svn commit: r337023 - in head: sys/amd64/vmm usr.sbin/jail
Marcelo Araujo
araujo at FreeBSD.org
Wed Aug 1 00:39:23 UTC 2018
Author: araujo
Date: Wed Aug 1 00:39:21 2018
New Revision: 337023
URL: https://svnweb.freebsd.org/changeset/base/337023
Log:
- Add the ability to run bhyve(8) within a jail(8).
This patch adds a new sysctl(8) knob "security.jail.vmm_allowed",
by default this option is disable.
Submitted by: Shawn Webb <shawn.webb____hardenedbsd.org>
Reviewed by: jamie@ and myself.
Relnotes: Yes.
Sponsored by: HardenedBSD and G2, Inc.
Differential Revision: https://reviews.freebsd.org/D16057
Modified:
head/sys/amd64/vmm/vmm_dev.c
head/usr.sbin/jail/jail.8
Modified: head/sys/amd64/vmm/vmm_dev.c
==============================================================================
--- head/sys/amd64/vmm/vmm_dev.c Tue Jul 31 23:44:13 2018 (r337022)
+++ head/sys/amd64/vmm/vmm_dev.c Wed Aug 1 00:39:21 2018 (r337023)
@@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/kernel.h>
+#include <sys/jail.h>
#include <sys/queue.h>
#include <sys/lock.h>
#include <sys/mutex.h>
@@ -43,6 +44,7 @@ __FBSDID("$FreeBSD$");
#include <sys/ioccom.h>
#include <sys/mman.h>
#include <sys/uio.h>
+#include <sys/proc.h>
#include <vm/vm.h>
#include <vm/pmap.h>
@@ -82,16 +84,29 @@ struct vmmdev_softc {
static SLIST_HEAD(, vmmdev_softc) head;
+static unsigned pr_allow_flag;
static struct mtx vmmdev_mtx;
static MALLOC_DEFINE(M_VMMDEV, "vmmdev", "vmmdev");
SYSCTL_DECL(_hw_vmm);
+static int vmm_priv_check(struct ucred *ucred);
static int devmem_create_cdev(const char *vmname, int id, char *devmem);
static void devmem_destroy(void *arg);
static int
+vmm_priv_check(struct ucred *ucred)
+{
+
+ if (jailed(ucred) &&
+ !(ucred->cr_prison->pr_allow & pr_allow_flag))
+ return (EPERM);
+
+ return (0);
+}
+
+static int
vcpu_lock_one(struct vmmdev_softc *sc, int vcpu)
{
int error;
@@ -177,6 +192,10 @@ vmmdev_rw(struct cdev *cdev, struct uio *uio, int flag
void *hpa, *cookie;
struct vmmdev_softc *sc;
+ error = vmm_priv_check(curthread->td_ucred);
+ if (error)
+ return (error);
+
sc = vmmdev_lookup2(cdev);
if (sc == NULL)
return (ENXIO);
@@ -351,11 +370,14 @@ vmmdev_ioctl(struct cdev *cdev, u_long cmd, caddr_t da
uint64_t *regvals;
int *regnums;
+ error = vmm_priv_check(curthread->td_ucred);
+ if (error)
+ return (error);
+
sc = vmmdev_lookup2(cdev);
if (sc == NULL)
return (ENXIO);
- error = 0;
vcpu = -1;
state_changed = 0;
@@ -777,6 +799,10 @@ vmmdev_mmap_single(struct cdev *cdev, vm_ooffset_t *of
int error, found, segid;
bool sysmem;
+ error = vmm_priv_check(curthread->td_ucred);
+ if (error)
+ return (error);
+
first = *offset;
last = first + mapsize;
if ((nprot & PROT_EXEC) || first < 0 || first >= last)
@@ -865,6 +891,10 @@ sysctl_vmm_destroy(SYSCTL_HANDLER_ARGS)
struct vmmdev_softc *sc;
struct cdev *cdev;
+ error = vmm_priv_check(req->td->td_ucred);
+ if (error)
+ return (error);
+
strlcpy(buf, "beavis", sizeof(buf));
error = sysctl_handle_string(oidp, buf, sizeof(buf), req);
if (error != 0 || req->newptr == NULL)
@@ -906,7 +936,8 @@ sysctl_vmm_destroy(SYSCTL_HANDLER_ARGS)
destroy_dev_sched_cb(cdev, vmmdev_destroy, sc);
return (0);
}
-SYSCTL_PROC(_hw_vmm, OID_AUTO, destroy, CTLTYPE_STRING | CTLFLAG_RW,
+SYSCTL_PROC(_hw_vmm, OID_AUTO, destroy,
+ CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON,
NULL, 0, sysctl_vmm_destroy, "A", NULL);
static struct cdevsw vmmdevsw = {
@@ -927,6 +958,10 @@ sysctl_vmm_create(SYSCTL_HANDLER_ARGS)
struct vmmdev_softc *sc, *sc2;
char buf[VM_MAX_NAMELEN];
+ error = vmm_priv_check(req->td->td_ucred);
+ if (error)
+ return (error);
+
strlcpy(buf, "beavis", sizeof(buf));
error = sysctl_handle_string(oidp, buf, sizeof(buf), req);
if (error != 0 || req->newptr == NULL)
@@ -977,13 +1012,16 @@ sysctl_vmm_create(SYSCTL_HANDLER_ARGS)
return (0);
}
-SYSCTL_PROC(_hw_vmm, OID_AUTO, create, CTLTYPE_STRING | CTLFLAG_RW,
+SYSCTL_PROC(_hw_vmm, OID_AUTO, create,
+ CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON,
NULL, 0, sysctl_vmm_create, "A", NULL);
void
vmmdev_init(void)
{
mtx_init(&vmmdev_mtx, "vmm device mutex", NULL, MTX_DEF);
+ pr_allow_flag = prison_add_allow(NULL, "vmm", NULL,
+ "Allow use of vmm in a jail.");
}
int
Modified: head/usr.sbin/jail/jail.8
==============================================================================
--- head/usr.sbin/jail/jail.8 Tue Jul 31 23:44:13 2018 (r337022)
+++ head/usr.sbin/jail/jail.8 Wed Aug 1 00:39:21 2018 (r337023)
@@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 29, 2018
+.Dd July 30, 2018
.Dt JAIL 8
.Os
.Sh NAME
@@ -650,6 +650,12 @@ See
.Xr zfs 8
for information on how to configure the ZFS filesystem to operate from
within a jail.
+.It Va allow.vmm
+The jail may access
+.Xr vmm 4 .
+This flag is only available when the
+.Xr vmm 4
+kernel module is loaded.
.It Va linux
Determine how a jail's Linux emulation environment appears.
A value of
@@ -1294,6 +1300,7 @@ environment of the first jail.
.Xr ps 1 ,
.Xr quota 1 ,
.Xr jail_set 2 ,
+.Xr vmm 4 ,
.Xr devfs 5 ,
.Xr fdescfs 5 ,
.Xr jail.conf 5 ,
More information about the svn-src-all
mailing list