From owner-freebsd-bugs@FreeBSD.ORG  Mon Dec 18 07:30:35 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 16BA616A47C
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 18 Dec 2006 07:30:35 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3307443CAD
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 18 Dec 2006 07:30:29 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBI7UN3B067053
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 18 Dec 2006 07:30:23 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBI7UNMJ067052;
	Mon, 18 Dec 2006 07:30:23 GMT (envelope-from gnats)
Date: Mon, 18 Dec 2006 07:30:23 GMT
Message-Id: <200612180730.kBI7UNMJ067052@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Timothy Bourke <timbob@bigpond.com>
Cc: 
Subject: Re: kern/51583: [nullfs] [patch] allow to work with devices and
	sockets over nullfs [STABLE, 5.0-CURRENT]
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Timothy Bourke <timbob@bigpond.com>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Dec 2006 07:30:35 -0000

The following reply was made to PR kern/51583; it has been noted by GNATS.

From: Timothy Bourke <timbob@bigpond.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/51583: [nullfs] [patch] allow to work with devices and sockets over nullfs [STABLE, 5.0-CURRENT]
Date: Mon, 18 Dec 2006 18:01:40 +1100

 --45Z9DzgjV8m4Oswq
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 I confirm that this is still a problem on 6.1-RELEASE (-p11).
 
 In particular, it prevents using nullfs to run X clients through Unix
 domain sockets from a chroot or jail (i.e. connecting via /tmp/.X11-unix/X0=
 ).
 (http://lists.freebsd.org/pipermail/freebsd-emulation/2006-December/002912.=
 html)
 
 The Linimon/Le Hen tests can be verified using the net/netcat port:
 
     setup
     -----
     mkdir lower
     mkdir upper
     mount -t nullfs lower upper
     touch lower/testport
 
     test.sh
     --------
     #!/bin.sh
 
     rm lower/testport
     nc -lU $BIND/testport &
     SERVER=3D$!
     echo test | nc -U $CONNECT/testport
     echo $?
     kill $SERVER 2>/dev/null
 
     tests
     -----
     BIND=3Dlower CONNECT=3Dlower ./test.sh # works
     BIND=3Dupper CONNECT=3Dupper ./test.sh # works
     BIND=3Dlower CONNECT=3Dupper ./test.sh # FAILS before patch, works after
     BIND=3Dupper CONNECT=3Dlower ./test.sh # FAILS before and after patch
 
 The Sivachenko patch corrects the following situation:
 
     analysis: BIND=3Dlower CONNECT=3Dupper
     ----------------------------------
     1. s =3D socket(AF_UNIX, SOCK_STREAM, 0)
        falloc: creates a new open file in the process descriptor table
        socreate: associates a socket with this file and associates the unix
                  domain protosw functions
 
     2. connect(s, name, namelen)
        kern_connect -> so_connect -> pru_connect -> unp_connect
 
        * unp_connect (src/sys/kern/uipc_usrreq.c, v1.155.2.3)
 
        * call namei to retrieve the requested vnode
          -calls null_lookup in src/sys/fs/null_vnops.c
          -in turn calls null_nodeget in src/sys/fs/null_subr.c
           returns the UPPER vnode
           DOES NOT copy the v_un field from the lower vnode.
 
        * line 962: so2 =3D vp->v_socket;              (vp->v_un.vu_socket)
          DIRECT ACCESS to v_un field of (UPPER) vnode.
 
 The Buchanan analysis refers to a different location:
 
     analysis: BIND=3Dupper CONNECT=3Dlower
     ----------------------------------
     1. s =3D socket(AF_UNIX, SOCK_STREAM, 0)
     2. bind(s, name, namelen)
       =20
        * unp_bind (src/sys/kern/uipc_usrreq.c, v1.155.2.3)
        * creates new vnodes
        * line 902: vp->v_socket =3D unp->unp_socket;  (vp->v_un.vu_socket)
          DIRECT ACCESS to v_un field of (UPPER) vnode.
 
     Not fixed by the submitted patch.
     Messy. The socket information in the upper (nullfs) vnode must somehow =
 be
     passed down into the lower vnode...
 
 A proper fix is beyond me.
 
 
 --45Z9DzgjV8m4Oswq
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.4 (FreeBSD)
 
 iD8DBQFFhjzUtKVK1sFb0ecRAqZmAJ4nKiLNcXggXY/SduAOMKkHDYU08gCeJGhZ
 cpD93q7IabDe8GSXTxJHggA=
 =T6rX
 -----END PGP SIGNATURE-----
 
 --45Z9DzgjV8m4Oswq--