From owner-svn-src-stable-11@freebsd.org Sun Jun 11 02:04:41 2017 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 79375BFB877; Sun, 11 Jun 2017 02:04:41 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 52AA46EFC5; Sun, 11 Jun 2017 02:04:41 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v5B24e1h000895; Sun, 11 Jun 2017 02:04:40 GMT (envelope-from allanjude@FreeBSD.org) Received: (from allanjude@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v5B24dmk000888; Sun, 11 Jun 2017 02:04:39 GMT (envelope-from allanjude@FreeBSD.org) Message-Id: <201706110204.v5B24dmk000888@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: allanjude set sender to allanjude@FreeBSD.org using -f From: Allan Jude Date: Sun, 11 Jun 2017 02:04:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r319819 - in stable/11: lib/libc/sys share/man/man4 sys/compat/freebsd32 sys/kern X-SVN-Group: stable-11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jun 2017 02:04:41 -0000 Author: allanjude Date: Sun Jun 11 02:04:39 2017 New Revision: 319819 URL: https://svnweb.freebsd.org/changeset/base/319819 Log: MFC r318765: Allow cpuset_{get,set}affinity in capabilities mode Approved by: re (marius) Modified: stable/11/lib/libc/sys/cpuset_getaffinity.2 stable/11/share/man/man4/capsicum.4 stable/11/sys/compat/freebsd32/capabilities.conf stable/11/sys/compat/freebsd32/freebsd32_sysent.c stable/11/sys/kern/capabilities.conf stable/11/sys/kern/init_sysent.c stable/11/sys/kern/kern_cpuset.c Directory Properties: stable/11/ (props changed) Modified: stable/11/lib/libc/sys/cpuset_getaffinity.2 ============================================================================== --- stable/11/lib/libc/sys/cpuset_getaffinity.2 Sun Jun 11 00:44:19 2017 (r319818) +++ stable/11/lib/libc/sys/cpuset_getaffinity.2 Sun Jun 11 02:04:39 2017 (r319819) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 2, 2016 +.Dd May 23, 2017 .Dt CPUSET_GETAFFINITY 2 .Os .Sh NAME @@ -148,8 +148,14 @@ was either preposterously large or smaller than the ke .It Bq Er EPERM The calling process did not have the credentials required to complete the operation. +.It Bq Er ECAPMODE +The calling process attempted to act on a process other than itself, while +in capability mode. +See +.Xr capsicum 4 . .El .Sh SEE ALSO +.Xr capsicum 4 , .Xr cpuset 1 , .Xr cpuset 2 , .Xr cpuset_getid 2 , Modified: stable/11/share/man/man4/capsicum.4 ============================================================================== --- stable/11/share/man/man4/capsicum.4 Sun Jun 11 00:44:19 2017 (r319818) +++ stable/11/share/man/man4/capsicum.4 Sun Jun 11 02:04:39 2017 (r319819) @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 5, 2016 +.Dd May 18, 2017 .Dt CAPSICUM 4 .Os .Sh NAME @@ -87,6 +87,16 @@ greater detail in An extension to the POSIX shared memory API to support anonymous swap objects associated with file descriptors; described in greater detail in .Xr shm_open 2 . +.El +.Pp +In some cases, +.Nm +limits the valid values of some parameters to traditional APIs in order to +restrict access to global namespaces: +.Bl -tag -width indent +.It process IDs +Processes can only act upon their own process ID with syscalls such as +.Xr cpuset_setaffinity 2 . .El .Sh SEE ALSO .Xr cap_enter 2 , Modified: stable/11/sys/compat/freebsd32/capabilities.conf ============================================================================== --- stable/11/sys/compat/freebsd32/capabilities.conf Sun Jun 11 00:44:19 2017 (r319818) +++ stable/11/sys/compat/freebsd32/capabilities.conf Sun Jun 11 02:04:39 2017 (r319819) @@ -76,9 +76,9 @@ close closefrom connectat #cpuset -#freebsd32_cpuset_getaffinity +freebsd32_cpuset_getaffinity #freebsd32_cpuset_getid -#freebsd32_cpuset_setaffinity +freebsd32_cpuset_setaffinity #freebsd32_cpuset_setid dup dup2 Modified: stable/11/sys/compat/freebsd32/freebsd32_sysent.c ============================================================================== --- stable/11/sys/compat/freebsd32/freebsd32_sysent.c Sun Jun 11 00:44:19 2017 (r319818) +++ stable/11/sys/compat/freebsd32/freebsd32_sysent.c Sun Jun 11 02:04:39 2017 (r319819) @@ -552,8 +552,8 @@ struct sysent freebsd32_sysent[] = { { AS(freebsd32_cpuset_setid_args), (sy_call_t *)freebsd32_cpuset_setid, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 485 = freebsd32_cpuset_setid */ #endif { AS(freebsd32_cpuset_getid_args), (sy_call_t *)freebsd32_cpuset_getid, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 486 = freebsd32_cpuset_getid */ - { AS(freebsd32_cpuset_getaffinity_args), (sy_call_t *)freebsd32_cpuset_getaffinity, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 487 = freebsd32_cpuset_getaffinity */ - { AS(freebsd32_cpuset_setaffinity_args), (sy_call_t *)freebsd32_cpuset_setaffinity, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 488 = freebsd32_cpuset_setaffinity */ + { AS(freebsd32_cpuset_getaffinity_args), (sy_call_t *)freebsd32_cpuset_getaffinity, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 487 = freebsd32_cpuset_getaffinity */ + { AS(freebsd32_cpuset_setaffinity_args), (sy_call_t *)freebsd32_cpuset_setaffinity, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 488 = freebsd32_cpuset_setaffinity */ { AS(faccessat_args), (sy_call_t *)sys_faccessat, AUE_FACCESSAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 489 = faccessat */ { AS(fchmodat_args), (sy_call_t *)sys_fchmodat, AUE_FCHMODAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 490 = fchmodat */ { AS(fchownat_args), (sy_call_t *)sys_fchownat, AUE_FCHOWNAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 491 = fchownat */ Modified: stable/11/sys/kern/capabilities.conf ============================================================================== --- stable/11/sys/kern/capabilities.conf Sun Jun 11 00:44:19 2017 (r319818) +++ stable/11/sys/kern/capabilities.conf Sun Jun 11 02:04:39 2017 (r319819) @@ -133,13 +133,12 @@ closefrom connectat ## -## cpuset(2) and related calls require scoping by process, but should -## eventually be allowed, at least in the current process case. +## cpuset(2) and related calls are limited to caller's own process/thread. ## #cpuset -#cpuset_getaffinity +cpuset_getaffinity #cpuset_getid -#cpuset_setaffinity +cpuset_setaffinity #cpuset_setid ## Modified: stable/11/sys/kern/init_sysent.c ============================================================================== --- stable/11/sys/kern/init_sysent.c Sun Jun 11 00:44:19 2017 (r319818) +++ stable/11/sys/kern/init_sysent.c Sun Jun 11 02:04:39 2017 (r319819) @@ -532,8 +532,8 @@ struct sysent sysent[] = { { AS(cpuset_args), (sy_call_t *)sys_cpuset, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 484 = cpuset */ { AS(cpuset_setid_args), (sy_call_t *)sys_cpuset_setid, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 485 = cpuset_setid */ { AS(cpuset_getid_args), (sy_call_t *)sys_cpuset_getid, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 486 = cpuset_getid */ - { AS(cpuset_getaffinity_args), (sy_call_t *)sys_cpuset_getaffinity, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 487 = cpuset_getaffinity */ - { AS(cpuset_setaffinity_args), (sy_call_t *)sys_cpuset_setaffinity, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 488 = cpuset_setaffinity */ + { AS(cpuset_getaffinity_args), (sy_call_t *)sys_cpuset_getaffinity, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 487 = cpuset_getaffinity */ + { AS(cpuset_setaffinity_args), (sy_call_t *)sys_cpuset_setaffinity, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 488 = cpuset_setaffinity */ { AS(faccessat_args), (sy_call_t *)sys_faccessat, AUE_FACCESSAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 489 = faccessat */ { AS(fchmodat_args), (sy_call_t *)sys_fchmodat, AUE_FCHMODAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 490 = fchmodat */ { AS(fchownat_args), (sy_call_t *)sys_fchownat, AUE_FCHOWNAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 491 = fchownat */ Modified: stable/11/sys/kern/kern_cpuset.c ============================================================================== --- stable/11/sys/kern/kern_cpuset.c Sun Jun 11 00:44:19 2017 (r319818) +++ stable/11/sys/kern/kern_cpuset.c Sun Jun 11 02:04:39 2017 (r319819) @@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -523,6 +524,7 @@ cpuset_setproc(pid_t pid, struct cpuset *set, cpuset_t int threads; int nfree; int error; + /* * The algorithm requires two passes due to locking considerations. * @@ -1097,6 +1099,15 @@ kern_cpuset_getaffinity(struct thread *td, cpulevel_t if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY) return (ERANGE); + /* In Capability mode, you can only get your own CPU set. */ + if (IN_CAPABILITY_MODE(td)) { + if (level != CPU_LEVEL_WHICH) + return (ECAPMODE); + if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) + return (ECAPMODE); + if (id != -1) + return (ECAPMODE); + } size = cpusetsize; mask = malloc(size, M_TEMP, M_WAITOK | M_ZERO); error = cpuset_which(which, id, &p, &ttd, &set); @@ -1201,6 +1212,15 @@ kern_cpuset_setaffinity(struct thread *td, cpulevel_t if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY) return (ERANGE); + /* In Capability mode, you can only set your own CPU set. */ + if (IN_CAPABILITY_MODE(td)) { + if (level != CPU_LEVEL_WHICH) + return (ECAPMODE); + if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) + return (ECAPMODE); + if (id != -1) + return (ECAPMODE); + } mask = malloc(cpusetsize, M_TEMP, M_WAITOK | M_ZERO); error = copyin(maskp, mask, cpusetsize); if (error)