Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Aug 2021 17:44:04 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: a85404906bc8 - main - vmm: Add credential to cdev object
Message-ID:  <202108181744.17IHi4ub017257@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=a85404906bc8f402318524b4ccd196712fc09fbd

commit a85404906bc8f402318524b4ccd196712fc09fbd
Author:     Cyril Zhang <cyril@freebsdfoundation.org>
AuthorDate: 2021-08-18 17:41:33 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-08-18 17:41:33 +0000

    vmm: Add credential to cdev object
    
    Add a credential to the cdev object in sysctl_vmm_create(), then check
    that we have the correct credentials in sysctl_vmm_destroy(). This
    prevents a process in one jail from opening or destroying the /dev/vmm
    file corresponding to a VM in a sibling jail.
    
    Add regression tests.
    
    Reviewed by:    jhb, markj
    MFC after:      2 weeks
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D31156
---
 etc/mtree/BSD.tests.dist       |  2 ++
 sys/amd64/vmm/vmm_dev.c        | 15 ++++++--
 tests/sys/Makefile             |  1 +
 tests/sys/vmm/Makefile         | 11 ++++++
 tests/sys/vmm/utils.subr       | 47 +++++++++++++++++++++++++
 tests/sys/vmm/vmm_cred_jail.sh | 80 ++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 154 insertions(+), 2 deletions(-)

diff --git a/etc/mtree/BSD.tests.dist b/etc/mtree/BSD.tests.dist
index 60cdca439887..f7965dac2884 100644
--- a/etc/mtree/BSD.tests.dist
+++ b/etc/mtree/BSD.tests.dist
@@ -866,6 +866,8 @@
         ..
         vm
         ..
+        vmm
+        ..
     ..
     usr.bin
         apply
diff --git a/sys/amd64/vmm/vmm_dev.c b/sys/amd64/vmm/vmm_dev.c
index 2da6225fdddd..2ce9470cf6dd 100644
--- a/sys/amd64/vmm/vmm_dev.c
+++ b/sys/amd64/vmm/vmm_dev.c
@@ -80,6 +80,7 @@ struct devmem_softc {
 struct vmmdev_softc {
 	struct vm	*vm;		/* vm instance cookie */
 	struct cdev	*cdev;
+	struct ucred	*ucred;
 	SLIST_ENTRY(vmmdev_softc) link;
 	SLIST_HEAD(, devmem_softc) devmem;
 	int		flags;
@@ -182,6 +183,12 @@ vmmdev_lookup(const char *name)
 			break;
 	}
 
+	if (sc == NULL)
+		return (NULL);
+
+	if (cr_cansee(curthread->td_ucred, sc->ucred))
+		return (NULL);
+
 	return (sc);
 }
 
@@ -979,6 +986,9 @@ vmmdev_destroy(void *arg)
 	if (sc->vm != NULL)
 		vm_destroy(sc->vm);
 
+	if (sc->ucred != NULL)
+		crfree(sc->ucred);
+
 	if ((sc->flags & VSC_LINKED) != 0) {
 		mtx_lock(&vmmdev_mtx);
 		SLIST_REMOVE(&head, sc, vmmdev_softc, link);
@@ -1096,6 +1106,7 @@ sysctl_vmm_create(SYSCTL_HANDLER_ARGS)
 		goto out;
 
 	sc = malloc(sizeof(struct vmmdev_softc), M_VMMDEV, M_WAITOK | M_ZERO);
+	sc->ucred = crhold(curthread->td_ucred);
 	sc->vm = vm;
 	SLIST_INIT(&sc->devmem);
 
@@ -1117,8 +1128,8 @@ sysctl_vmm_create(SYSCTL_HANDLER_ARGS)
 		goto out;
 	}
 
-	error = make_dev_p(MAKEDEV_CHECKNAME, &cdev, &vmmdevsw, NULL,
-			   UID_ROOT, GID_WHEEL, 0600, "vmm/%s", buf);
+	error = make_dev_p(MAKEDEV_CHECKNAME, &cdev, &vmmdevsw, sc->ucred,
+	    UID_ROOT, GID_WHEEL, 0600, "vmm/%s", buf);
 	if (error != 0) {
 		vmmdev_destroy(sc);
 		goto out;
diff --git a/tests/sys/Makefile b/tests/sys/Makefile
index 2781f7fb4ded..2ba60f41b76c 100644
--- a/tests/sys/Makefile
+++ b/tests/sys/Makefile
@@ -31,6 +31,7 @@ TESTS_SUBDIRS+=		posixshm
 TESTS_SUBDIRS+=		sys
 TESTS_SUBDIRS+=		vfs
 TESTS_SUBDIRS+=		vm
+TESTS_SUBDIRS+=		vmm
 
