commit ddba91801aeb5c160b660caed1800eb3aef403f8 upstream.
KVM's API requires thats ioctls must be issued from the same process
that created the VM. In other words, userspace can play games with a
VM's file descriptors, e.g. fork(), SCM_RIGHTS, etc..., but only the
creator can do anything useful. Explicitly reject device ioctls that
are issued by a process other than the VM's creator, and update KVM's
API documentation to extend its requirements to device ioctls.
Fixes: 852b6d57 ("kvm: add device control API")
Signed-off-by: Sean Christopherson <firstname.lastname@example.org>
Signed-off-by: Paolo Bonzini <email@example.com>
Signed-off-by: Greg Kroah-Hartman <firstname.lastname@example.org>