From owner-svn-src-all@FreeBSD.ORG Mon Jun 22 04:13:03 2009 Return-Path: Delivered-To: svn-src-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B73B1065670; Mon, 22 Jun 2009 04:13:03 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from mail06.syd.optusnet.com.au (mail06.syd.optusnet.com.au [211.29.132.187]) by mx1.freebsd.org (Postfix) with ESMTP id 044A28FC12; Mon, 22 Jun 2009 04:13:02 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from c122-106-159-184.carlnfd1.nsw.optusnet.com.au (c122-106-159-184.carlnfd1.nsw.optusnet.com.au [122.106.159.184]) by mail06.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n5M4CvKX003616 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 22 Jun 2009 14:12:59 +1000 Date: Mon, 22 Jun 2009 14:12:57 +1000 (EST) From: Bruce Evans X-X-Sender: bde@delplex.bde.org To: Konstantin Belousov In-Reply-To: <200906211341.n5LDfWEx008281@svn.freebsd.org> Message-ID: <20090622133231.W31111@delplex.bde.org> References: <200906211341.n5LDfWEx008281@svn.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r194586 - in head/sys: cddl/compat/opensolaris/kern cddl/compat/opensolaris/sys cddl/contrib/opensolaris/uts/common/fs/zfs kern sys X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2009 04:13:03 -0000 On Sun, 21 Jun 2009, Konstantin Belousov wrote: > Log: > Add another flags argument to vn_open_cred. Use it to specify that some > vn_open_cred invocations shall not audit namei path. > Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_kobj.c > ============================================================================== > --- head/sys/cddl/compat/opensolaris/kern/opensolaris_kobj.c Sun Jun 21 13:15:56 2009 (r194585) > +++ head/sys/cddl/compat/opensolaris/kern/opensolaris_kobj.c Sun Jun 21 13:41:32 2009 (r194586) > @@ -85,7 +85,8 @@ kobj_open_file_vnode(const char *file) > > flags = FREAD; > NDINIT(&nd, LOOKUP, MPSAFE, UIO_SYSSPACE, file, td); > - error = vn_open_cred(&nd, &flags, O_NOFOLLOW, curthread->td_ucred, NULL); > + error = vn_open_cred(&nd, &flags, O_NOFOLLOW, 0, curthread->td_ucred, > + NULL); I was going to ask "why not put the flag in the existing flags arg, like O_NOFOLLOW here?", but it seems that there is no existing flags arg and the above O_NOFOLLOW is garbage. O_NOFOLLOW happens to be 0x100, so I think the above asks for mode S_IRUSR. Now I will ask "why not put O_NOFOLLOW here and the new flag in the existing pointer-to-flags arg?". > Modified: head/sys/cddl/compat/opensolaris/sys/vnode.h > ============================================================================== > --- head/sys/cddl/compat/opensolaris/sys/vnode.h Sun Jun 21 13:15:56 2009 (r194585) > +++ head/sys/cddl/compat/opensolaris/sys/vnode.h Sun Jun 21 13:41:32 2009 (r194586) > @@ -182,7 +182,7 @@ vn_openat(char *pnamep, enum uio_seg seg > vref(startvp); > NDINIT_ATVP(&nd, operation, MPSAFE, UIO_SYSSPACE, pnamep, startvp, td); > filemode |= O_NOFOLLOW; > - error = vn_open_cred(&nd, &filemode, createmode, td->td_ucred, NULL); > + error = vn_open_cred(&nd, &filemode, createmode, 0, td->td_ucred, NULL); Here it does put O_NOFOLLOW in the existing pointer-to-flags arg. It obfuscates the open-flags variable by naming it filemode. > Modified: head/sys/kern/vfs_vnops.c > ============================================================================== > --- head/sys/kern/vfs_vnops.c Sun Jun 21 13:15:56 2009 (r194585) > +++ head/sys/kern/vfs_vnops.c Sun Jun 21 13:41:32 2009 (r194586) > @@ -102,11 +102,8 @@ vn_open(ndp, flagp, cmode, fp) > * due to the NDINIT being done elsewhere. > */ > int > -vn_open_cred(ndp, flagp, cmode, cred, fp) > - struct nameidata *ndp; > - int *flagp, cmode; > - struct ucred *cred; > - struct file *fp; > +vn_open_cred(struct nameidata *ndp, int *flagp, int cmode, u_int vn_open_flags, > + struct ucred *cred, struct file *fp) > { > struct vnode *vp; > struct mount *mp; > @@ -124,9 +121,11 @@ restart: > if (fmode & O_CREAT) { Internally, flags are obfuscated by copying *flagp to the misnamed local variable fmode. The pointer-to-flags variable has about 12 spare bits in it. It already has just 1 kernel-only flag (O_HASLOCK, misnamed FHASLOCK and misassigned in the middle of the user flags). fcntl.h's list of open flags has been obfuscated by putting AT_ flags in the middle of the list. Bruce