Checking pointer equality here is too strict and can lead to incorrect
errors, as credentials are frequently copied to avoid reference counting
overhead.
The check is new with commit 4008758105 and was added with the goal of
allowing non-root users to create VMs in mind. Just remove it for now.
Reported by: Alonso Cárdenas Márquez <acardenas@bsd-peru.org>
Reviewed by: jhb
Fixes: 4008758105 ("vmm: Validate credentials when opening a vmmdev")
Differential Revision: https://reviews.freebsd.org/D46535
This avoids creating windows where a device file is accessible but the
device-specific field is not set.
Now that vmmdev_mtx is a sleepable lock, avoid dropping it while
creating devices files. This makes it easier to handle races and
simplifies some code; for example, the VSC_LINKED flag is no longer
needed.
Suggested by: jhb
Reviewed by: imp, jhb
Differential Revision: https://reviews.freebsd.org/D46488
This will make it easier to atomically create the device file and set
its si_drv1 member.
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D46487
Rather than performing privilege checks after a specific VM's device
file is opened, do it once at the time the device file is opened. This
means that one can continue to access a VM via its device fd after
attaching to a jail which does not have vmm enabled, but this seems like
a reasonable semantic to have anyway.
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D46486
For compat ioctls and structures, we use a mix of suffixes: _old,
_fbsd<version>, _<version>. Standardize on _<version> to make things
more consistent. No functional change intended.
Reported by: jhb
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D46449
Otherwise they are globally visible (in jails with allow.vmm set),
instead of being restricted to the jail to which the VM belongs.
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D46448
vmmdev_lookup() is used from sysctl context to find a VM by name.
There, a reference credential is already passed, so use that instead of
assuming that it's the same as curthread->td_ucred, even though that's
true today. No functional change intended.
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D46447
The sole caller of this function already holds a pointer to the VM's
softc, so rather than passing the VM name and looking it up again, just
pass the softc pointer directly. This function is only called from an
ioctl context, so the softc structure will remain live.
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D46446
This will make it easy to share code with an ioctl handler which creates
VMs. No functional change intended.
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D46445
This will make it easy to share code with an ioctl handler which creates
VMs. No functional change intended.
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D46444
There is no reason to keep them in vmm_dev.h. No functional change
intended.
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D46432
This file contains the vmm device file implementation. Most of this
code is not machine-dependent and so shouldn't be duplicated this way.
Move most of it into a generic dev/vmm/vmm_dev.c. This will make it
easier to introduce a cdev-based interface for VM creation, which in
turn makes it possible to implement support for running bhyve as an
unprivileged user.
Machine-dependent ioctls continue to be handled in machine-dependent
code. To make the split a bit easier to handle, introduce a pair of
tables which define MI and MD ioctls. Each table entry can set flags
which determine which locks need to be held in order to execute the
handler. vmmdev_ioctl() now looks up the ioctl in one of the tables,
acquires locks and either handles the ioctl directly or calls
vmmdev_machdep_ioctl() to handle it.
No functional change intended. There is a lot of churn in this change
but the underlying logic in the ioctl handlers is the same. For now,
vmm_dev.h is still mostly separate, even though some parts could be
merged in principle. This would involve changing include paths for
userspace, though.
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D46431
There is a small difference between the arm64 and amd64 implementations:
the latter makes use of a "scope" to exclude AMD-specific stats on Intel
systems and vice-versa. Replace this with a more generic predicate
callback which can be used for the same purpose.
No functional change intended.
Reviewed by: corvink, jhb
Differential Revision: https://reviews.freebsd.org/D46430
