From owner-svn-src-all@FreeBSD.ORG Wed Jul 18 04:52:38 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6CACB1065675; Wed, 18 Jul 2012 04:52:38 +0000 (UTC) (envelope-from mjg@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 56BDF8FC14; Wed, 18 Jul 2012 04:52:38 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q6I4qc0n029229; Wed, 18 Jul 2012 04:52:38 GMT (envelope-from mjg@svn.freebsd.org) Received: (from mjg@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q6I4qcwJ029225; Wed, 18 Jul 2012 04:52:38 GMT (envelope-from mjg@svn.freebsd.org) Message-Id: <201207180452.q6I4qcwJ029225@svn.freebsd.org> From: Mateusz Guzik Date: Wed, 18 Jul 2012 04:52:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r238560 - in stable/9/sys: kern sys X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2012 04:52:38 -0000 Author: mjg Date: Wed Jul 18 04:52:37 2012 New Revision: 238560 URL: http://svn.freebsd.org/changeset/base/238560 Log: MFC r238220, r238272: Unbreak handling of descriptors opened with O_EXEC by fexecve(2). While here return EBADF for descriptors opened for writing (previously it was ETXTBSY). Add fgetvp_exec function which performs appropriate checks. == Follow-up commit to r238220: Pass only FEXEC (instead of FREAD|FEXEC) in fgetvp_exec. _fget has to check for !FWRITE anyway and may as well know about FREAD. Make _fget code a bit more readable by converting permission checking from if() to switch(). Assert that correct permission flags are passed. PR: kern/169651 In collaboration with: kib Approved by: re (hrs), trasz (mentor) Modified: stable/9/sys/kern/kern_descrip.c stable/9/sys/kern/kern_exec.c stable/9/sys/sys/file.h Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/kern/kern_descrip.c ============================================================================== --- stable/9/sys/kern/kern_descrip.c Tue Jul 17 22:16:10 2012 (r238559) +++ stable/9/sys/kern/kern_descrip.c Wed Jul 18 04:52:37 2012 (r238560) @@ -2329,8 +2329,8 @@ _fget(struct thread *td, int fd, struct struct file *fp; #ifdef CAPABILITIES struct file *fp_fromcap; - int error; #endif + int error; *fpp = NULL; if (td == NULL || (fdp = td->td_proc->p_fd) == NULL) @@ -2369,7 +2369,7 @@ _fget(struct thread *td, int fd, struct else error = cap_funwrap_mmap(fp, needrights, maxprotp, &fp_fromcap); - if (error) { + if (error != 0) { fdrop(fp, td); return (error); } @@ -2394,14 +2394,30 @@ _fget(struct thread *td, int fd, struct /* * FREAD and FWRITE failure return EBADF as per POSIX. - * - * Only one flag, or 0, may be specified. */ - if ((flags == FREAD && (fp->f_flag & FREAD) == 0) || - (flags == FWRITE && (fp->f_flag & FWRITE) == 0)) { + error = 0; + switch (flags) { + case FREAD: + case FWRITE: + if ((fp->f_flag & flags) == 0) + error = EBADF; + break; + case FEXEC: + if ((fp->f_flag & (FREAD | FEXEC)) == 0 || + ((fp->f_flag & FWRITE) != 0)) + error = EBADF; + break; + case 0: + break; + default: + KASSERT(0, ("wrong flags")); + } + + if (error != 0) { fdrop(fp, td); - return (EBADF); + return (error); } + *fpp = fp; return (0); } @@ -2498,6 +2514,13 @@ fgetvp_read(struct thread *td, int fd, c return (_fgetvp(td, fd, FREAD, rights, NULL, vpp)); } +int +fgetvp_exec(struct thread *td, int fd, cap_rights_t rights, struct vnode **vpp) +{ + + return (_fgetvp(td, fd, FEXEC, rights, NULL, vpp)); +} + #ifdef notyet int fgetvp_write(struct thread *td, int fd, cap_rights_t rights, Modified: stable/9/sys/kern/kern_exec.c ============================================================================== --- stable/9/sys/kern/kern_exec.c Tue Jul 17 22:16:10 2012 (r238559) +++ stable/9/sys/kern/kern_exec.c Wed Jul 18 04:52:37 2012 (r238560) @@ -443,8 +443,10 @@ interpret: /* * Some might argue that CAP_READ and/or CAP_MMAP should also * be required here; such arguments will be entertained. + * + * Descriptors opened only with O_EXEC or O_RDONLY are allowed. */ - error = fgetvp_read(td, args->fd, CAP_FEXECVE, &binvp); + error = fgetvp_exec(td, args->fd, CAP_FEXECVE, &binvp); if (error) goto exec_fail; vfslocked = VFS_LOCK_GIANT(binvp->v_mount); Modified: stable/9/sys/sys/file.h ============================================================================== --- stable/9/sys/sys/file.h Tue Jul 17 22:16:10 2012 (r238559) +++ stable/9/sys/sys/file.h Wed Jul 18 04:52:37 2012 (r238560) @@ -225,6 +225,8 @@ fo_chown_t invfo_chown; void finit(struct file *, u_int, short, void *, struct fileops *); int fgetvp(struct thread *td, int fd, cap_rights_t rights, struct vnode **vpp); +int fgetvp_exec(struct thread *td, int fd, cap_rights_t rights, + struct vnode **vpp); int fgetvp_rights(struct thread *td, int fd, cap_rights_t need, cap_rights_t *have, struct vnode **vpp); int fgetvp_read(struct thread *td, int fd, cap_rights_t rights,