From owner-svn-src-head@freebsd.org Thu Sep 22 14:56:23 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3705BE5D1A; Thu, 22 Sep 2016 14:56:23 +0000 (UTC) (envelope-from rb743@hermes.cam.ac.uk) Received: from ppsw-30.csi.cam.ac.uk (ppsw-30.csi.cam.ac.uk [131.111.8.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AA743776; Thu, 22 Sep 2016 14:56:23 +0000 (UTC) (envelope-from rb743@hermes.cam.ac.uk) X-Cam-AntiVirus: no malware found X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/ Received: from sc1.bsdpad.com ([163.172.212.18]:16083) by ppsw-30.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.156]:587) with esmtpsa (LOGIN:rb743) (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1bn5QD-000gwe-f5 (Exim 4.86_36-e07b163) (return-path ); Thu, 22 Sep 2016 15:56:21 +0100 Date: Thu, 22 Sep 2016 14:56:25 +0000 From: Ruslan Bukin To: Mariusz Zaborski Cc: src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r306174 - in head/sys: compat/cloudabi compat/linux kern netinet sys Message-ID: <20160922145625.GA70214@bsdpad.com> References: <201609220958.u8M9wkfh034759@repo.freebsd.org> <20160922143412.GA69951@bsdpad.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.1 (2016-04-27) Sender: "R. Bukin" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Sep 2016 14:56:24 -0000 May be. The next line should be /etc/rc: WARNING: $hostname is not set -- see rc.conf(5). but it hangs before this line Ruslan On Thu, Sep 22, 2016 at 04:39:16PM +0200, Mariusz Zaborski wrote: > Hi Ruslan, > > Does it hang on some network script? > > Thanks, > Mariusz > > > On 22 September 2016 at 16:34, Ruslan Bukin wrote: > > Hi Mariusz > > > > my MIPS64EB kernel stops booting with this > > > > somewhere here: > > [...] > > Starting file system checks: > > /dev/ada0: 20369 files, 794696 used, 7573573 free (933 frags, 946580 blocks, 0.0% fragmentation) > > Mounting local filesystems:. > > ELF ldconfig path: /lib /usr/lib /usr/lib/compat > > random: unblocking device. > > > > any idea ? (should I rebuild something?) > > > > thanks! > > > > Ruslan > > > > On Thu, Sep 22, 2016 at 09:58:46AM +0000, Mariusz Zaborski wrote: > >> Author: oshogbo > >> Date: Thu Sep 22 09:58:46 2016 > >> New Revision: 306174 > >> URL: https://svnweb.freebsd.org/changeset/base/306174 > >> > >> Log: > >> capsicum: propagate rights on accept(2) > >> > >> Descriptor returned by accept(2) should inherits capabilities rights from > >> the listening socket. > >> > >> PR: 201052 > >> Reviewed by: emaste, jonathan > >> Discussed with: many > >> Differential Revision: https://reviews.freebsd.org/D7724 > >> > >> Modified: > >> head/sys/compat/cloudabi/cloudabi_sock.c > >> head/sys/compat/linux/linux_socket.c > >> head/sys/kern/kern_sendfile.c > >> head/sys/kern/uipc_syscalls.c > >> head/sys/netinet/sctp_syscalls.c > >> head/sys/sys/socketvar.h > >> > >> Modified: head/sys/compat/cloudabi/cloudabi_sock.c > >> ============================================================================== > >> --- head/sys/compat/cloudabi/cloudabi_sock.c Thu