From nobody Wed Sep 04 23:48:25 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WzfMF6y4vz5Vvhv; Wed, 04 Sep 2024 23:48:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WzfMF1zrGz4T4L; Wed, 4 Sep 2024 23:48:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725493705; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CtxQQgOfGUOckMkgBRa7flsvI1/hJYByMw7OY4McECo=; b=EQ8XsU9SDK8aLk1l8SZp1DeqRV5r2+6nFUKhivitapXGxK0ppNLXiquMDawJZnZf9m6+y5 /PGlXjVFym0LJetGHTeQ7b5a+2zpa4UwLfcAHQ5gDYoitIkNFoNvmWpsCQz9VmEFKIJBE6 Rt5VeI2bdnwWgyzEuUyzz0QRY4lz+pQxjbbj3RRAWKOrd+ITOc643T+I03TI3Ra1rRW482 XnMdt1pl+mHhVN3fG9cl6UvOV9etHJuAc4t+As6slGAnPY3TsZNhaIEUMWpNVcvdbwEA6q X1c4DNNgHkhWTzD6Bwz75wXOMMpl6niz6fJMtXgZV1SriCFPemT/JOs3gSoIQA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725493705; a=rsa-sha256; cv=none; b=PlsQtp76TcoVeoODqk/1gbHQHCB1na6+t7OSU+D1X8yzH3eEiTHIHB2E7TnQ+99BTqL30v KHcDg+wFh4Z2K2+W8Dm9cGNO3E1iXO90tH26aFLhZACLrxr2tSY+uHAeUPOcJ62UWtCeJy q4FMSFir1K5VtZwCMo6pfR+VVgVSMvgm/8J+1ij0pcI/yuxyjBOO4Y9u+SgqkQyu6O2tLI Gwf9CWFZjgD4RdLclZkgd7PQTXvuJMlxP7ZkBNjP229jlfMJCvw2NtrciJFmp0Aglg6UEy fIBVvWDYvK9a3qqqAl/XPcvGWOZvYLPNcTqzo1ny16tAikWYISC55cQBUVjkHQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725493705; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CtxQQgOfGUOckMkgBRa7flsvI1/hJYByMw7OY4McECo=; b=XeJaKAHQF8MAbHbB2UduPm5a5gjX0wH/F0+PG8aKp50Fv+Xac4kv8M7LnDAExzCouBzPZf HPT12yxPIaYOwVcQRoJb2vXDsvyVxJjSHYYCllHmmRt0h+lzhIWgR6k5h24PU0tZyln8MH GbFKtCkxrD0pSjcjwvvBHmhsJLQJqA89Q2Dw5iTUrnrlpEvYFlTa22zy0Tu3QEGyXLnp2V ETzlwLVn28pw9GFvgkQeq//fUvpogLUnKupkpzxod/EnoXYwa+tsz8N9aUTYKX3RLFZtmW a4OP/sm0//UpIKh+c5tH19s4/MsvYrIxyEu0V/oW7cnn3EdxAX9lGS1Mp2+Lhg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WzfMF1JwXzlff; Wed, 4 Sep 2024 23:48:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 484NmPgC025913; Wed, 4 Sep 2024 23:48:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 484NmPA7025910; Wed, 4 Sep 2024 23:48:25 GMT (envelope-from git) Date: Wed, 4 Sep 2024 23:48:25 GMT Message-Id: <202409042348.484NmPA7025910@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 66fc442421f8 - main - vmm: Remove an incorrect credential check in vmmdev_open() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 66fc442421f868b01bee4e299d7e3a4c4df37d21 Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=66fc442421f868b01bee4e299d7e3a4c4df37d21 commit 66fc442421f868b01bee4e299d7e3a4c4df37d21 Author: Mark Johnston AuthorDate: 2024-09-04 20:05:33 +0000 Commit: Mark Johnston CommitDate: 2024-09-04 22:54:25 +0000 vmm: Remove an incorrect credential check in vmmdev_open() Checking pointer equality here is too strict and can lead to incorrect errors, as credentials are frequently copied to avoid reference counting overhead. The check is new with commit 4008758105a6 and was added with the goal of allowing non-root users to create VMs in mind. Just remove it for now. Reported by: Alonso Cárdenas Márquez Reviewed by: jhb Fixes: 4008758105a6 ("vmm: Validate credentials when opening a vmmdev") Differential Revision: https://reviews.freebsd.org/D46535 --- sys/dev/vmm/vmm_dev.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c index ea2aaace832c..353b58dd8a2c 100644 --- a/sys/dev/vmm/vmm_dev.c +++ b/sys/dev/vmm/vmm_dev.c @@ -331,12 +331,6 @@ vmmdev_open(struct cdev *dev, int flags, int fmt, struct thread *td) sc = vmmdev_lookup2(dev); KASSERT(sc != NULL, ("%s: device not found", __func__)); - /* - * A user can only access VMs that they themselves have created. - */ - if (td->td_ucred != sc->ucred) - return (EPERM); - /* * A jail without vmm access shouldn't be able to access vmm device * files at all, but check here just to be thorough.