From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: KVM device assignment and user privileges
Date: Sun, 20 Nov 2011 17:15:36 +0200
Message-ID: <4EC91998.7030704@redhat.com>
References: <1321801112.3231.8.camel@lappy>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: kvm <kvm@vger.kernel.org>,
	Alex Williamson <Alex.Williamson@redhat.com>,
	Chris Wright <chrisw@redhat.com>
To: Sasha Levin <levinsasha928@gmail.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:17077 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751678Ab1KTPPk (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sun, 20 Nov 2011 10:15:40 -0500
In-Reply-To: <1321801112.3231.8.camel@lappy>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 11/20/2011 04:58 PM, Sasha Levin wrote:
> Hi all,
>
> I've been working on adding device assignment to KVM tools, and started
> with the basics of just getting a device assigned using the
> KVM_ASSIGN_PCI_DEVICE ioctl.
>
> What I've figured is that unprivileged users can request any PCI device
> to be assigned to him, including devices which he shouldn't be touching.
>
> In my case, it happened with the VGA card, where an unprivileged user
> simply called KVM_ASSIGN_PCI_DEVICE with the bus, seg and fn of the VGA
> card and caused the display on the host to go apeshit.
>
> Was it supposed to work this way? 

No, of course not.

> I couldn't find any security checks in
> the code paths of KVM_ASSIGN_PCI_DEVICE and it looks like any user can
> invoke it with any parameters he'd want - enabling him to kill the host.

Alex, Chris?



-- 
error compiling committee.c: too many arguments to function