Blame SOURCES/kvm-vfio-nvlink-Remove-exec-permission-to-avoid-SELinux-.patch

902636
From f01098bb86c12f485895f38f7a24170ec84b60b6 Mon Sep 17 00:00:00 2001
902636
From: Greg Kurz <gkurz@redhat.com>
902636
Date: Mon, 8 Jun 2020 16:25:21 -0400
902636
Subject: [PATCH 42/42] vfio/nvlink: Remove exec permission to avoid SELinux
902636
 AVCs
902636
MIME-Version: 1.0
902636
Content-Type: text/plain; charset=UTF-8
902636
Content-Transfer-Encoding: 8bit
902636
902636
RH-Author: Greg Kurz <gkurz@redhat.com>
902636
Message-id: <20200608162521.382858-2-gkurz@redhat.com>
902636
Patchwork-id: 97459
902636
O-Subject: [RHEL-8.3.0 qemu-kvm PATCH 1/1] vfio/nvlink: Remove exec permission to avoid SELinux AVCs
902636
Bugzilla: 1823275
902636
RH-Acked-by: David Gibson <dgibson@redhat.com>
902636
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
902636
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
902636
902636
From: Leonardo Bras <leobras.c@gmail.com>
902636
902636
If SELinux is setup without 'execmem' permission for qemu, all mmap
902636
with (PROT_WRITE | PROT_EXEC) will fail and print a warning in
902636
SELinux log.
902636
902636
If "nvlink2-mr" memory allocation fails (fist diff), it will cause
902636
guest NUMA nodes to not be correctly configured (V100 memory will
902636
not be visible for guest, nor its NUMA nodes).
902636
902636
Not having 'execmem' permission is intesting for virtual machines to
902636
avoid buffer-overflow based attacks, and it's adopted in distros
902636
like RHEL.
902636
902636
So, removing the PROT_EXEC flag seems the right thing to do.
902636
902636
Browsing some other code that mmaps memory for usage with
902636
memory_region_init_ram_device_ptr, I could notice it's usual to
902636
not have PROT_EXEC (only PROT_READ | PROT_WRITE), so it should be
902636
no problem around this.
902636
902636
Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
902636
Message-Id: <20200501055448.286518-1-leobras.c@gmail.com>
902636
Acked-by: Alex Williamson <alex.williamson@redhat.com>
902636
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
902636
(cherry picked from commit 9c7c0407028355ca83349b8a60fddfad46f2ebd8)
902636
Signed-off-by: Greg Kurz <groug@kaod.org>
902636
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
902636
---
902636
 hw/vfio/pci-quirks.c | 4 ++--
902636
 1 file changed, 2 insertions(+), 2 deletions(-)
902636
902636
diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
902636
index 4505ffe48a..1c5fe014cf 100644
902636
--- a/hw/vfio/pci-quirks.c
902636
+++ b/hw/vfio/pci-quirks.c
902636
@@ -2237,7 +2237,7 @@ int vfio_pci_nvidia_v100_ram_init(VFIOPCIDevice *vdev, Error **errp)
902636
     }
902636
     cap = (void *) hdr;
902636
 
902636
-    p = mmap(NULL, nv2reg->size, PROT_READ | PROT_WRITE | PROT_EXEC,
902636
+    p = mmap(NULL, nv2reg->size, PROT_READ | PROT_WRITE,
902636
              MAP_SHARED, vdev->vbasedev.fd, nv2reg->offset);
902636
     if (p == MAP_FAILED) {
902636
         ret = -errno;
902636
@@ -2297,7 +2297,7 @@ int vfio_pci_nvlink2_init(VFIOPCIDevice *vdev, Error **errp)
902636
 
902636
     /* Some NVLink bridges may not have assigned ATSD */
902636
     if (atsdreg->size) {
902636
-        p = mmap(NULL, atsdreg->size, PROT_READ | PROT_WRITE | PROT_EXEC,
902636
+        p = mmap(NULL, atsdreg->size, PROT_READ | PROT_WRITE,
902636
                  MAP_SHARED, vdev->vbasedev.fd, atsdreg->offset);
902636
         if (p == MAP_FAILED) {
902636
             ret = -errno;
902636
-- 
902636
2.27.0
902636