From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Williamson Subject: Re: [PATCH qemu-kvm] device-assignment: add config fd qdev property Date: Wed, 19 May 2010 13:08:10 -0600 Message-ID: <1274296090.19762.6.camel@localhost> References: <20100519190041.GK28275@x200.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: Chris Wright Return-path: Received: from mx1.redhat.com ([209.132.183.28]:21071 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752865Ab0ESTIM (ORCPT ); Wed, 19 May 2010 15:08:12 -0400 Received: from int-mx08.intmail.prod.int.phx2.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o4JJ8BfO010998 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 19 May 2010 15:08:11 -0400 In-Reply-To: <20100519190041.GK28275@x200.localdomain> Sender: kvm-owner@vger.kernel.org List-ID: On Wed, 2010-05-19 at 12:00 -0700, Chris Wright wrote: > When libvirt launches a guest it first chowns the relevenat > /sys/bus/pci/.../config file for an assigned device then drops privileges. > > This causes an issue for device assignment because despite being file > owner, the sysfs config space file checks for CAP_SYS_ADMIN before > allowing access to device dependent config space. > > This adds a new qdev configfd property which allows libvirt to open the > sysfs config space file and give qemu an already opened file descriptor. > Along with a change pending for the 2.6.35 kernel, this allows the > capability check to compare against privileges from when the file was > opened. > > Signed-off-by: Chris Wright > --- > hw/device-assignment.c | 12 ++++++++---- > 1 files changed, 8 insertions(+), 4 deletions(-) Acked-by: Alex Williamson