From nobody Tue Nov 04 13:04:58 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d17wB4x4zz6G2fC; Tue, 04 Nov 2025 13:04:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4d17wB3Kqmz3tN5; Tue, 04 Nov 2025 13:04:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1762261498; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KWHG8LpvVo/Hx64VUb3pl1Adm2BEO/3ZCY63/A/fCpw=; b=XZk9bC2bSvuuIE9dmad3QWWyf5g688qODTpxWVKtBEnZWTVyPi/J7kW0VTaYNzqfraWjKu Rd5y7K3hC/vuODMz8prNGT0OSLfyf23LwWKDog9A/EEAsw7I5e+PRdXoCrjd0rOB+0Udtu y7m9keqVRNZPccDAI+XF2g0QxB48Qxm0TTZe480wR6M7ZxVe6jkc8QQE1kmEYpx82PGAsg SbtghznB+73sMo7ifhZa2k0nz6O2fVKKDU0qeQCnzjTspdl7KX0qU2U+DiIvURg0zYzL+O hKgBB+aHukfiPIbKHVMEouWZHXqbUhTHqJMZ7wRgvlNuha9AbVRMMCw9ozKdjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1762261498; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KWHG8LpvVo/Hx64VUb3pl1Adm2BEO/3ZCY63/A/fCpw=; b=oVdMpjdwLSgIcE+aNGamwHinV4lxPtZBd+es+rwLNpZeWQtmi7sOgmYnKT/z8Rvg1bXo9o aB2VHPt4YjCRN8yL7PXQWVDOsGnRsfA5xefsmG45dknXvxXmjHp0QI/XboJGSPBcM/hCJV RY05ReZ6f+iubp5lJWmClti/9e/RK+PZKApwha9C2MMyoKWj4lfER6OEaLYZOuc8vlFV4c VUFgYTurE80VmiBQkLcYtl06J3Q/yLUKXhIi+cny5yxjc8LW/rRuagpCDqWn/umbxkt27v fN0eKnr9/DvZ7nU75J+Vz7O/UYs5IFX4t8QrdAcvb1QqWDSC0jkO8gA6/0nInw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1762261498; a=rsa-sha256; cv=none; b=cwBsUYXxljitxjFkIQSc7Z1kWtpVcCjsetKGB5JDoZpnZfy/F7SnXP9mT9rtBBV4PA1FXZ bNLADdtsN0BmZLOccEX2s1NaAmJtI16ce6FZhkUHZumMAxBA9udcFez/b7rCZVrVTsKGiY ZeVFSZvl29izeiBn/bYc9XeHJhe/8JRCt1WdhGzji8qP1r4BX+R4V54b99iEJxvktvIcIC 8TP4EWX2QHZ6yR9FkWRfD7dcFzSFFe6Kxj2agmoB6+mPHqBOevghI1qoRP3iiszxnzbqV7 ncexDVVJicfm90D2WaV3B74jg04h5/GTbIpa+Zv42SVAxA7JdRjG2/mBA8UB+A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d17wB2tzNzy3t; Tue, 04 Nov 2025 13:04:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5A4D4w19034779; Tue, 4 Nov 2025 13:04:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5A4D4w5r034776; Tue, 4 Nov 2025 13:04:58 GMT (envelope-from git) Date: Tue, 4 Nov 2025 13:04:58 GMT Message-Id: <202511041304.5A4D4w5r034776@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: e2d6c959b29d - stable/15 - vmm: Add PRIV_DRIVER checks for passthru ioctls List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: e2d6c959b29d85a83a0c827b02f3303b115daf03 Auto-Submitted: auto-generated The branch stable/15 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=e2d6c959b29d85a83a0c827b02f3303b115daf03 commit e2d6c959b29d85a83a0c827b02f3303b115daf03 Author: Mark Johnston AuthorDate: 2025-10-21 17:34:29 +0000 Commit: Mark Johnston CommitDate: 2025-11-04 12:46:53 +0000 vmm: Add PRIV_DRIVER checks for passthru ioctls In preparation for allowing non-root users to create and access bhyve VMs, add privilege checks for ioctls which operate on passthru devices. Reviewed by: corvink MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D53144 (cherry picked from commit