Page MenuHomeFreeBSD

libvmmapi: Provide an interface for limiting rights on the device fd
ClosedPublic

Authored by markj on Oct 23 2022, 6:45 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 25, 8:40 PM
Unknown Object (File)
Nov 10 2024, 5:28 AM
Unknown Object (File)
Nov 10 2024, 3:10 AM
Unknown Object (File)
Oct 28 2024, 10:25 AM
Unknown Object (File)
Oct 28 2024, 10:25 AM
Unknown Object (File)
Oct 28 2024, 10:25 AM
Unknown Object (File)
Oct 28 2024, 10:05 AM
Unknown Object (File)
Sep 30 2024, 2:29 AM

Details

Summary

Currently libvmmapi provides a way to get a list of the allowed ioctls
on the vmm device file, so that bhyve can limit rights on the device
file fd. The interface is rather strange: it allocates a copy of the
list but returns a const pointer, so the caller has to cast away the
const in order to free it without aggravating the compiler.

As far as I can see, there's no reason to make a copy of the array, but
changing vm_get_ioctls() to not do that would break compatibility. So
this change just introduces a better interface: move all rights-limiting
logic into libvmmapi. bhyve will be changed to use the new
vm_limit_rights() in a follow-up revision.

Any new operations on the fd should be wrapped by libvmmapi, so also
discourage use of vm_get_device_fd(). Currently bhyve uses it only when
limiting rights on the device fd.

No functional change intended.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Oct 23 2022, 6:45 PM
jhb added a subscriber: jhb.
jhb added inline comments.
lib/libvmmapi/vmmapi.h
198

I would move this section to the bottom of the file perhaps? I'm not sure if there are any other functions that are also deprecated at this point.

This revision is now accepted and ready to land.Oct 24 2022, 7:32 PM
lib/libvmmapi/vmmapi.h
198

Good point, I'll do that.