@@ -245,6 +245,8 @@ static struct file *vfio_device_open_file(struct vfio_device *device)
goto err_out;
}
+ df->group = device->group;
+
ret = vfio_device_group_open(df);
if (ret)
goto err_free;
@@ -18,6 +18,8 @@ struct vfio_container;
struct vfio_device_file {
struct vfio_device *device;
+ struct vfio_group *group;
+
bool access_granted;
spinlock_t kvm_ref_lock; /* protect kvm field */
struct kvm *kvm;
@@ -492,6 +492,13 @@ int vfio_device_open(struct vfio_device_file *df)
lockdep_assert_held(&device->dev_set->lock);
+ /*
+ * Only the group path allows the device to be opened multiple
+ * times. The device cdev path doesn't have a secure way for it.
+ */
+ if (device->open_count != 0 && !df->group)
+ return -EINVAL;
+
device->open_count++;
if (device->open_count == 1) {
ret = vfio_device_first_open(df);