> > When a secondary process wants access to the VFIO container file descriptor,
> > the primary process calls vfio_get_container_fd() which always opens an
> > entirely new file descriptor on /dev/vfio/vfio.
> > However, once the file descriptor has been passed to the subprocess, it is
> > effectively duplicated, meaning that the copy of the file descriptor in the
> > primary process is no longer needed. However, the primary process does
> > not close the duplicate fd, which results in a resource leak.
> >
> > This can be reproduced by starting a primary process with a small
> > RLIMIT_NOFILE limit configured to use VFIO for at least one device, and
> > repeatedly launching secondary processes until the file descriptor limit is
> > exceeded.
> >
> > Fix the resource leak by closing the local vfio container file descriptor
> > after
> > passing it to the secondary process.
> >
> > Fixes: 2f4adfad0a69 ("vfio: add multiprocess support")
> > Signed-off-by: Patrick MacArthur <patr...@patrickmacarthur.net>
>
> Acked-by: Anatoly Burakov <anatoly.bura...@intel.com>
Applied, thanks