 .if ${MK_AUDIT} != "no"
 _audit=	audit
diff --git a/tests/sys/vmm/Makefile b/tests/sys/vmm/Makefile
new file mode 100644
index 000000000000..544d98421a95
--- /dev/null
+++ b/tests/sys/vmm/Makefile
@@ -0,0 +1,11 @@
+PACKAGE=	tests
+
+TESTSDIR=	${TESTSBASE}/sys/vmm
+
+BINDIR=		${TESTSDIR}
+
+ATF_TESTS_SH+=	vmm_cred_jail
+
+${PACKAGE}FILES+=	utils.subr
+
+.include <bsd.test.mk>
diff --git a/tests/sys/vmm/utils.subr b/tests/sys/vmm/utils.subr
new file mode 100644
index 000000000000..0de9c6c671ea
--- /dev/null
+++ b/tests/sys/vmm/utils.subr
@@ -0,0 +1,47 @@
+#-
+# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+#
+# Copyright (c) 2021 The FreeBSD Foundation
+#
+# This software was developed by Cyril Zhang under sponsorship from
+# the FreeBSD Foundation.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+vmm_mkjail()
+{
+	jailname=$1
+	jail -c name=${jailname} persist allow.vmm
+	echo $jailname >> created_jails.lst
+}
+vmm_cleanup()
+{
+	if [ -f created_jails.lst ]
+	then
+		for jailname in `cat created_jails.lst`
+		do
+			jail -r ${jailname}
+		done
+		rm created_jails.lst
+	fi
+}
diff --git a/tests/sys/vmm/vmm_cred_jail.sh b/tests/sys/vmm/vmm_cred_jail.sh
new file mode 100644
index 000000000000..5dcb30e628c2
--- /dev/null
+++ b/tests/sys/vmm/vmm_cred_jail.sh
@@ -0,0 +1,80 @@
+#-
+# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+#
+# Copyright (c) 2021 The FreeBSD Foundation
+#
+# This software was developed by Cyril Zhang under sponsorship from
+# the FreeBSD Foundation.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case vmm_cred_jail_host cleanup
+vmm_cred_jail_host_head()
+{
+	atf_set "descr" "Tests deleting the host's VM from within a jail"
+	atf_set "require.user" "root"
+}
+vmm_cred_jail_host_body()
+{
+	if ! kldstat -qn vmm; then
+		atf_skip "vmm is not loaded"
+	fi
+	bhyvectl --vm=testvm --create
+	vmm_mkjail myjail
+	atf_check -s exit:1 -e ignore jexec myjail bhyvectl --vm=testvm --destroy
+}
+vmm_cred_jail_host_cleanup()
+{
+	bhyvectl --vm=testvm --destroy
+	vmm_cleanup
+}
+
+atf_test_case vmm_cred_jail_other cleanup
+vmm_cred_jail_other_head()
+{
+	atf_set "descr" "Tests deleting a jail's VM from within another jail"
+	atf_set "require.user" "root"
+}
+vmm_cred_jail_other_body()
+{
+	if ! kldstat -qn vmm; then
+		atf_skip "vmm is not loaded"
+	fi
+	vmm_mkjail myjail1
+	vmm_mkjail myjail2
+	atf_check -s exit:0 jexec myjail1 bhyvectl --vm=testvm --create
+	atf_check -s exit:1 -e ignore jexec myjail2 bhyvectl --vm=testvm --destroy
+}
+vmm_cred_jail_other_cleanup()
+{
+	bhyvectl --vm=testvm --destroy
+	vmm_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case vmm_cred_jail_host
+	atf_add_test_case vmm_cred_jail_other
+}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108181744.17IHi4ub017257>