From owner-svn-src-head@FreeBSD.ORG  Tue Aug 16 12:45:02 2011
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 405CD106566B;
	Tue, 16 Aug 2011 12:45:02 +0000 (UTC) (envelope-from jh@FreeBSD.org)
Received: from gw01.mail.saunalahti.fi (gw01.mail.saunalahti.fi
	[195.197.172.115])
	by mx1.freebsd.org (Postfix) with ESMTP id DEF518FC16;
	Tue, 16 Aug 2011 12:45:01 +0000 (UTC)
Received: from jh (a91-153-115-208.elisa-laajakaista.fi [91.153.115.208])
	by gw01.mail.saunalahti.fi (Postfix) with SMTP id 9945615191A;
	Tue, 16 Aug 2011 15:29:30 +0300 (EEST)
Date: Tue, 16 Aug 2011 15:29:30 +0300
From: Jaakko Heinonen <jh@FreeBSD.org>
To: Robert Watson <rwatson@FreeBSD.org>
Message-ID: <20110816122930.GA44017@jh>
References: <201108111230.p7BCUNnS092831@svn.freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201108111230.p7BCUNnS092831@svn.freebsd.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
	src-committers@freebsd.org, jonathan@FreeBSD.org
Subject: Re: svn commit: r224778 - in head: sys/amd64/linux32
 sys/cddl/compat/opensolaris/sys sys/compat/freebsd32 sys/compat/linux
 sys/compat/svr4 sys/dev/aac sys/dev/amr sys/dev/hwpmc sys/dev/ipmi
 sys/dev/isc...
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2011 12:45:02 -0000


Hi,

On 2011-08-11, Robert Watson wrote:
>   Second-to-last commit implementing Capsicum capabilities in the FreeBSD
>   kernel for FreeBSD 9.0:

This commit seems to have broken nfsd for me.

> Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
> ==============================================================================
> --- head/sys/fs/nfsserver/nfs_nfsdport.c	Thu Aug 11 11:30:21 2011	(r224777)
> +++ head/sys/fs/nfsserver/nfs_nfsdport.c	Thu Aug 11 12:30:23 2011	(r224778)
> @@ -3027,8 +3029,14 @@ nfssvc_nfsd(struct thread *td, struct nf
>  		error = copyin(uap->argp, (caddr_t)&sockarg, sizeof (sockarg));
>  		if (error)
>  			goto out;
> -		if ((error = fget(td, sockarg.sock, &fp)) != 0)
> +		/*
> +		 * Since we don't know what rights might be required,
> +		 * pretend that we need them all. It is better to be too
> +		 * careful than too reckless.
> +		 */
> +		if ((error = fget(td, sockarg.sock, CAP_SOCK_ALL, &fp)) != 0)
>  			goto out;
> +			return (error);

This for sure can't be correct. With the patch below nfsd seems to work
again for me.

%%%
Index: sys/fs/nfsserver/nfs_nfsdport.c
===================================================================
--- sys/fs/nfsserver/nfs_nfsdport.c	(revision 224908)
+++ sys/fs/nfsserver/nfs_nfsdport.c	(working copy)
@@ -3036,7 +3036,6 @@ nfssvc_nfsd(struct thread *td, struct nf
 		 */
 		if ((error = fget(td, sockarg.sock, CAP_SOCK_ALL, &fp)) != 0)
 			goto out;
-			return (error);
 		if (fp->f_type != DTYPE_SOCKET) {
 			fdrop(fp, td);
 			error = EPERM;
%%%

-- 
Jaakko