Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Add the NVMM_CTL ioctl, always privileged regardless of the ...
details: https://anonhg.NetBSD.org/src/rev/8bc75711cc6b
branches: trunk
changeset: 455713:8bc75711cc6b
user: maxv <maxv%NetBSD.org@localhost>
date: Wed Apr 10 18:49:04 2019 +0000
description:
Add the NVMM_CTL ioctl, always privileged regardless of the permissions of
/dev/nvmm. We'll use it to provide a way for an admin to control the
registered VMs in the kernel.
Add an associated wrapper in libnvmm.
diffstat:
lib/libnvmm/libnvmm.c | 23 +++++++++++-
lib/libnvmm/nvmm.h | 4 +-
sys/dev/nvmm/nvmm.c | 71 +++++++++++++++++++++++++++++++++++-
sys/dev/nvmm/nvmm_internal.h | 3 +-
sys/dev/nvmm/nvmm_ioctl.h | 19 +++++++++-
sys/secmodel/suser/secmodel_suser.c | 5 +-
sys/sys/kauth.h | 3 +-
7 files changed, 118 insertions(+), 10 deletions(-)
diffs (277 lines):
diff -r 8c9282b8189c -r 8bc75711cc6b lib/libnvmm/libnvmm.c
--- a/lib/libnvmm/libnvmm.c Wed Apr 10 18:01:08 2019 +0000
+++ b/lib/libnvmm/libnvmm.c Wed Apr 10 18:49:04 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: libnvmm.c,v 1.8 2019/04/04 17:33:47 maxv Exp $ */
+/* $NetBSD: libnvmm.c,v 1.9 2019/04/10 18:49:04 maxv Exp $ */
/*
* Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -520,3 +520,24 @@
{
memcpy(&__callbacks, cbs, sizeof(__callbacks));
}
+
+int
+nvmm_ctl(int op, void *data, size_t size)
+{
+ struct nvmm_ioc_ctl args;
+ int ret;
+
+ if (nvmm_init() == -1) {
+ return -1;
+ }
+
+ args.op = op;
+ args.data = data;
+ args.size = size;
+
+ ret = ioctl(nvmm_fd, NVMM_IOC_CTL, &args);
+ if (ret == -1)
+ return -1;
+
+ return 0;
+}
diff -r 8c9282b8189c -r 8bc75711cc6b lib/libnvmm/nvmm.h
--- a/lib/libnvmm/nvmm.h Wed Apr 10 18:01:08 2019 +0000
+++ b/lib/libnvmm/nvmm.h Wed Apr 10 18:49:04 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nvmm.h,v 1.7 2019/04/04 17:33:47 maxv Exp $ */
+/* $NetBSD: nvmm.h,v 1.8 2019/04/10 18:49:04 maxv Exp $ */
/*
* Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -99,6 +99,8 @@
int nvmm_assist_mem(struct nvmm_machine *, nvmm_cpuid_t, struct nvmm_exit *);
void nvmm_callbacks_register(const struct nvmm_callbacks *);
+int nvmm_ctl(int, void *, size_t);
+
int nvmm_vcpu_dump(struct nvmm_machine *, nvmm_cpuid_t);
#endif /* _LIBNVMM_H_ */
diff -r 8c9282b8189c -r 8bc75711cc6b sys/dev/nvmm/nvmm.c
--- a/sys/dev/nvmm/nvmm.c Wed Apr 10 18:01:08 2019 +0000
+++ b/sys/dev/nvmm/nvmm.c Wed Apr 10 18:49:04 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nvmm.c,v 1.16 2019/04/08 18:30:54 maxv Exp $ */
+/* $NetBSD: nvmm.c,v 1.17 2019/04/10 18:49:04 maxv Exp $ */
/*
* Copyright (c) 2018-2019 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nvmm.c,v 1.16 2019/04/08 18:30:54 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nvmm.c,v 1.17 2019/04/10 18:49:04 maxv Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -44,6 +44,7 @@
#include <sys/mman.h>
#include <sys/file.h>
#include <sys/filedesc.h>
+#include <sys/kauth.h>
#include <uvm/uvm.h>
#include <uvm/uvm_page.h>
@@ -64,6 +65,8 @@
static const struct nvmm_impl *nvmm_impl = NULL;
+static struct nvmm_owner root_owner;
+
/* -------------------------------------------------------------------------- */
static int
@@ -82,6 +85,7 @@
}
mach->present = true;
+ mach->time = time_second;
*ret = mach;
atomic_inc_uint(&nmachines);
return 0;
@@ -116,7 +120,7 @@
rw_exit(&mach->lock);
return ENOENT;
}
- if (mach->owner != owner) {
+ if (owner != &root_owner && mach->owner != owner) {
rw_exit(&mach->lock);
return EPERM;
}
@@ -816,6 +820,65 @@
/* -------------------------------------------------------------------------- */
static int
+nvmm_ctl_mach_info(struct nvmm_ioc_ctl *args)
+{
+ struct nvmm_ctl_mach_info ctl;
+ struct nvmm_machine *mach;
+ struct nvmm_cpu *vcpu;
+ int error;
+ size_t i;
+
+ if (args->size != sizeof(ctl))
+ return EINVAL;
+ error = copyin(args->data, &ctl, sizeof(ctl));
+ if (error)
+ return error;
+
+ error = nvmm_machine_get(&root_owner, ctl.machid, &mach, true);
+ if (error)
+ return error;
+
+ ctl.nvcpus = 0;
