From: VMware, Inc <> Date: Thu, 22 Dec 2011 00:24:22 +0000 (-0800) Subject: Add VMCI RPC channel RIDs and allow messages to them from vSockets. X-Git-Tag: 2011.12.20-562307~36 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=24678cc2be67d84b42ce697381473edd50841c13;p=thirdparty%2Fopen-vm-tools.git Add VMCI RPC channel RIDs and allow messages to them from vSockets. As part of the work to replace backdoor in the libRPC, we need two additional VMCI channels in the VMX. This change adds the resource IDs for those channels. One is privileged, meaning only admin/root guest users can send to it. The other allows messages from any user in the guest. This change does not add handlers for the new channels, those will be added in a future change. This change also modifies vSockets to allow DGRAM sockets to send messages over these new channels (we have explicit checks when sending to the VMX). Signed-off-by: Marcelo Vanzin --- diff --git a/open-vm-tools/lib/include/vmci_defs.h b/open-vm-tools/lib/include/vmci_defs.h index a0e702a09..b641ba227 100644 --- a/open-vm-tools/lib/include/vmci_defs.h +++ b/open-vm-tools/lib/include/vmci_defs.h @@ -122,14 +122,20 @@ typedef uint32 VMCI_Resource; #define VMCI_EVENT_UNSUBSCRIBE 9 #define VMCI_QUEUEPAIR_ALLOC 10 #define VMCI_QUEUEPAIR_DETACH 11 - /* * VMCI_VSOCK_VMX_LOOKUP was assigned to 12 for Fusion 3.0/3.1, * WS 7.0/7.1 and ESX 4.1 */ #define VMCI_HGFS_TRANSPORT 13 #define VMCI_UNITY_PBRPC_REGISTER 14 -#define VMCI_RESOURCE_MAX 15 +/* + * The next two resources are for RPC calls from guest Tools, to replace the + * backdoor calls we used previously. Privileged is for admin/root RPCs, + * unprivileged is for RPCs from any user. + */ +#define VMCI_RPC_PRIVILEGED 15 +#define VMCI_RPC_UNPRIVILEGED 16 +#define VMCI_RESOURCE_MAX 17 /* VMCI Ids. */ typedef uint32 VMCIId; diff --git a/open-vm-tools/modules/linux/shared/vmci_defs.h b/open-vm-tools/modules/linux/shared/vmci_defs.h index 21daa9011..d4f2b6177 100644 --- a/open-vm-tools/modules/linux/shared/vmci_defs.h +++ b/open-vm-tools/modules/linux/shared/vmci_defs.h @@ -122,14 +122,20 @@ typedef uint32 VMCI_Resource; #define VMCI_EVENT_UNSUBSCRIBE 9 #define VMCI_QUEUEPAIR_ALLOC 10 #define VMCI_QUEUEPAIR_DETACH 11 - /* * VMCI_VSOCK_VMX_LOOKUP was assigned to 12 for Fusion 3.0/3.1, * WS 7.0/7.1 and ESX 4.1 */ #define VMCI_HGFS_TRANSPORT 13 #define VMCI_UNITY_PBRPC_REGISTER 14 -#define VMCI_RESOURCE_MAX 15 +/* + * The next two resources are for RPC calls from guest Tools, to replace the + * backdoor calls we used previously. Privileged is for admin/root RPCs, + * unprivileged is for RPCs from any user. + */ +#define VMCI_RPC_PRIVILEGED 15 +#define VMCI_RPC_UNPRIVILEGED 16 +#define VMCI_RESOURCE_MAX 17 /* VMCI Ids. */ typedef uint32 VMCIId; diff --git a/open-vm-tools/modules/linux/vsock/linux/vsockAddr.c b/open-vm-tools/modules/linux/vsock/linux/vsockAddr.c index 6d7e09021..c3c2abd7d 100644 --- a/open-vm-tools/modules/linux/vsock/linux/vsockAddr.c +++ b/open-vm-tools/modules/linux/vsock/linux/vsockAddr.c @@ -448,9 +448,14 @@ VSockAddr_SocketContextDgram(uint32 cid, // IN if (cid == VMCI_HYPERVISOR_CONTEXT_ID) { /* * Registrations of PBRPC Servers do not modify VMX/Hypervisor state and - * are allowed. + * are allowed. We also allow messages on the two RPC channels. + * + * XXX, we should disallow messages to the privileged channel for + * sockets that are not owned by admin/root. See PR 794652. */ - if (rid == VMCI_UNITY_PBRPC_REGISTER) { + if (rid == VMCI_UNITY_PBRPC_REGISTER || + rid == VMCI_RPC_PRIVILEGED || + rid == VMCI_RPC_UNPRIVILEGED) { return TRUE; } else { return FALSE;