From patchwork Tue Jan 4 18:07:30 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Williamson X-Patchwork-Id: 451331 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p04I7YSb016743 for ; Tue, 4 Jan 2011 18:07:34 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751192Ab1ADSHb (ORCPT ); Tue, 4 Jan 2011 13:07:31 -0500 Received: from mx1.redhat.com ([209.132.183.28]:13594 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751317Ab1ADSHb (ORCPT ); Tue, 4 Jan 2011 13:07:31 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id p04I7VN0015447 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 4 Jan 2011 13:07:31 -0500 Received: from s20.home (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p04I7Uv7010515; Tue, 4 Jan 2011 13:07:30 -0500 From: Alex Williamson Subject: [PATCH] device-assignment: chmod the rom file before opening read/write To: kvm@vger.kernel.org Cc: alex.williamson@redhat.com, chrisw@redhat.com Date: Tue, 04 Jan 2011 11:07:30 -0700 Message-ID: <20110104180649.23471.81148.stgit@s20.home> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]); Tue, 04 Jan 2011 18:07:34 +0000 (UTC) diff --git a/hw/device-assignment.c b/hw/device-assignment.c index 8446cd4..da0a4d7 100644 --- a/hw/device-assignment.c +++ b/hw/device-assignment.c @@ -1866,16 +1866,18 @@ static void assigned_dev_load_option_rom(AssignedDevice *dev) return; } - if (access(rom_file, F_OK)) { - fprintf(stderr, "pci-assign: Insufficient privileges for %s\n", - rom_file); + /* The ROM file is typically mode 0400, ensure that it's at least 0600 + * for the following fopen to succeed when qemu is de-privileged. */ + if (chmod(rom_file, (st.st_mode & ALLPERMS) | S_IRUSR | S_IWUSR)) { + fprintf(stderr, "pci-assign: Insufficient privileges for %s (%s)\n", + rom_file, strerror(errno)); return; } /* Write "1" to the ROM file to enable it */ fp = fopen(rom_file, "r+"); if (fp == NULL) { - return; + goto restore_rom; } val = 1; if (fwrite(&val, 1, 1, fp) != 1) { @@ -1895,17 +1897,20 @@ static void assigned_dev_load_option_rom(AssignedDevice *dev) "or load from file with romfile=\n", rom_file); qemu_ram_free(dev->dev.rom_offset); dev->dev.rom_offset = 0; - goto close_rom; + goto disable_rom; } pci_register_bar(&dev->dev, PCI_ROM_SLOT, st.st_size, 0, pci_map_option_rom); -close_rom: +disable_rom: /* Write "0" to disable ROM */ fseek(fp, 0, SEEK_SET); val = 0; if (!fwrite(&val, 1, 1, fp)) { DEBUG("%s\n", "Failed to disable pci-sysfs rom file"); } +close_rom: fclose(fp); +restore_rom: + chmod(rom_file, st.st_mode & ALLPERMS); }