Date: Mon, 18 Dec 2006 07:30:23 GMT From: Timothy Bourke <timbob@bigpond.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/51583: [nullfs] [patch] allow to work with devices and sockets over nullfs [STABLE, 5.0-CURRENT] Message-ID: <200612180730.kBI7UNMJ067052@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/51583; it has been noted by GNATS. From: Timothy Bourke <timbob@bigpond.com> To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/51583: [nullfs] [patch] allow to work with devices and sockets over nullfs [STABLE, 5.0-CURRENT] Date: Mon, 18 Dec 2006 18:01:40 +1100 --45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I confirm that this is still a problem on 6.1-RELEASE (-p11). In particular, it prevents using nullfs to run X clients through Unix domain sockets from a chroot or jail (i.e. connecting via /tmp/.X11-unix/X0= ). (http://lists.freebsd.org/pipermail/freebsd-emulation/2006-December/002912.= html) The Linimon/Le Hen tests can be verified using the net/netcat port: setup ----- mkdir lower mkdir upper mount -t nullfs lower upper touch lower/testport test.sh -------- #!/bin.sh rm lower/testport nc -lU $BIND/testport & SERVER=3D$! echo test | nc -U $CONNECT/testport echo $? kill $SERVER 2>/dev/null tests ----- BIND=3Dlower CONNECT=3Dlower ./test.sh # works BIND=3Dupper CONNECT=3Dupper ./test.sh # works BIND=3Dlower CONNECT=3Dupper ./test.sh # FAILS before patch, works after BIND=3Dupper CONNECT=3Dlower ./test.sh # FAILS before and after patch The Sivachenko patch corrects the following situation: analysis: BIND=3Dlower CONNECT=3Dupper ---------------------------------- 1. s =3D socket(AF_UNIX, SOCK_STREAM, 0) falloc: creates a new open file in the process descriptor table socreate: associates a socket with this file and associates the unix domain protosw functions 2. connect(s, name, namelen) kern_connect -> so_connect -> pru_connect -> unp_connect * unp_connect (src/sys/kern/uipc_usrreq.c, v1.155.2.3) * call namei to retrieve the requested vnode -calls null_lookup in src/sys/fs/null_vnops.c -in turn calls null_nodeget in src/sys/fs/null_subr.c returns the UPPER vnode DOES NOT copy the v_un field from the lower vnode. * line 962: so2 =3D vp->v_socket; (vp->v_un.vu_socket) DIRECT ACCESS to v_un field of (UPPER) vnode. The Buchanan analysis refers to a different location: analysis: BIND=3Dupper CONNECT=3Dlower ---------------------------------- 1. s =3D socket(AF_UNIX, SOCK_STREAM, 0) 2. bind(s, name, namelen) =20 * unp_bind (src/sys/kern/uipc_usrreq.c, v1.155.2.3) * creates new vnodes * line 902: vp->v_socket =3D unp->unp_socket; (vp->v_un.vu_socket) DIRECT ACCESS to v_un field of (UPPER) vnode. Not fixed by the submitted patch. Messy. The socket information in the upper (nullfs) vnode must somehow = be passed down into the lower vnode... A proper fix is beyond me. --45Z9DzgjV8m4Oswq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFFhjzUtKVK1sFb0ecRAqZmAJ4nKiLNcXggXY/SduAOMKkHDYU08gCeJGhZ cpD93q7IabDe8GSXTxJHggA= =T6rX -----END PGP SIGNATURE----- --45Z9DzgjV8m4Oswq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612180730.kBI7UNMJ067052>