Add two patches to fix vfio device permissions (rhbz 967230)

kernel.spec

@@ -804,6 +804,10 @@ Patch25040: tuntap-set-SOCK_ZEROCOPY-flag-during-open.patch
 Patch25041: x86-mtrr-Fix-original-mtrr-range-get-for-mtrr_cleanup.patch
 Patch25042: x86-range-make-add_range-use-blank-slot.patch
 
+#rhbz 967230
+Patch25043: vfio-Set-container-device-mode.patch
+Patch25044: vfio-fix-crash-on-rmmod.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1554,6 +1558,10 @@ ApplyPatch tuntap-set-SOCK_ZEROCOPY-flag-during-open.patch
 ApplyPatch x86-mtrr-Fix-original-mtrr-range-get-for-mtrr_cleanup.patch
 ApplyPatch x86-range-make-add_range-use-blank-slot.patch
 
+#rhbz 967230
+ApplyPatch vfio-Set-container-device-mode.patch
+ApplyPatch vfio-fix-crash-on-rmmod.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2382,6 +2390,7 @@ fi
 
 %changelog
 * Tue Jun 11 2013 Josh Boyer <jwboyer@redhat.com>
+- Add two patches to fix vfio device permissions (rhbz 967230)
 - Add patches to fix MTRR issues in 3.9.5 (rhbz 973185)
 - Add two patches to fix issues with vhost_net and macvlan (rhbz 954181)
 - CVE-2013-2164 information leak in cdrom driver (rhbz 973100 973109)

vfio-Set-container-device-mode.patch

@@ -0,0 +1,41 @@
+From 664e9386bd05dbdfecfb28d6cf2fde983aabc65c Mon Sep 17 00:00:00 2001
+From: Alex Williamson <alex.williamson@redhat.com>
+Date: Tue, 30 Apr 2013 15:42:28 -0600
+Subject: [PATCH] vfio: Set container device mode
+
+Minor 0 is the VFIO container device (/dev/vfio/vfio).  On it's own
+the container does not provide a user with any privileged access.  It
+only supports API version check and extension check ioctls.  Only by
+attaching a VFIO group to the container does it gain any access.  Set
+the mode of the container to allow access.
+
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+---
+ drivers/vfio/vfio.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
+index ac7423b..acb7121 100644
+--- a/drivers/vfio/vfio.c
++++ b/drivers/vfio/vfio.c
+@@ -27,6 +27,7 @@
+ #include <linux/rwsem.h>
+ #include <linux/sched.h>
+ #include <linux/slab.h>
++#include <linux/stat.h>
+ #include <linux/string.h>
+ #include <linux/uaccess.h>
+ #include <linux/vfio.h>
+@@ -1359,6 +1360,9 @@ static const struct file_operations vfio_device_fops = {
+  */
+ static char *vfio_devnode(struct device *dev, umode_t *mode)
+ {
++	if (MINOR(dev->devt) == 0)
++		*mode = S_IRUGO | S_IWUGO;
++
+ 	return kasprintf(GFP_KERNEL, "vfio/%s", dev_name(dev));
+ }
+ 
+-- 
+1.8.1.4
+

vfio-fix-crash-on-rmmod.patch

@@ -0,0 +1,32 @@
+From 9a6aa279d3d17af73a029fa40654e92f4e75e8bb Mon Sep 17 00:00:00 2001
+From: Alexey Kardashevskiy <aik@ozlabs.ru>
+Date: Wed, 5 Jun 2013 08:54:16 -0600
+Subject: [PATCH] vfio: fix crash on rmmod
+
+devtmpfs_delete_node() calls devnode() callback with mode==NULL but
+vfio still tries to write there.
+
+The patch fixes this.
+
+Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+---
+ drivers/vfio/vfio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
+index acb7121..6d78736 100644
+--- a/drivers/vfio/vfio.c
++++ b/drivers/vfio/vfio.c
+@@ -1360,7 +1360,7 @@ static const struct file_operations vfio_device_fops = {
+  */
+ static char *vfio_devnode(struct device *dev, umode_t *mode)
+ {
+-	if (MINOR(dev->devt) == 0)
++	if (mode && (MINOR(dev->devt) == 0))
+ 		*mode = S_IRUGO | S_IWUGO;
+ 
+ 	return kasprintf(GFP_KERNEL, "vfio/%s", dev_name(dev));
+-- 
+1.8.1.4
+