From owner-dev-commits-src-all@freebsd.org  Fri Apr 23 11:15:37 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 57FC95EE3BD;
 Fri, 23 Apr 2021 11:15:37 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FRWtJ3V3sz4XQC;
 Fri, 23 Apr 2021 11:15:36 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6880B4160;
 Fri, 23 Apr 2021 11:15:35 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 13NBFZOM013806;
 Fri, 23 Apr 2021 11:15:35 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 13NBFZD6013805;
 Fri, 23 Apr 2021 11:15:35 GMT (envelope-from git)
Date: Fri, 23 Apr 2021 11:15:35 GMT
Message-Id: <202104231115.13NBFZD6013805@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: f1d1021fde37 - stable/13 - O_PATH: allow vnode kevent filter on
 such files
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: f1d1021fde37a4709162a1acbc28427206f66acc
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2021 11:15:37 -0000

The branch stable/13 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=f1d1021fde37a4709162a1acbc28427206f66acc

commit f1d1021fde37a4709162a1acbc28427206f66acc
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2021-04-07 18:31:48 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2021-04-23 11:14:10 +0000

    O_PATH: allow vnode kevent filter on such files
    
    (cherry picked from commit bbf7a4e878ed6828d13c7029c128a7e60dc25391)
---
 lib/libc/sys/open.2     |  3 +++
 sys/kern/kern_descrip.c |  2 +-
 sys/kern/vfs_syscalls.c |  3 ++-
 sys/kern/vfs_vnops.c    | 14 +++++++++++++-
 sys/sys/fcntl.h         |  2 ++
 sys/sys/file.h          |  1 +
 6 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2
index 06a877e34460..a7806df69daf 100644
--- a/lib/libc/sys/open.2
+++ b/lib/libc/sys/open.2
@@ -342,6 +342,9 @@ can be passed over a
 socket using a
 .Dv SCM_RIGHTS
 message
+.It Xr kqueue 2
+using for
+.Dv EVFILT_VNODE
 .El
 But operations like
 .Xr read 2 ,
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index a28e94634326..30ac40ffe296 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -4988,7 +4988,7 @@ struct fileops path_fileops = {
 	.fo_truncate = badfo_truncate,
 	.fo_ioctl = badfo_ioctl,
 	.fo_poll = path_poll,
-	.fo_kqfilter = badfo_kqfilter,
+	.fo_kqfilter = vn_kqfilter_opath,
 	.fo_stat = vn_statfile,
 	.fo_close = path_close,
 	.fo_chmod = badfo_chmod,
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 9130843f6761..43104a472b5b 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1192,7 +1192,8 @@ kern_openat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
 		KASSERT(vp->v_type != VFIFO || (flags & O_PATH) != 0,
 		    ("Unexpected fifo fp %p vp %p", fp, vp));
 		if ((flags & O_PATH) != 0) {
-			finit_vnode(fp, flags, NULL, &path_fileops);
+			finit(fp, (flags & FMASK) | (fp->f_flag & FKQALLOWED),
+			    DTYPE_VNODE, NULL, &path_fileops);
 			vhold(vp);
 			vunref(vp);
 		} else {
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index bb9ee2cceb79..9da35721def4 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -426,8 +426,12 @@ vn_open_vnode(struct vnode *vp, int fmode, struct ucred *cred,
 		if (error != 0)
 			return (error);
 	}
-	if ((fmode & O_PATH) != 0)
+	if ((fmode & O_PATH) != 0) {
+		error = VOP_ACCESS(vp, VREAD, cred, td);
+		if (error == 0)
+			fp->f_flag |= FKQALLOWED;
 		return (0);
+	}
 
 	if (vp->v_type == VFIFO && VOP_ISLOCKED(vp) != LK_EXCLUSIVE)
 		vn_lock(vp, LK_UPGRADE | LK_RETRY);
@@ -2139,6 +2143,14 @@ vn_kqfilter(struct file *fp, struct knote *kn)
 	return (VOP_KQFILTER(fp->f_vnode, kn));
 }
 
+int
+vn_kqfilter_opath(struct file *fp, struct knote *kn)
+{
+	if ((fp->f_flag & FKQALLOWED) == 0)
+		return (EBADF);
+	return (vn_kqfilter(fp, kn));
+}
+
 /*
  * Simplified in-kernel wrapper calls for extended attribute access.
  * Both calls pass in a NULL credential, authorizing as "kernel" access.
diff --git a/sys/sys/fcntl.h b/sys/sys/fcntl.h
index c328abaa02af..58d46ae26338 100644
--- a/sys/sys/fcntl.h
+++ b/sys/sys/fcntl.h
@@ -153,6 +153,8 @@ typedef	__pid_t		pid_t;
 #define	FREVOKE		O_VERIFY
 /* Only for fo_close() from half-succeeded open */
 #define	FOPENFAILED	O_TTY_INIT
+/* Only for O_PATH files which passed ACCESS FREAD check on open */
+#define	FKQALLOWED	O_RESOLVE_BENEATH
 
 /* convert from open() flags to/from fflags; convert O_RD/WR to FREAD/FWRITE */
 #define	FFLAGS(oflags)	((oflags) & O_EXEC ? (oflags) : (oflags) + 1)
diff --git a/sys/sys/file.h b/sys/sys/file.h
index 9237ee5ceb9d..b16e23bdfbcf 100644
--- a/sys/sys/file.h
+++ b/sys/sys/file.h
@@ -267,6 +267,7 @@ fo_stat_t	vn_statfile;
 fo_sendfile_t	vn_sendfile;
 fo_seek_t	vn_seek;
 fo_fill_kinfo_t	vn_fill_kinfo;
+fo_kqfilter_t	vn_kqfilter_opath;
 int vn_fill_kinfo_vnode(struct vnode *vp, struct kinfo_file *kif);
 
 void finit(struct file *, u_int, short, void *, struct fileops *);