From nobody Sun Sep 1 14:09:42 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WxYfv23SXz5VGjL; Sun, 01 Sep 2024 14:09:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WxYfv0K8Tz4Qd0; Sun, 1 Sep 2024 14:09:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725199783; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tPN2cOMthTEcSylOs06U7IoekojfwgGOMbFasV/hjro=; b=Dg9y2VI1Qp09nLzRN0R90uqweKUU2yLrTqqXN4qJ1LuO/3vvyYTjKb8EuNAR7srTYUIcDD w/6OHDoUhcmCCsISg3AM6Ikfl5dyYwcsakYCQpD/C4rnRnAV0gLFYMT0S+k7tvfjsppJBi PP5m7eSNW4eeUatZP9bc/Qv/4mPzEODvME1m7skCMIPkjOXjEe1KP/1SsEOxJwpIyYXPLX 4fDy0yajrjiJ843ElmJRJbl9Qon026wxlyEqSwgF6eTx60bawGH1cdYskusDxjbLFuEkED 8jqXY5SBDQMQZurcbDy8A65q1hAwKngBVatVO94itJeZ2i3wDQSxnbIYX76DcA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725199783; a=rsa-sha256; cv=none; b=RLXpQiekPlLzCTXuAWJ6n5GKL5KVrxZiZxMS20B2r2jGICtUgi/GDzhojTA4WD/UQLl25x pZdaeENki5MGBOZZ1HutAWCTX29ETVdT9sAVQ+vwMsI5m9n+2Jgbif4bP90ldZWnO/nWEK fLL1GLt97nvyMIDTVcvdLcp+oUj8c7LfPLyTQDaXS6M1RJ59bxrNCYCTwcrqlcfh51L1IZ WSmtKIjhx/x5ViJp0zX0d+rnL8SJDLLVg/EtqQY2UyG4Lu2+L/6xlNmKJA5N3bgHXVXP7f KPMttppGfdzAroF8Upl+I+fFNKJ+nErMXiCz9lUprT3eTVUsqDVvqWGbs8vlMA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725199783; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tPN2cOMthTEcSylOs06U7IoekojfwgGOMbFasV/hjro=; b=c8jnm11Xwqlm2Y3GgJiCsJ5Ull/DpY2st23DMETDPhl9EwaMCQB347uNtaZA8joLNE6bN+ APxYmOPnMPqmiUTLkuBsH2zTJ4pK6QCJAm+NDyCfaamUc1MoNTeOZhb8aK9Jy0LD3avCI2 mYjh9HcYBlrPhNUcFVjWOBrcKYaAizyhCWa1saKgKNae8xwoKzhrPPxogjT6V4uHzZCUbJ pHpeXySX6UWkgoHP6Ch3IknX/kciP9sNebLr/O3kaBGAwc9uZDjSLSmIuZdf2z/unnJ/I4 AFa5OcdgPpo0Nl9IxsGnbE8ZegeX5b/3OFWhL0Ki/lVjO4uVmpRTbLzuVfBJ4w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WxYft731DzX4l; Sun, 1 Sep 2024 14:09:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 481E9gGm099648; Sun, 1 Sep 2024 14:09:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 481E9ghn099645; Sun, 1 Sep 2024 14:09:42 GMT (envelope-from git) Date: Sun, 1 Sep 2024 14:09:42 GMT Message-Id: <202409011409.481E9ghn099645@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 4008758105a6 - main - vmm: Validate credentials when opening a vmmdev List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4008758105a6da9eaa0b96b81dfb3042a33259be Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=4008758105a6da9eaa0b96b81dfb3042a33259be commit 4008758105a6da9eaa0b96b81dfb3042a33259be Author: Mark Johnston AuthorDate: 2024-09-01 14:00:32 +0000 Commit: Mark Johnston CommitDate: 2024-09-01 14:03:16 +0000 vmm: Validate credentials when opening a vmmdev Rather than performing privilege checks after a specific VM's device file is opened, do it once at the time the device file is opened. This means that one can continue to access a VM via its device fd after attaching to a jail which does not have vmm enabled, but this seems like a reasonable semantic to have anyway. Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D46486 --- sys/dev/vmm/vmm_dev.c | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c index f43429de4d4c..b4ae2997006f 100644 --- a/sys/dev/vmm/vmm_dev.c +++ b/sys/dev/vmm/vmm_dev.c @@ -186,10 +186,6 @@ vmmdev_rw(struct cdev *cdev, struct uio *uio, int flags) void *hpa, *cookie; struct vmmdev_softc *sc; - error = vmm_priv_check(curthread->td_ucred); - if (error) - return (error); - sc = vmmdev_lookup2(cdev); if (sc == NULL) return (ENXIO); @@ -327,6 +323,32 @@ vm_set_register_set(struct vcpu *vcpu, unsigned int count, int *regnum, return (error); } +static int +vmmdev_open(struct cdev *dev, int flags, int fmt, struct thread *td) +{ + struct vmmdev_softc *sc; + int error; + + sc = vmmdev_lookup2(dev); + KASSERT(sc != NULL, ("%s: device not found", __func__)); + + /* + * A user can only access VMs that they themselves have created. + */ + if (td->td_ucred != sc->ucred) + return (EPERM); + + /* + * A jail without vmm access shouldn't be able to access vmm device + * files at all, but check here just to be thorough. + */ + error = vmm_priv_check(td->td_ucred); + if (error != 0) + return (error); + + return (0); +} + static const struct vmmdev_ioctl vmmdev_ioctls[] = { VMMDEV_IOCTL(VM_GET_REGISTER, VMMDEV_IOCTL_LOCK_ONE_VCPU), VMMDEV_IOCTL(VM_SET_REGISTER, VMMDEV_IOCTL_LOCK_ONE_VCPU), @@ -375,10 +397,6 @@ vmmdev_ioctl(struct cdev *cdev, u_long cmd, caddr_t data, int fflag, const struct vmmdev_ioctl *ioctl; int error, vcpuid; - error = vmm_priv_check(td->td_ucred); - if (error) - return (error); - sc = vmmdev_lookup2(cdev); if (sc == NULL) return (ENXIO); @@ -681,10 +699,6 @@ vmmdev_mmap_single(struct cdev *cdev, vm_ooffset_t *offset, vm_size_t mapsize, int error, found, segid; bool sysmem; - error = vmm_priv_check(curthread->td_ucred); - if (error) - return (error); - first = *offset; last = first + mapsize; if ((nprot & PROT_EXEC) || first < 0 || first >= last) @@ -833,6 +847,7 @@ SYSCTL_PROC(_hw_vmm, OID_AUTO, destroy, static struct cdevsw vmmdevsw = { .d_name = "vmmdev", .d_version = D_VERSION, + .d_open = vmmdev_open, .d_ioctl = vmmdev_ioctl, .d_mmap_single = vmmdev_mmap_single, .d_read = vmmdev_rw,