On Wed, May 12, 2010 at 06:29:57PM -0700, Chris Wright wrote: > The PCI config space bin_attr read handler has a hardcoded CAP_SYS_ADMIN > check to verify privileges before allowing a user to read device > dependent config space. This is meant to protect from an unprivileged > user potentially locking up the box. > > When assigning a PCI device directly to a guest with libvirt and KVM, > the sysfs config space file is chown'd to the unprivileged user that > the KVM guest will run as. The guest needs to have full access to the > device's config space since it's responsible for driving the device. > However, despite being the owner of the sysfs file, the CAP_SYS_ADMIN > check will not allow read access beyond the config header. > > With this patch the sysfs file owner is also considered privileged enough > to read all of the config space. > > Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx> > --- > drivers/pci/pci-sysfs.c | 4 +++- Jesse, any objection to this going through my tree as it will depend on the sysfs change? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
