7 files changed, 77 insertions, 30 deletions
diff --git a/Documentation/lguest/lguest.c b/Documentation/lguest/lguest.c
index dc73bc54cc4e..d9da7e148538 100644
--- a/Documentation/lguest/lguest.c
+++ b/Documentation/lguest/lguest.c
@@ -39,6 +39,9 @@
 #include <limits.h>
 #include <stddef.h>
 #include <signal.h>
+#include <pwd.h>
+#include <grp.h>
 #include <linux/virtio_config.h>
 #include <linux/virtio_net.h>
 #include <linux/virtio_blk.h>
@@ -298,20 +301,27 @@ static void *map_zeroed_pages(unsigned int num)
        /*
         * We use a private mapping (ie. if we write to the page, it will be
-         * copied).
+         * copied). We allocate an extra two pages PROT_NONE to act as guard
+         * pages against read/write attempts that exceed allocated space.
         */
-        addr = mmap(NULL, getpagesize() * num,
+        addr = mmap(NULL, getpagesize() * (num+2),
-                    PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, fd, 0);
+                    PROT_NONE, MAP_PRIVATE, fd, 0);
        if (addr == MAP_FAILED)
                err(1, "Mmapping %u pages of /dev/zero", num);
+        if (mprotect(addr + getpagesize(), getpagesize() * num,
+                     PROT_READ|PROT_WRITE) == -1)
+                err(1, "mprotect rw %u pages failed", num);
        /*
         * One neat mmap feature is that you can close the fd, and it
         * stays mapped.
         */
        close(fd);
-        return addr;
+        /* Return address after PROT_NONE page */
+        return addr + getpagesize();
 }
 /* Get some more pages for a device. */
@@ -343,7 +353,7 @@ static void map_at(int fd, void *addr, unsigned long offset, unsigned long len)
         * done to it.  This allows us to share untouched memory between
         * Guests.
         */
-        if (mmap(addr, len, PROT_READ|PROT_WRITE|PROT_EXEC,
+        if (mmap(addr, len, PROT_READ|PROT_WRITE,
                 MAP_FIXED|MAP_PRIVATE, fd, offset) != MAP_FAILED)
                return;
@@ -573,10 +583,10 @@ static void *_check_pointer(unsigned long addr, unsigned int size,
                            unsigned int line)
 {
        /*
-         * We have to separately check addr and addr+size, because size could
+         * Check if the requested address and size exceeds the allocated memory,
-         * be huge and addr + size might wrap around.
+         * or addr + size wraps around.
         */
-        if (addr >= guest_limit || addr + size >= guest_limit)
+        if ((addr + size) > guest_limit || (addr + size) < addr)
                errx(1, "%s:%i: Invalid address %#lx", __FILE__, line, addr);
        /*
         * We return a pointer for the caller's convenience, now we know it's
@@ -1872,6 +1882,8 @@ static struct option opts[] = {
        { "block", 1, NULL, 'b' },
        { "rng", 0, NULL, 'r' },
        { "initrd", 1, NULL, 'i' },
+        { "username", 1, NULL, 'u' },
+        { "chroot", 1, NULL, 'c' },
        { NULL },
 };
 static void usage(void)
@@ -1894,6 +1906,12 @@ int main(int argc, char *argv[])
        /* If they specify an initrd file to load. */
        const char *initrd_name = NULL;
+        /* Password structure for initgroups/setres[gu]id */
+        struct passwd *user_details = NULL;
+        /* Directory to chroot to */
+        char *chroot_path = NULL;
        /* Save the args: we "reboot" by execing ourselves again. */
        main_args = argv;
@@ -1950,6 +1968,14 @@ int main(int argc, char *argv[])
                case 'i':
                        initrd_name = optarg;
                        break;
+                case 'u':
+                        user_details = getpwnam(optarg);
+                        if (!user_details)
+                                err(1, "getpwnam failed, incorrect username?");
+                        break;
+                case 'c':
+                        chroot_path = optarg;
+                        break;
                default:
                        warnx("Unknown argument %s", argv[optind]);
                        usage();
@@ -2021,6 +2047,37 @@ int main(int argc, char *argv[])
        /* If we exit via err(), this kills all the threads, restores tty. */
        atexit(cleanup_devices);
+        /* If requested, chroot to a directory */
+        if (chroot_path) {
+                if (chroot(chroot_path) != 0)
+                        err(1, "chroot(\"%s\") failed", chroot_path);
+                if (chdir("/") != 0)
+                        err(1, "chdir(\"/\") failed");
+                verbose("chroot done\n");
+        }
+        /* If requested, drop privileges */
+        if (user_details) {
+                uid_t u;
+                gid_t g;
+                u = user_details->pw_uid;
+                g = user_details->pw_gid;
+                if (initgroups(user_details->pw_name, g) != 0)
+                        err(1, "initgroups failed");
+                if (setresgid(g, g, g) != 0)
+                        err(1, "setresgid failed");
+                if (setresuid(u, u, u) != 0)
+                        err(1, "setresuid failed");
+                verbose("Dropping privileges completed\n");
+        }
        /* Finally, run the Guest.  This doesn't return. */
        run_guest();
 }
diff --git a/Documentation/lguest/lguest.txt b/Documentation/lguest/lguest.txt
index 6ccaf8e1a00e..dad99978a6a8 100644
--- a/Documentation/lguest/lguest.txt
+++ b/Documentation/lguest/lguest.txt
@@ -117,6 +117,11 @@ Running Lguest:
    
  for general information on how to get bridging to work.