e11768e94787bef2866486ba8616353716a10447) --- sys/amd64/vmm/vmm_dev_machdep.c | 18 +++++++++++------- sys/dev/vmm/vmm_dev.c | 7 +++++++ sys/dev/vmm/vmm_dev.h | 1 + 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/sys/amd64/vmm/vmm_dev_machdep.c b/sys/amd64/vmm/vmm_dev_machdep.c index dfebc9dcadbf..347f739d53ec 100644 --- a/sys/amd64/vmm/vmm_dev_machdep.c +++ b/sys/amd64/vmm/vmm_dev_machdep.c @@ -124,12 +124,16 @@ const struct vmmdev_ioctl vmmdev_machdep_ioctls[] = { VMMDEV_IOCTL(VM_SET_KERNEMU_DEV, VMMDEV_IOCTL_LOCK_ONE_VCPU), VMMDEV_IOCTL(VM_BIND_PPTDEV, - VMMDEV_IOCTL_XLOCK_MEMSEGS | VMMDEV_IOCTL_LOCK_ALL_VCPUS), + VMMDEV_IOCTL_XLOCK_MEMSEGS | VMMDEV_IOCTL_LOCK_ALL_VCPUS | + VMMDEV_IOCTL_PRIV_CHECK_DRIVER), VMMDEV_IOCTL(VM_UNBIND_PPTDEV, - VMMDEV_IOCTL_XLOCK_MEMSEGS | VMMDEV_IOCTL_LOCK_ALL_VCPUS), + VMMDEV_IOCTL_XLOCK_MEMSEGS | VMMDEV_IOCTL_LOCK_ALL_VCPUS | + VMMDEV_IOCTL_PRIV_CHECK_DRIVER), - VMMDEV_IOCTL(VM_MAP_PPTDEV_MMIO, VMMDEV_IOCTL_LOCK_ALL_VCPUS), - VMMDEV_IOCTL(VM_UNMAP_PPTDEV_MMIO, VMMDEV_IOCTL_LOCK_ALL_VCPUS), + VMMDEV_IOCTL(VM_MAP_PPTDEV_MMIO, VMMDEV_IOCTL_LOCK_ALL_VCPUS | + VMMDEV_IOCTL_PRIV_CHECK_DRIVER), + VMMDEV_IOCTL(VM_UNMAP_PPTDEV_MMIO, VMMDEV_IOCTL_LOCK_ALL_VCPUS | + VMMDEV_IOCTL_PRIV_CHECK_DRIVER), #ifdef BHYVE_SNAPSHOT #ifdef COMPAT_FREEBSD13 VMMDEV_IOCTL(VM_SNAPSHOT_REQ_13, VMMDEV_IOCTL_LOCK_ALL_VCPUS), @@ -147,9 +151,9 @@ const struct vmmdev_ioctl vmmdev_machdep_ioctls[] = { VMMDEV_IOCTL(VM_LAPIC_LOCAL_IRQ, VMMDEV_IOCTL_MAYBE_ALLOC_VCPU), - VMMDEV_IOCTL(VM_PPTDEV_MSI, 0), - VMMDEV_IOCTL(VM_PPTDEV_MSIX, 0), - VMMDEV_IOCTL(VM_PPTDEV_DISABLE_MSIX, 0), + VMMDEV_IOCTL(VM_PPTDEV_MSI, VMMDEV_IOCTL_PRIV_CHECK_DRIVER), + VMMDEV_IOCTL(VM_PPTDEV_MSIX, VMMDEV_IOCTL_PRIV_CHECK_DRIVER), + VMMDEV_IOCTL(VM_PPTDEV_DISABLE_MSIX, VMMDEV_IOCTL_PRIV_CHECK_DRIVER), VMMDEV_IOCTL(VM_LAPIC_MSI, 0), VMMDEV_IOCTL(VM_IOAPIC_ASSERT_IRQ, 0), VMMDEV_IOCTL(VM_IOAPIC_DEASSERT_IRQ, 0), diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c index 51c946f24c91..5b857a171e94 100644 --- a/sys/dev/vmm/vmm_dev.c +++ b/sys/dev/vmm/vmm_dev.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -454,6 +455,12 @@ vmmdev_ioctl(struct cdev *cdev, u_long cmd, caddr_t data, int fflag, if (ioctl == NULL) return (ENOTTY); + if ((ioctl->flags & VMMDEV_IOCTL_PRIV_CHECK_DRIVER) != 0) { + error = priv_check(td, PRIV_DRIVER); + if (error != 0) + return (error); + } + if ((ioctl->flags & VMMDEV_IOCTL_XLOCK_MEMSEGS) != 0) vm_xlock_memsegs(sc->vm); else if ((ioctl->flags & VMMDEV_IOCTL_SLOCK_MEMSEGS) != 0) diff --git a/sys/dev/vmm/vmm_dev.h b/sys/dev/vmm/vmm_dev.h index 410066c49cf2..2881a7063565 100644 --- a/sys/dev/vmm/vmm_dev.h +++ b/sys/dev/vmm/vmm_dev.h @@ -44,6 +44,7 @@ struct vmmdev_ioctl { #define VMMDEV_IOCTL_LOCK_ALL_VCPUS 0x08 #define VMMDEV_IOCTL_ALLOC_VCPU 0x10 #define VMMDEV_IOCTL_MAYBE_ALLOC_VCPU 0x20 +#define VMMDEV_IOCTL_PRIV_CHECK_DRIVER 0x40 int flags; };