+ for (i = 0; i < NVMM_MAX_VCPUS; i++) {
+ error = nvmm_vcpu_get(mach, i, &vcpu);
+ if (error)
+ continue;
+ ctl.nvcpus++;
+ nvmm_vcpu_put(vcpu);
+ }
+ ctl.pid = mach->owner->pid;
+ ctl.time = mach->time;
+
+ nvmm_machine_put(mach);
+
+ error = copyout(&ctl, args->data, sizeof(ctl));
+ if (error)
+ return error;
+
+ return 0;
+}
+
+static int
+nvmm_ctl(struct nvmm_owner *owner, struct nvmm_ioc_ctl *args)
+{
+ int error;
+
+ error = kauth_authorize_device(curlwp->l_cred, KAUTH_DEVICE_NVMM_CTL,
+ NULL, NULL, NULL, NULL);
+ if (error)
+ return error;
+
+ switch (args->op) {
+ case NVMM_CTL_MACH_INFO:
+ return nvmm_ctl_mach_info(args);
+ default:
+ return EINVAL;
+ }
+}
+
+/* -------------------------------------------------------------------------- */
+
+static int
nvmm_init(void)
{
size_t i, n;
@@ -965,6 +1028,8 @@
return nvmm_hva_map(owner, data);
case NVMM_IOC_HVA_UNMAP:
return nvmm_hva_unmap(owner, data);
+ case NVMM_IOC_CTL:
+ return nvmm_ctl(owner, data);
default:
return EINVAL;
}
diff -r 8c9282b8189c -r 8bc75711cc6b sys/dev/nvmm/nvmm_internal.h
--- a/sys/dev/nvmm/nvmm_internal.h Wed Apr 10 18:01:08 2019 +0000
+++ b/sys/dev/nvmm/nvmm_internal.h Wed Apr 10 18:49:04 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nvmm_internal.h,v 1.8 2019/04/08 18:21:42 maxv Exp $ */
+/* $NetBSD: nvmm_internal.h,v 1.9 2019/04/10 18:49:04 maxv Exp $ */
/*
* Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -67,6 +67,7 @@
struct nvmm_machine {
bool present;
nvmm_machid_t machid;
+ time_t time;
struct nvmm_owner *owner;
krwlock_t lock;
diff -r 8c9282b8189c -r 8bc75711cc6b sys/dev/nvmm/nvmm_ioctl.h
--- a/sys/dev/nvmm/nvmm_ioctl.h Wed Apr 10 18:01:08 2019 +0000
+++ b/sys/dev/nvmm/nvmm_ioctl.h Wed Apr 10 18:49:04 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nvmm_ioctl.h,v 1.4 2019/03/21 20:21:40 maxv Exp $ */
+/* $NetBSD: nvmm_ioctl.h,v 1.5 2019/04/10 18:49:04 maxv Exp $ */
/*
* Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -118,6 +118,21 @@
size_t size;
};
+struct nvmm_ctl_mach_info {
+ nvmm_machid_t machid;
+ size_t nvcpus;
+ pid_t pid;
+ time_t time;
+};
+
+struct nvmm_ioc_ctl {
+ int op;
+#define NVMM_CTL_MACH_INFO 0
+
+ void *data;
+ size_t size;
+};
+
#define NVMM_IOC_CAPABILITY _IOR ('N', 0, struct nvmm_ioc_capability)
#define NVMM_IOC_MACHINE_CREATE _IOWR('N', 1, struct nvmm_ioc_machine_create)
#define NVMM_IOC_MACHINE_DESTROY _IOW ('N', 2, struct nvmm_ioc_machine_destroy)
@@ -133,4 +148,6 @@
#define NVMM_IOC_HVA_MAP _IOW ('N', 12, struct nvmm_ioc_hva_map)
#define NVMM_IOC_HVA_UNMAP _IOW ('N', 13, struct nvmm_ioc_hva_unmap)
+#define NVMM_IOC_CTL _IOW ('N', 20, struct nvmm_ioc_ctl)
+
#endif /* _NVMM_IOCTL_H_ */
diff -r 8c9282b8189c -r 8bc75711cc6b sys/secmodel/suser/secmodel_suser.c
--- a/sys/secmodel/suser/secmodel_suser.c Wed Apr 10 18:01:08 2019 +0000
+++ b/sys/secmodel/suser/secmodel_suser.c Wed Apr 10 18:49:04 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.49 2018/10/05 22:12:38 christos Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.50 2019/04/10 18:49:04 maxv Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.49 2018/10/05 22:12:38 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.50 2019/04/10 18:49:04 maxv Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -893,6 +893,7 @@
case KAUTH_DEVICE_RND_SETPRIV:
case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL:
case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT:
+ case KAUTH_DEVICE_NVMM_CTL:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
diff -r 8c9282b8189c -r 8bc75711cc6b sys/sys/kauth.h
--- a/sys/sys/kauth.h Wed Apr 10 18:01:08 2019 +0000
+++ b/sys/sys/kauth.h Wed Apr 10 18:49:04 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.81 2018/10/05 22:12:37 christos Exp $ */
+/* $NetBSD: kauth.h,v 1.82 2019/04/10 18:49:04 maxv Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -347,6 +347,7 @@
KAUTH_DEVICE_TTY_VIRTUAL,
KAUTH_DEVICE_WSCONS_KEYBOARD_BELL,
KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT,
+ KAUTH_DEVICE_NVMM_CTL,
};
/*
Home |
Main Index |
Thread Index |
Old Index