+- Random number generation. Using the --rng option will provide a
+  /dev/hwrng in the guest that will read from the host's /dev/random.
+  Use this option in conjunction with rng-tools (see ../hw_random.txt)
+  to provide entropy to the guest kernel's /dev/random.
 There is a helpful mailing list at http://ozlabs.org/mailman/listinfo/lguest
 Good luck!
diff --git a/arch/x86/lguest/Kconfig b/arch/x86/lguest/Kconfig
index 38718041efc3..6e121a2a49e1 100644
--- a/arch/x86/lguest/Kconfig
+++ b/arch/x86/lguest/Kconfig
@@ -2,6 +2,7 @@ config LGUEST_GUEST
        bool "Lguest guest support"
        select PARAVIRT
        depends on X86_32
+        select VIRTUALIZATION
        select VIRTIO
        select VIRTIO_RING
        select VIRTIO_CONSOLE
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
index 4996cf5f73a0..eba687f0cc0c 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
@@ -824,7 +824,7 @@ static void __init lguest_init_IRQ(void)
        for (i = FIRST_EXTERNAL_VECTOR; i < NR_VECTORS; i++) {
                /* Some systems map "vectors" to interrupts weirdly.  Not us! */
-                __get_cpu_var(vector_irq)[i] = i - FIRST_EXTERNAL_VECTOR;
+                __this_cpu_write(vector_irq[i], i - FIRST_EXTERNAL_VECTOR);
                if (i != SYSCALL_VECTOR)
                        set_intr_gate(i, interrupt[i - FIRST_EXTERNAL_VECTOR]);
        }
diff --git a/drivers/lguest/page_tables.c b/drivers/lguest/page_tables.c
index 04b22128a474..d21578ee95de 100644
--- a/drivers/lguest/page_tables.c
+++ b/drivers/lguest/page_tables.c
@@ -1137,7 +1137,7 @@ void free_guest_pagetable(struct lguest *lg)
 */
 void map_switcher_in_guest(struct lg_cpu *cpu, struct lguest_pages *pages)
 {
-        pte_t *switcher_pte_page = __get_cpu_var(switcher_pte_pages);
+        pte_t *switcher_pte_page = __this_cpu_read(switcher_pte_pages);
        pte_t regs_pte;
 #ifdef CONFIG_X86_PAE
diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c
index b4eb675a807e..9f1659c3d1f3 100644
--- a/drivers/lguest/x86/core.c
+++ b/drivers/lguest/x86/core.c
@@ -90,8 +90,8 @@ static void copy_in_guest_info(struct lg_cpu *cpu, struct lguest_pages *pages)
         * meanwhile).  If that's not the case, we pretend everything in the
         * Guest has changed.
         */
-        if (__get_cpu_var(lg_last_cpu) != cpu || cpu->last_pages != pages) {
+        if (__this_cpu_read(lg_last_cpu) != cpu || cpu->last_pages != pages) {
-                __get_cpu_var(lg_last_cpu) = cpu;
+                __this_cpu_write(lg_last_cpu, cpu);
                cpu->last_pages = pages;
                cpu->changed = CHANGED_ALL;
        }
diff --git a/drivers/virtio/virtio_pci.c b/drivers/virtio/virtio_pci.c
index ef8d9d558fc7..4fb5b2bf2348 100644
--- a/drivers/virtio/virtio_pci.c
+++ b/drivers/virtio/virtio_pci.c
@@ -96,11 +96,6 @@ static struct pci_device_id virtio_pci_id_table[] = {
 MODULE_DEVICE_TABLE(pci, virtio_pci_id_table);
-/* A PCI device has it's own struct device and so does a virtio device so
- * we create a place for the virtio devices to show up in sysfs.  I think it
- * would make more sense for virtio to not insist on having it's own device. */
-static struct device *virtio_pci_root;
 /* Convert a generic virtio device to our structure */
 static struct virtio_pci_device *to_vp_device(struct virtio_device *vdev)
 {
@@ -629,7 +624,7 @@ static int __devinit virtio_pci_probe(struct pci_dev *pci_dev,
        if (vp_dev == NULL)
                return -ENOMEM;
-        vp_dev->vdev.dev.parent = virtio_pci_root;
+        vp_dev->vdev.dev.parent = &pci_dev->dev;
        vp_dev->vdev.dev.release = virtio_pci_release_dev;
        vp_dev->vdev.config = &virtio_pci_config_ops;
        vp_dev->pci_dev = pci_dev;
@@ -717,17 +712,7 @@ static struct pci_driver virtio_pci_driver = {
 static int __init virtio_pci_init(void)
 {
-        int err;
+        return pci_register_driver(&virtio_pci_driver);
-        virtio_pci_root = root_device_register("virtio-pci");
-        if (IS_ERR(virtio_pci_root))
-                return PTR_ERR(virtio_pci_root);
-        err = pci_register_driver(&virtio_pci_driver);
-        if (err)
-                root_device_unregister(virtio_pci_root);
-        return err;
 }
 module_init(virtio_pci_init);
@@ -735,7 +720,6 @@ module_init(virtio_pci_init);
 static void __exit virtio_pci_exit(void)
 {
        pci_unregister_driver(&virtio_pci_driver);
-        root_device_unregister(virtio_pci_root);
 }
 module_exit(virtio_pci_exit);