vfio iommu type1: fix the testing of capability for remote task

l1viathan · awilliam · commit d1b333d12cde · 2017-01-12T16:05:35.000-07:00
Before the mdev enhancement type1 iommu used capable() to test the
capability of current task; in the course of mdev development a
new requirement, testing for another task other than current, was
raised.  ns_capable() was used for this purpose, however it still
tests current, the only difference is, in a specified namespace.

Fix it by using has_capability() instead, which tests the cap for
specified task in init_user_ns, the same namespace as capable().

Cc: Gerd Hoffmann &lt;kraxel@redhat.com&gt;
Signed-off-by: Jike Song &lt;jike.song@intel.com&gt;
Reviewed-by: James Morris &lt;james.l.morris@oracle.com&gt;
Reviewed-by: Kirti Wankhede &lt;kwankhede@nvidia.com&gt;
Signed-off-by: Alex Williamson &lt;alex.williamson@redhat.com&gt;
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
@@ -495,8 +495,7 @@ static int vfio_pin_page_external(struct vfio_dma *dma, unsigned long vaddr,
 				  unsigned long *pfn_base, bool do_accounting)
 {
 	unsigned long limit;
-	bool lock_cap = ns_capable(task_active_pid_ns(dma->task)->user_ns,
-				   CAP_IPC_LOCK);
+	bool lock_cap = has_capability(dma->task, CAP_IPC_LOCK);
 	struct mm_struct *mm;
 	int ret;
 	bool rsvd;
