Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-29 17:25:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-3.1.y
linux-stable/virt/kvm
History
Alex Williamson c4e7f9022e KVM: Device assignment permission checks 
(cherry picked from commit 3d27e23b17)

Only allow KVM device assignment to attach to devices which:

 - Are not bridges
 - Have BAR resources (assume others are special devices)
 - The user has permissions to use

Assigning a bridge is a configuration error, it's not supported, and
typically doesn't result in the behavior the user is expecting anyway.
Devices without BAR resources are typically chipset components that
also don't have host drivers.  We don't want users to hold such devices
captive or cause system problems by fencing them off into an iommu
domain.  We determine "permission to use" by testing whether the user
has access to the PCI sysfs resource files.  By default a normal user
will not have access to these files, so it provides a good indication
that an administration agent has granted the user access to the device.

[Yang Bai: add missing #include]
[avi: fix comment style]

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Yang Bai <hamo.by@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2012-01-18 07:31:54 -08:00
..
assigned-dev.c KVM: Device assignment permission checks 2012-01-18 07:31:54 -08:00
async_pf.c KVM: fix the race while wakeup all pv guest 2011-01-12 11:29:03 +02:00
async_pf.h KVM: Halt vcpu if page it tries to access is swapped out 2011-01-12 11:21:39 +02:00
coalesced_mmio.c KVM: Update Red Hat copyrights 2010-08-01 10:35:51 +03:00
coalesced_mmio.h KVM: Simplify coalesced mmio initialization 2010-03-01 12:35:41 -03:00
eventfd.c Merge branch 'kvm-updates/2.6.39' of git://git.kernel.org/pub/scm/virt/kvm/kvm 2011-04-07 11:33:04 -07:00
ioapic.c KVM: ioapic: Fix an error field reference 2011-05-22 08:39:27 -04:00
ioapic.h KVM: convert ioapic lock to spinlock 2010-05-13 01:23:55 -03:00
iodev.h KVM: remove in_range from io devices 2009-09-10 08:33:05 +03:00
iommu.c KVM: IOMMU: Disable device assignment without interrupt remapping 2011-07-24 11:50:42 +03:00
irq_comm.c KVM: fast-path msi injection with irqfd 2011-01-12 11:29:38 +02:00
Kconfig KVM: Halt vcpu if page it tries to access is swapped out 2011-01-12 11:21:39 +02:00
kvm_main.c KVM: MMU: mmio page fault support 2011-07-24 11:50:40 +03:00