svn commit: r337023 - in head: sys/amd64/vmm usr.sbin/jail

Marcelo Araujo araujo at FreeBSD.org
Wed Aug 1 00:39:23 UTC 2018 

Author: araujo
Date: Wed Aug  1 00:39:21 2018
New Revision: 337023
URL: https://svnweb.freebsd.org/changeset/base/337023

Log:
  - Add the ability to run bhyve(8) within a jail(8).
  
  This patch adds a new sysctl(8) knob "security.jail.vmm_allowed",
  by default this option is disable.
  
  Submitted by:	Shawn Webb <shawn.webb____hardenedbsd.org>
  Reviewed by:	jamie@ and myself.
  Relnotes:	Yes.
  Sponsored by:	HardenedBSD and G2, Inc.
  Differential Revision:	https://reviews.freebsd.org/D16057

Modified:
  head/sys/amd64/vmm/vmm_dev.c
  head/usr.sbin/jail/jail.8

Modified: head/sys/amd64/vmm/vmm_dev.c
==============================================================================
--- head/sys/amd64/vmm/vmm_dev.c	Tue Jul 31 23:44:13 2018	(r337022)
+++ head/sys/amd64/vmm/vmm_dev.c	Wed Aug  1 00:39:21 2018	(r337023)
@@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
 #include <sys/kernel.h>
+#include <sys/jail.h>
 #include <sys/queue.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
@@ -43,6 +44,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/ioccom.h>
 #include <sys/mman.h>
 #include <sys/uio.h>
+#include <sys/proc.h>
 
 #include <vm/vm.h>
 #include <vm/pmap.h>
@@ -82,16 +84,29 @@ struct vmmdev_softc {
 
 static SLIST_HEAD(, vmmdev_softc) head;
 
+static unsigned pr_allow_flag;
 static struct mtx vmmdev_mtx;
 
 static MALLOC_DEFINE(M_VMMDEV, "vmmdev", "vmmdev");
 
 SYSCTL_DECL(_hw_vmm);
 
+static int vmm_priv_check(struct ucred *ucred);
 static int devmem_create_cdev(const char *vmname, int id, char *devmem);
 static void devmem_destroy(void *arg);
 
 static int
+vmm_priv_check(struct ucred *ucred)
+{
+
+	if (jailed(ucred) &&
+	    !(ucred->cr_prison->pr_allow & pr_allow_flag))
+		return (EPERM);
+
+	return (0);
+}
+
+static int
 vcpu_lock_one(struct vmmdev_softc *sc, int vcpu)
 {
 	int error;
@@ -177,6 +192,10 @@ vmmdev_rw(struct cdev *cdev, struct uio *uio, int flag
 	void *hpa, *cookie;
 	struct vmmdev_softc *sc;
 
+	error = vmm_priv_check(curthread->td_ucred);
+	if (error)
+		return (error);
+
 	sc = vmmdev_lookup2(cdev);
 	if (sc == NULL)
 		return (ENXIO);
@@ -351,11 +370,14 @@ vmmdev_ioctl(struct cdev *cdev, u_long cmd, caddr_t da
 	uint64_t *regvals;
 	int *regnums;
 
+	error = vmm_priv_check(curthread->td_ucred);
+	if (error)
+		return (error);
+
 	sc = vmmdev_lookup2(cdev);
 	if (sc == NULL)
 		return (ENXIO);
 
-	error = 0;
 	vcpu = -1;
 	state_changed = 0;
 
@@ -777,6 +799,10 @@ vmmdev_mmap_single(struct cdev *cdev, vm_ooffset_t *of
 	int error, found, segid;
 	bool sysmem;
 
+	error = vmm_priv_check(curthread->td_ucred);
+	if (error)
+		return (error);
+
 	first = *offset;
 	last = first + mapsize;
 	if ((nprot & PROT_EXEC) || first < 0 || first >= last)
@@ -865,6 +891,10 @@ sysctl_vmm_destroy(SYSCTL_HANDLER_ARGS)
 	struct vmmdev_softc *sc;
 	struct cdev *cdev;
 
+	error = vmm_priv_check(req->td->td_ucred);
+	if (error)
+		return (error);
+
 	strlcpy(buf, "beavis", sizeof(buf));
 	error = sysctl_handle_string(oidp, buf, sizeof(buf), req);
 	if (error != 0 || req->newptr == NULL)
@@ -906,7 +936,8 @@ sysctl_vmm_destroy(SYSCTL_HANDLER_ARGS)
 	destroy_dev_sched_cb(cdev, vmmdev_destroy, sc);
 	return (0);
 }
-SYSCTL_PROC(_hw_vmm, OID_AUTO, destroy, CTLTYPE_STRING | CTLFLAG_RW,
+SYSCTL_PROC(_hw_vmm, OID_AUTO, destroy,
+	    CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON,
 	    NULL, 0, sysctl_vmm_destroy, "A", NULL);
 
 static struct cdevsw vmmdevsw = {
@@ -927,6 +958,10 @@ sysctl_vmm_create(SYSCTL_HANDLER_ARGS)
 	struct vmmdev_softc *sc, *sc2;
 	char buf[VM_MAX_NAMELEN];
 
+	error = vmm_priv_check(req->td->td_ucred);
+	if (error)
+		return (error);
+
 	strlcpy(buf, "beavis", sizeof(buf));
 	error = sysctl_handle_string(oidp, buf, sizeof(buf), req);
 	if (error != 0 || req->newptr == NULL)
@@ -977,13 +1012,16 @@ sysctl_vmm_create(SYSCTL_HANDLER_ARGS)
 
 	return (0);
 }
-SYSCTL_PROC(_hw_vmm, OID_AUTO, create, CTLTYPE_STRING | CTLFLAG_RW,
+SYSCTL_PROC(_hw_vmm, OID_AUTO, create,
+	    CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON,
 	    NULL, 0, sysctl_vmm_create, "A", NULL);
 
 void
 vmmdev_init(void)
 {
 	mtx_init(&vmmdev_mtx, "vmm device mutex", NULL, MTX_DEF);
+	pr_allow_flag = prison_add_allow(NULL, "vmm", NULL,
+	    "Allow use of vmm in a jail.");
 }
 
 int

Modified: head/usr.sbin/jail/jail.8
==============================================================================
--- head/usr.sbin/jail/jail.8	Tue Jul 31 23:44:13 2018	(r337022)
+++ head/usr.sbin/jail/jail.8	Wed Aug  1 00:39:21 2018	(r337023)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 29, 2018
+.Dd July 30, 2018
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -650,6 +650,12 @@ See
 .Xr zfs 8
 for information on how to configure the ZFS filesystem to operate from
 within a jail.
+.It Va allow.vmm
+The jail may access
+.Xr vmm 4 .
+This flag is only available when the
+.Xr vmm 4
+kernel module is loaded.
 .It Va linux
 Determine how a jail's Linux emulation environment appears.
 A value of
@@ -1294,6 +1300,7 @@ environment of the first jail.
 .Xr ps 1 ,
 .Xr quota 1 ,
 .Xr jail_set 2 ,
+.Xr vmm 4 ,
 .Xr devfs 5 ,
 .Xr fdescfs 5 ,
 .Xr jail.conf 5 ,

More information about the svn-src-all mailing list