OS-6682 bhyve zones can destroy any VM

Reviewed by: Patrick Mooney <patrick.mooney@joyent.com> Reviewed by: Mike Gerdts <mike.gerdts@joyent.com> Approved by: Patrick Mooney <patrick.mooney@joyent.com>
author: Jerry Jelinek <jerry.jelinek@joyent.com> 2018-03-13 11:53:02 +0000
committer: Jerry Jelinek <jerry.jelinek@joyent.com> 2018-03-13 11:53:43 +0000
commit: b13e485c93c36fd37d5470756bc0f7d7bd44d018 (patch)
tree: b436e450033b5b4f889a18eb54cb659d4061b8c9
parent: b4d3cc05ba69320101da4e02e8d10f11063f2ff7 (diff)
download: illumos-joyent-b13e485c93c36fd37d5470756bc0f7d7bd44d018.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/usr/src/uts/i86pc/io/vmm/vmm_sol_dev.c b/usr/src/uts/i86pc/io/vmm/vmm_sol_dev.c
index 977987589f..602889b779 100644
--- a/usr/src/uts/i86pc/io/vmm/vmm_sol_dev.c
+++ b/usr/src/uts/i86pc/io/vmm/vmm_sol_dev.c
@@ -1611,6 +1611,9 @@ vmmdev_do_vm_destroy(const char *name, cred_t *cr)
 	vmm_softc_t	*sc;
 	int		err;
 
+	if (crgetuid(cr) != 0)
+		return (EPERM);
+
 	mutex_enter(&vmmdev_mtx);
 	mutex_enter(&vmm_mtx);
 
@@ -1619,6 +1622,15 @@ vmmdev_do_vm_destroy(const char *name, cred_t *cr)
 		mutex_exit(&vmmdev_mtx);
 		return (ENOENT);
 	}
+	/*
+	 * We don't check this in vmm_lookup() since that function is also used
+	 * for validation during create and currently vmm names must be unique.
+	 */
+	if (!INGLOBALZONE(curproc) && sc->vmm_zone != curzone) {
+		mutex_exit(&vmm_mtx);
+		mutex_exit(&vmmdev_mtx);
+		return (EPERM);
+	}
 	err = vmm_do_vm_destroy_locked(sc, B_TRUE);
 
 	mutex_exit(&vmm_mtx);
author	Jerry Jelinek <jerry.jelinek@joyent.com>	2018-03-13 11:53:02 +0000
committer	Jerry Jelinek <jerry.jelinek@joyent.com>	2018-03-13 11:53:43 +0000
commit	b13e485c93c36fd37d5470756bc0f7d7bd44d018 (patch)
tree	b436e450033b5b4f889a18eb54cb659d4061b8c9
parent	b4d3cc05ba69320101da4e02e8d10f11063f2ff7 (diff)
download	illumos-joyent-b13e485c93c36fd37d5470756bc0f7d7bd44d018.tar.gz