|
 |
902636 |
From f01098bb86c12f485895f38f7a24170ec84b60b6 Mon Sep 17 00:00:00 2001
|
|
|
902636 |
From: Greg Kurz <gkurz@redhat.com>
|
|
|
902636 |
Date: Mon, 8 Jun 2020 16:25:21 -0400
|
|
|
902636 |
Subject: [PATCH 42/42] vfio/nvlink: Remove exec permission to avoid SELinux
|
|
|
902636 |
AVCs
|
|
|
902636 |
MIME-Version: 1.0
|
|
|
902636 |
Content-Type: text/plain; charset=UTF-8
|
|
|
902636 |
Content-Transfer-Encoding: 8bit
|
|
|
902636 |
|
|
|
902636 |
RH-Author: Greg Kurz <gkurz@redhat.com>
|
|
|
902636 |
Message-id: <20200608162521.382858-2-gkurz@redhat.com>
|
|
|
902636 |
Patchwork-id: 97459
|
|
|
902636 |
O-Subject: [RHEL-8.3.0 qemu-kvm PATCH 1/1] vfio/nvlink: Remove exec permission to avoid SELinux AVCs
|
|
|
902636 |
Bugzilla: 1823275
|
|
|
902636 |
RH-Acked-by: David Gibson <dgibson@redhat.com>
|
|
|
902636 |
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
|
|
902636 |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
902636 |
|
|
|
902636 |
From: Leonardo Bras <leobras.c@gmail.com>
|
|
|
902636 |
|
|
|
902636 |
If SELinux is setup without 'execmem' permission for qemu, all mmap
|
|
|
902636 |
with (PROT_WRITE | PROT_EXEC) will fail and print a warning in
|
|
|
902636 |
SELinux log.
|
|
|
902636 |
|
|
|
902636 |
If "nvlink2-mr" memory allocation fails (fist diff), it will cause
|
|
|
902636 |
guest NUMA nodes to not be correctly configured (V100 memory will
|
|
|
902636 |
not be visible for guest, nor its NUMA nodes).
|
|
|
902636 |
|
|
|
902636 |
Not having 'execmem' permission is intesting for virtual machines to
|
|
|
902636 |
avoid buffer-overflow based attacks, and it's adopted in distros
|
|
|
902636 |
like RHEL.
|
|
|
902636 |
|
|
|
902636 |
So, removing the PROT_EXEC flag seems the right thing to do.
|
|
|
902636 |
|
|
|
902636 |
Browsing some other code that mmaps memory for usage with
|
|
|
902636 |
memory_region_init_ram_device_ptr, I could notice it's usual to
|
|
|
902636 |
not have PROT_EXEC (only PROT_READ | PROT_WRITE), so it should be
|
|
|
902636 |
no problem around this.
|
|
|
902636 |
|
|
|
902636 |
Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
|
|
|
902636 |
Message-Id: <20200501055448.286518-1-leobras.c@gmail.com>
|
|
|
902636 |
Acked-by: Alex Williamson <alex.williamson@redhat.com>
|
|
|
902636 |
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
|
|
902636 |
(cherry picked from commit 9c7c0407028355ca83349b8a60fddfad46f2ebd8)
|
|
|
902636 |
Signed-off-by: Greg Kurz <groug@kaod.org>
|
|
|
902636 |
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
|
902636 |
---
|
|
|
902636 |
hw/vfio/pci-quirks.c | 4 ++--
|
|
|
902636 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
902636 |
|
|
|
902636 |
diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
|
|
|
902636 |
index 4505ffe48a..1c5fe014cf 100644
|
|
|
902636 |
--- a/hw/vfio/pci-quirks.c
|
|
|
902636 |
+++ b/hw/vfio/pci-quirks.c
|
|
|
902636 |
@@ -2237,7 +2237,7 @@ int vfio_pci_nvidia_v100_ram_init(VFIOPCIDevice *vdev, Error **errp)
|
|
|
902636 |
}
|
|
|
902636 |
cap = (void *) hdr;
|
|
|
902636 |
|
|
|
902636 |
- p = mmap(NULL, nv2reg->size, PROT_READ | PROT_WRITE | PROT_EXEC,
|
|
|
902636 |
+ p = mmap(NULL, nv2reg->size, PROT_READ | PROT_WRITE,
|
|
|
902636 |
MAP_SHARED, vdev->vbasedev.fd, nv2reg->offset);
|
|
|
902636 |
if (p == MAP_FAILED) {
|
|
|
902636 |
ret = -errno;
|
|
|
902636 |
@@ -2297,7 +2297,7 @@ int vfio_pci_nvlink2_init(VFIOPCIDevice *vdev, Error **errp)
|
|
|
902636 |
|
|
|
902636 |
/* Some NVLink bridges may not have assigned ATSD */
|
|
|
902636 |
if (atsdreg->size) {
|
|
|
902636 |
- p = mmap(NULL, atsdreg->size, PROT_READ | PROT_WRITE | PROT_EXEC,
|
|
|
902636 |
+ p = mmap(NULL, atsdreg->size, PROT_READ | PROT_WRITE,
|
|
|
902636 |
MAP_SHARED, vdev->vbasedev.fd, atsdreg->offset);
|
|
|
902636 |
if (p == MAP_FAILED) {
|
|
|
902636 |
ret = -errno;
|
|
|
902636 |
--
|
|
|
902636 |
2.27.0
|
|
|
902636 |
|