommufd.c
@@ -80,14 +80,14 @@ virIOMMUFDSetRLimitMode(int fd, bool processAccounting)
 }
 
 int
-virIOMMUFDOpenDevice(void)
+virIOMMUFDOpenDevice(bool privileged)
 {
     int fd = -1;
 
     if ((fd = open(VIR_IOMMU_DEV_PATH, O_RDWR | O_CLOEXEC)) < 0)
         virReportSystemError(errno, "%s", _("cannot open IOMMUFD device"));
 
-    if (virIOMMUFDSetRLimitMode(fd, true) < 0) {
+    if (privileged && virIOMMUFDSetRLimitMode(fd, true) < 0) {
         VIR_FORCE_CLOSE(fd);
         return -1;
     }
@@ -98,7 +98,7 @@ virIOMMUFDOpenDevice(void)
 #else
 
 int
-virIOMMUFDOpenDevice(void)
+virIOMMUFDOpenDevice(bool privileged G_GNUC_UNUSED)
 {
     virReportError(VIR_ERR_NO_SUPPORT, "%s",
                    _("IOMMUFD is not supported on this platform"));
diff --git a/src/util/viriommufd.h b/src/util/viriommufd.h
index 223f44eb5c..7bad5c7472 100644
--- a/src/util/viriommufd.h
+++ b/src/util/viriommufd.h
@@ -22,6 +22,6 @@
 
 #define VIR_IOMMU_DEV_PATH "/dev/iommu"
 
-int virIOMMUFDOpenDevice(void);
+int virIOMMUFDOpenDevice(bool privileged);
 
 bool virIOMMUFDSupported(void);
-- 
2.53.0
Re: [libvirt PATCH] viriommufd: Set IOMMU_OPTION_RLIMIT_MODE only when running privileged
Posted by Jiri Denemark via Devel 1 week, 3 days ago 
On Fri, Mar 13, 2026 at 10:52:40 +0100, Pavel Hrdina wrote:
> From: Pavel Hrdina <phrdina@redhat.com>
> 
> If libvirt daemon is running unprivileged it will fail so we should not
> even try to set it.
> 
> Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
> ---
>  src/qemu/qemu_process.c | 2 +-
>  src/util/viriommufd.c   | 6 +++---
>  src/util/viriommufd.h   | 2 +-
>  3 files changed, 5 insertions(+), 5 deletions(-)

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.