]> git.proxmox.com Git - mirror_ubuntu-disco-kernel.git/commit
projects / mirror_ubuntu-disco-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7af2460) | patch
KVM: Reject device ioctls from processes other than the VM's creator
authorSean Christopherson <sean.j.christopherson@intel.com>
Fri, 15 Feb 2019 20:48:39 +0000 (12:48 -0800)
committerSeth Forshee <seth.forshee@canonical.com>
Wed, 3 Apr 2019 18:12:52 +0000 (13:12 -0500)
commit69d35cdf870f55a75d64a177ed57d69cfdc15be1
tree1a3d2ffb76cd3b33c201ee053ac3dc06231c12e4tree
parent7af2460a4c64fd16e4ce7424d3a60b3fe5eb1699commit | diff
KVM: Reject device ioctls from processes other than the VM's creator

BugLink: https://bugs.launchpad.net/bugs/1823060
commit ddba91801aeb5c160b660caed1800eb3aef403f8 upstream.

KVM's API requires thats ioctls must be issued from the same process
that created the VM.  In other words, userspace can play games with a
VM's file descriptors, e.g. fork(), SCM_RIGHTS, etc..., but only the
creator can do anything useful.  Explicitly reject device ioctls that
are issued by a process other than the VM's creator, and update KVM's
API documentation to extend its requirements to device ioctls.

Fixes: 852b6d57dc7f ("kvm: add device control API")
Cc: <stable@vger.kernel.org>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Documentation/virtual/kvm/api.txt diff | blob | blame | history
virt/kvm/kvm_main.c diff | blob | blame | history
Ubuntu Disco kernel mirror for Proxmox VE and PMG