git: 66fc442421f8 - main - vmm: Remove an incorrect credential check in vmmdev_open()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 04 Sep 2024 23:48:25 UTC
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=66fc442421f868b01bee4e299d7e3a4c4df37d21
commit 66fc442421f868b01bee4e299d7e3a4c4df37d21
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-09-04 20:05:33 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-09-04 22:54:25 +0000
vmm: Remove an incorrect credential check in vmmdev_open()
Checking pointer equality here is too strict and can lead to incorrect
errors, as credentials are frequently copied to avoid reference counting
overhead.
The check is new with commit 4008758105a6 and was added with the goal of
allowing non-root users to create VMs in mind. Just remove it for now.
Reported by: Alonso Cárdenas Márquez <acardenas@bsd-peru.org>
Reviewed by: jhb
Fixes: 4008758105a6 ("vmm: Validate credentials when opening a vmmdev")
Differential Revision: https://reviews.freebsd.org/D46535
---
sys/dev/vmm/vmm_dev.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c
index ea2aaace832c..353b58dd8a2c 100644
--- a/sys/dev/vmm/vmm_dev.c
+++ b/sys/dev/vmm/vmm_dev.c
@@ -331,12 +331,6 @@ vmmdev_open(struct cdev *dev, int flags, int fmt, struct thread *td)
sc = vmmdev_lookup2(dev);
KASSERT(sc != NULL, ("%s: device not found", __func__));
- /*
- * A user can only access VMs that they themselves have created.
- */
- if (td->td_ucred != sc->ucred)
- return (EPERM);
-
/*
* A jail without vmm access shouldn't be able to access vmm device
* files at all, but check here just to be thorough.