From owner-svn-src-head@freebsd.org Mon Jul 6 16:33:21 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C306636BA8B; Mon, 6 Jul 2020 16:33:21 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B0rjF4VWvz4GBb; Mon, 6 Jul 2020 16:33:21 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7DA81212A7; Mon, 6 Jul 2020 16:33:21 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 066GXLHp087145; Mon, 6 Jul 2020 16:33:21 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 066GXLDd087144; Mon, 6 Jul 2020 16:33:21 GMT (envelope-from markj@FreeBSD.org) Message-Id: <202007061633.066GXLDd087144@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Mon, 6 Jul 2020 16:33:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r362966 - head/sys/kern X-SVN-Group: head X-SVN-Commit-Author: markj X-SVN-Commit-Paths: head/sys/kern X-SVN-Commit-Revision: 362966 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2020 16:33:21 -0000 Author: markj Date: Mon Jul 6 16:33:21 2020 New Revision: 362966 URL: https://svnweb.freebsd.org/changeset/base/362966 Log: Lift cpuset Capsicum checks into a subroutine. Otherwise the same checks are duplicated across four different system call implementations, cpuset_(get|set)(affinity|domain)(). No functional change intended. MFC after: 1 week Sponsored by: The FreeBSD Foundation Modified: head/sys/kern/kern_cpuset.c Modified: head/sys/kern/kern_cpuset.c ============================================================================== --- head/sys/kern/kern_cpuset.c Mon Jul 6 15:15:37 2020 (r362965) +++ head/sys/kern/kern_cpuset.c Mon Jul 6 16:33:21 2020 (r362966) @@ -1582,6 +1582,25 @@ cpuset_setproc_update_set(struct proc *p, struct cpuse return (0); } +/* + * In Capability mode, the only accesses that are permitted are to the current + * thread and process' CPU and domain sets. + */ +static int +cpuset_check_capabilities(struct thread *td, cpulevel_t level, cpuwhich_t which, + id_t id) +{ + if (IN_CAPABILITY_MODE(td)) { + if (level != CPU_LEVEL_WHICH) + return (ECAPMODE); + if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) + return (ECAPMODE); + if (id != -1) + return (ECAPMODE); + } + return (0); +} + #ifndef _SYS_SYSPROTO_H_ struct cpuset_args { cpusetid_t *setid; @@ -1739,15 +1758,9 @@ kern_cpuset_getaffinity(struct thread *td, cpulevel_t if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY) return (ERANGE); - /* In Capability mode, you can only get your own CPU set. */ - if (IN_CAPABILITY_MODE(td)) { - if (level != CPU_LEVEL_WHICH) - return (ECAPMODE); - if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) - return (ECAPMODE); - if (id != -1) - return (ECAPMODE); - } + error = cpuset_check_capabilities(td, level, which, id); + if (error != 0) + return (error); size = cpusetsize; mask = malloc(size, M_TEMP, M_WAITOK | M_ZERO); error = cpuset_which(which, id, &p, &ttd, &set); @@ -1856,15 +1869,9 @@ kern_cpuset_setaffinity(struct thread *td, cpulevel_t if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY) return (ERANGE); - /* In Capability mode, you can only set your own CPU set. */ - if (IN_CAPABILITY_MODE(td)) { - if (level != CPU_LEVEL_WHICH) - return (ECAPMODE); - if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) - return (ECAPMODE); - if (id != -1) - return (ECAPMODE); - } + error = cpuset_check_capabilities(td, level, which, id); + if (error != 0) + return (error); mask = malloc(cpusetsize, M_TEMP, M_WAITOK | M_ZERO); error = copyin(maskp, mask, cpusetsize); if (error) @@ -1987,15 +1994,9 @@ kern_cpuset_getdomain(struct thread *td, cpulevel_t le if (domainsetsize < sizeof(domainset_t) || domainsetsize > DOMAINSET_MAXSIZE / NBBY) return (ERANGE); - /* In Capability mode, you can only get your own domain set. */ - if (IN_CAPABILITY_MODE(td)) { - if (level != CPU_LEVEL_WHICH) - return (ECAPMODE); - if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) - return (ECAPMODE); - if (id != -1) - return (ECAPMODE); - } + error = cpuset_check_capabilities(td, level, which, id); + if (error != 0) + return (error); mask = malloc(domainsetsize, M_TEMP, M_WAITOK | M_ZERO); bzero(&outset, sizeof(outset)); error = cpuset_which(which, id, &p, &ttd, &set); @@ -2122,15 +2123,9 @@ kern_cpuset_setdomain(struct thread *td, cpulevel_t le if (policy <= DOMAINSET_POLICY_INVALID || policy > DOMAINSET_POLICY_MAX) return (EINVAL); - /* In Capability mode, you can only set your own CPU set. */ - if (IN_CAPABILITY_MODE(td)) { - if (level != CPU_LEVEL_WHICH) - return (ECAPMODE); - if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) - return (ECAPMODE); - if (id != -1) - return (ECAPMODE); - } + error = cpuset_check_capabilities(td, level, which, id); + if (error != 0) + return (error); memset(&domain, 0, sizeof(domain)); mask = malloc(domainsetsize, M_TEMP, M_WAITOK | M_ZERO); error = copyin(maskp, mask, domainsetsize);