Sep 22 09:33:22 2016 (r306173) > >> +++ head/sys/compat/cloudabi/cloudabi_sock.c Thu Sep 22 09:58:46 2016 (r306174) > >> @@ -210,7 +210,7 @@ cloudabi_sys_sock_stat_get(struct thread > >> int error; > >> > >> error = getsock_cap(td, uap->sock, cap_rights_init(&rights, > >> - CAP_GETSOCKOPT, CAP_GETPEERNAME, CAP_GETSOCKNAME), &fp, NULL); > >> + CAP_GETSOCKOPT, CAP_GETPEERNAME, CAP_GETSOCKNAME), &fp, NULL, NULL); > >> if (error != 0) > >> return (error); > >> so = fp->f_data; > >> > >> Modified: head/sys/compat/linux/linux_socket.c > >> ============================================================================== > >> --- head/sys/compat/linux/linux_socket.c Thu Sep 22 09:33:22 2016 (r306173) > >> +++ head/sys/compat/linux/linux_socket.c Thu Sep 22 09:58:46 2016 (r306174) > >> @@ -855,7 +855,7 @@ linux_accept_common(struct thread *td, i > >> if (error == EFAULT && namelen != sizeof(struct sockaddr_in)) > >> return (EINVAL); > >> if (error == EINVAL) { > >> - error1 = getsock_cap(td, s, &rights, &fp, NULL); > >> + error1 = getsock_cap(td, s, &rights, &fp, NULL, NULL); > >> if (error1 != 0) > >> return (error1); > >> so = fp->f_data; > >> > >> Modified: head/sys/kern/kern_sendfile.c > >> ============================================================================== > >> --- head/sys/kern/kern_sendfile.c Thu Sep 22 09:33:22 2016 (r306173) > >> +++ head/sys/kern/kern_sendfile.c Thu Sep 22 09:58:46 2016 (r306174) > >> @@ -502,7 +502,7 @@ sendfile_getsock(struct thread *td, int > >> * The socket must be a stream socket and connected. > >> */ > >> error = getsock_cap(td, s, cap_rights_init(&rights, CAP_SEND), > >> - sock_fp, NULL); > >> + sock_fp, NULL, NULL); > >> if (error != 0) > >> return (error); > >> *so = (*sock_fp)->f_data; > >> > >> Modified: head/sys/kern/uipc_syscalls.c > >> ============================================================================== > >> --- head/sys/kern/uipc_syscalls.c Thu Sep 22 09:33:22 2016 (r306173) > >> +++ head/sys/kern/uipc_syscalls.c Thu Sep 22 09:58:46 2016 (r306174) > >> @@ -89,20 +89,23 @@ static int sockargs(struct mbuf **, char > >> /* > >> * Convert a user file descriptor to a kernel file entry and check if required > >> * capability rights are present. > >> + * If required copy of current set of capability rights is returned. > >> * A reference on the file entry is held upon returning. > >> */ > >> int > >> getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp, > >> - struct file **fpp, u_int *fflagp) > >> + struct file **fpp, u_int *fflagp, struct filecaps *havecapsp) > >> { > >> struct file *fp; > >> int error; > >> > >> - error = fget_unlocked(td->td_proc->p_fd, fd, rightsp, &fp, NULL); > >> + error = fget_cap(td, fd, rightsp, &fp, havecapsp); > >> if (error != 0) > >> return (error); > >> if (fp->f_type != DTYPE_SOCKET) { > >> fdrop(fp, td); > >> + if (havecapsp != NULL) > >> + filecaps_free(havecapsp); > >> return (ENOTSOCK); > >> } > >> if (fflagp != NULL) > >> @@ -188,7 +191,7 @@ kern_bindat(struct thread *td, int dirfd > >> AUDIT_ARG_FD(fd); > >> AUDIT_ARG_SOCKADDR(td, dirfd, sa); > >> error = getsock_cap(td, fd, cap_rights_init(&rights, CAP_BIND), > >> - &fp, NULL); > >> + &fp, NULL, NULL); > >> if (error != 0) > >> return (error); > >> so = fp->f_data; > >> @@ -235,7 +238,7 @@ sys_listen(struct thread *td, struct lis > >> > >> AUDIT_ARG_FD(uap->s); > >> error = getsock_cap(td, uap->s, cap_rights_init(&rights, CAP_LISTEN), > >> - &fp, NULL); > >> + &fp, NULL, NULL); > >> if (error == 0) { > >> so = fp->f_data; > >> #ifdef MAC > >> @@ -308,6 +311,7 @@ kern_accept4(struct thread *td, int s, s > >> struct file *headfp, *nfp = NULL; > >> struct sockaddr *sa = NULL; > >> struct socket *head, *so; > >> + struct filecaps fcaps; > >> cap_rights_t rights; > >> u_int fflag; > >> pid_t pgid; > >> @@ -318,7 +322,7 @@ kern_accept4(struct thread *td, int s, s > >> > >> AUDIT_ARG_FD(s); > >> error = getsock_cap(td, s, cap_rights_init(&rights, CAP_ACCEPT), > >> - &headfp, &fflag); > >> + &headfp, &fflag, &fcaps); > >> if (error != 0) > >> return (error); > >> head = headfp->f_data; > >> @@ -331,7 +335,8 @@ kern_accept4(struct thread *td, int s, s > >> if (error != 0) > >> goto done; > >> #endif > >> - error = falloc(td, &nfp, &fd, (flags & SOCK_CLOEXEC) ? O_CLOEXEC : 0); > >> + error = falloc_caps(td, &nfp, &fd, > >> + (flags & SOCK_CLOEXEC) ? O_CLOEXEC : 0, &fcaps); > >> if (error != 0) > >> goto done; > >> ACCEPT_LOCK(); > >> @@ -440,6 +445,8 @@ noconnection: > >> * a reference on nfp to the caller on success if they request it. > >> */ > >> done: > >> + if (nfp == NULL) > >> + filecaps_free(&fcaps); > >> if (fp != NULL) { > >> if (error == 0) { > >> *fp = nfp; > >> @@ -511,7 +518,7 @@ kern_connectat(struct thread *td, int di > >> AUDIT_ARG_FD(fd); > >> AUDIT_ARG_SOCKADDR(td, dirfd, sa); > >> error = getsock_cap(td, fd, cap_rights_init(&rights, CAP_CONNECT), > >> - &fp, NULL); > >> + &fp, NULL, NULL); > >> if (error != 0) > >> return (error); > >> so = fp->f_data; > >> @@ -754,7 +761,7 @@ kern_sendit(struct thread *td, int s, st > >> AUDIT_ARG_SOCKADDR(td, AT_FDCWD, mp->msg_name); > >> cap_rights_set(&rights, CAP_CONNECT); > >> } > >> - error = getsock_cap(td, s, &rights, &fp, NULL); > >> + error = getsock_cap(td, s, &rights, &fp, NULL, NULL); > >> if (error != 0) > >> return (error); > >> so = (struct socket *)fp->f_data; > >> @@ -923,7 +930,7 @@ kern_recvit(struct thread *td, int s, st > >> > >> AUDIT_ARG_FD(s); > >> error = getsock_cap(td, s, cap_rights_init(&rights, CAP_RECV), > >> - &fp, NULL); > >> + &fp, NULL, NULL); > >> if (error != 0) > >> return (error); > >> so = fp->f_data; > >> @@ -1198,7 +1205,7 @@ sys_shutdown(struct thread *td, struct s > >> > >> AUDIT_ARG_FD(uap->s); > >> error = getsock_cap(td, uap->s, cap_rights_init(&rights, CAP_SHUTDOWN), > >> - &fp, NULL); > >> + &fp, NULL, NULL); > >> if (error == 0) { > >> so = fp->f_data; > >> error = soshutdown(so, uap->how); > >> @@ -1257,7 +1264,7 @@ kern_setsockopt(struct thread *td, int s > >> > >> AUDIT_ARG_FD(s); > >> error = getsock_cap(td, s, cap_rights_init(&rights, CAP_SETSOCKOPT), > >> - &fp, NULL); > >> + &fp, NULL, NULL); > >> if (error == 0) { > >> so = fp->f_data; > >> error = sosetopt(so, &sopt); > >> @@ -1323,7 +1330,7 @@ kern_getsockopt(struct thread *td, int s > >> > >> AUDIT_ARG_FD(s); > >> error = getsock_cap(td, s, cap_rights_init(&rights, CAP_GETSOCKOPT), > >> - &fp, NULL); > >> + &fp, NULL, NULL); > >> if (error == 0) { > >> so = fp->f_data; > >> error = sogetopt(so, &sopt); > >> @@ -1376,7 +1383,7 @@ kern_getsockname(struct thread *td, int > >> > >> AUDIT_ARG_FD(fd); > >> error = getsock_cap(td, fd, cap_rights_init(&rights, CAP_GETSOCKNAME), > >> - &fp, NULL); > >> + &fp, NULL, NULL); > >> if (error != 0) > >> return (error); > >> so = fp->f_data; > >> @@ -1463,7 +1470,7 @@ kern_getpeername(struct thread *td, int > >> > >> AUDIT_ARG_FD(fd); > >> error = getsock_cap(td, fd, cap_rights_init(&rights, CAP_GETPEERNAME), > >> - &fp, NULL); > >> + &fp, NULL, NULL); > >> if (error != 0) > >> return (error); > >> so = fp->f_data; > >> > >> Modified: head/sys/netinet/sctp_syscalls.c > >> ============================================================================== > >> --- head/sys/netinet/sctp_syscalls.c Thu Sep 22 09:33:22 2016 (r306173) > >> +++ head/sys/netinet/sctp_syscalls.c Thu Sep 22 09:58:46 2016 (r306174) > >> @@ -248,7 +248,7 @@ sys_sctp_generic_sendmsg (td, uap) > >> } > >> > >> AUDIT_ARG_FD(uap->sd); > >> - error = getsock_cap(td, uap->sd, &rights, &fp, NULL); > >> + error = getsock_cap(td, uap->sd, &rights, &fp, NULL, NULL); > >> if (error != 0) > >> goto sctp_bad; > >> #ifdef KTRACE > >> @@ -361,7 +361,7 @@ sys_sctp_generic_sendmsg_iov(td, uap) > >> } > >> > >> AUDIT_ARG_FD(uap->sd); > >> - error = getsock_cap(td, uap->sd, &rights, &fp, NULL); > >> + error = getsock_cap(td, uap->sd, &rights, &fp, NULL, NULL); > >> if (error != 0) > >> goto sctp_bad1; > >> > >> @@ -477,7 +477,7 @@ sys_sctp_generic_recvmsg(td, uap) > >> > >> AUDIT_ARG_FD(uap->sd); > >> error = getsock_cap(td, uap->sd, cap_rights_init(&rights, CAP_RECV), > >> - &fp, NULL); > >> + &fp, NULL, NULL); > >> if (error != 0) > >> return (error); > >> #ifdef COMPAT_FREEBSD32 > >> > >> Modified: head/sys/sys/socketvar.h > >> ============================================================================== > >> --- head/sys/sys/socketvar.h Thu Sep 22 09:33:22 2016 (r306173) > >> +++ head/sys/sys/socketvar.h Thu Sep 22 09:58:46 2016 (r306174) > >> @@ -321,6 +321,7 @@ extern u_long sb_max; > >> extern so_gen_t so_gencnt; > >> > >> struct file; > >> +struct filecaps; > >> struct filedesc; > >> struct mbuf; > >> struct sockaddr; > >> @@ -340,7 +341,7 @@ struct uio; > >> */ > >> int getsockaddr(struct sockaddr **namp, caddr_t uaddr, size_t len); > >> int getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp, > >> - struct file **fpp, u_int *fflagp); > >> + struct file **fpp, u_int *fflagp, struct filecaps *havecaps); > >> void soabort(struct socket *so); > >> int soaccept(struct socket *so, struct sockaddr **nam); > >> void soaio_enqueue(struct task *task); > >>