git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dc7404c)
KVM: Device assignment: Check for privileges before assigning irq
authorAmit Shah <amit.shah@qumranet.com>
Wed, 13 Aug 2008 13:22:37 +0000 (16:22 +0300)
committerAvi Kivity <avi@qumranet.com>
Wed, 15 Oct 2008 08:15:20 +0000 (10:15 +0200)
Even though we don't share irqs at the moment, we should ensure
regular user processes don't try to allocate system resources.

We check for capability to access IO devices (CAP_SYS_RAWIO) before
we request_irq on behalf of the guest.

Noticed by Avi.

Signed-off-by: Amit Shah <amit.shah@qumranet.com>
Signed-off-by: Avi Kivity <avi@qumranet.com>
arch/x86/kvm/x86.c patch | blob | history

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 4a03375..fffdf4f 100644 (file)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -191,6 +191,11 @@ static int kvm_vm_ioctl_assign_irq(struct kvm *kvm,
                  kvm_assigned_dev_interrupt_work_handler);
 
        if (irqchip_in_kernel(kvm)) {
+               if (!capable(CAP_SYS_RAWIO)) {
+                       return -EPERM;
+                       goto out;
+               }
+
                if (assigned_irq->host_irq)
                        match->host_irq = assigned_irq->host_irq;
                else
Pandora Kernel Repository