Re: [PATCH 2/2] pci: allow sysfs file owner to read devicedependent config space

[Greg KH]

On Wed, May 12, 2010 at 06:29:57PM -0700, Chris Wright wrote:
> The PCI config space bin_attr read handler has a hardcoded CAP_SYS_ADMIN
> check to verify privileges before allowing a user to read device
> dependent config space.  This is meant to protect from an unprivileged
> user potentially locking up the box.
> 
> When assigning a PCI device directly to a guest with libvirt and KVM,
> the sysfs config space file is chown'd to the unprivileged user that
> the KVM guest will run as.  The guest needs to have full access to the
> device's config space since it's responsible for driving the device.
> However, despite being the owner of the sysfs file, the CAP_SYS_ADMIN
> check will not allow read access beyond the config header.
> 
> With this patch the sysfs file owner is also considered privileged enough
> to read all of the config space.
> 
> Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
> ---
>  drivers/pci/pci-sysfs.c |    4 +++-

Jesse, any objection to this going through my tree as it will depend on
the sysfs change?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/