upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-04 22:32:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

vmm: Remove an incorrect credential check in vmmdev_open()

Browse source 
Checking pointer equality here is too strict and can lead to incorrect
errors, as credentials are frequently copied to avoid reference counting
overhead.

The check is new with commit 4008758105 and was added with the goal of
allowing non-root users to create VMs in mind.  Just remove it for now.

Reported by:	Alonso Cárdenas Márquez <acardenas@bsd-peru.org>
Reviewed by:	jhb
Fixes:		4008758105 ("vmm: Validate credentials when opening a vmmdev")
Differential Revision:	https://reviews.freebsd.org/D46535
This commit is contained in:
Mark Johnston 2024-09-04 20:05:33 +00:00
parent e28ee29d2d
commit 66fc442421
1 changed files with 0 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sys/dev/vmm/vmm_dev.c
View file

@ -331,12 +331,6 @@ vmmdev_open(struct cdev *dev, int flags, int fmt, struct thread *td)
sc = vmmdev_lookup2(dev);
KASSERT(sc != NULL, ("%s: device not found", __func__));
/*
* A user can only access VMs that they themselves have created.
*/
if (td->td_ucred != sc->ucred)
return (EPERM);
/*
* A jail without vmm access shouldn't be able to access vmm device
* files at all, but check here just to be thorough.