From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sasha Levin Subject: KVM device assignment and user privileges Date: Sun, 20 Nov 2011 16:58:32 +0200 Message-ID: <1321801112.3231.8.camel@lappy> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: kvm Return-path: Received: from mail-ey0-f174.google.com ([209.85.215.174]:59792 "EHLO mail-ey0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750993Ab1KTPAj (ORCPT ); Sun, 20 Nov 2011 10:00:39 -0500 Received: by mail-ey0-f174.google.com with SMTP id 27so4648267eye.19 for ; Sun, 20 Nov 2011 07:00:39 -0800 (PST) Sender: kvm-owner@vger.kernel.org List-ID: Hi all, I've been working on adding device assignment to KVM tools, and started with the basics of just getting a device assigned using the KVM_ASSIGN_PCI_DEVICE ioctl. What I've figured is that unprivileged users can request any PCI device to be assigned to him, including devices which he shouldn't be touching. In my case, it happened with the VGA card, where an unprivileged user simply called KVM_ASSIGN_PCI_DEVICE with the bus, seg and fn of the VGA card and caused the display on the host to go apeshit. Was it supposed to work this way? I couldn't find any security checks in the code paths of KVM_ASSIGN_PCI_DEVICE and it looks like any user can invoke it with any parameters he'd want - enabling him to kill the host. -- Sasha.