Date: Wed, 24 May 2017 00:58:30 +0000 (UTC) From: Allan Jude <allanjude@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r318765 - in head: lib/libc/sys share/man/man4 sys/compat/freebsd32 sys/kern Message-ID: <201705240058.v4O0wUMW014502@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: allanjude Date: Wed May 24 00:58:30 2017 New Revision: 318765 URL: https://svnweb.freebsd.org/changeset/base/318765 Log: Allow cpuset_{get,set}affinity in capabilities mode bhyve was recently sandboxed with capsicum, and needs to be able to control the CPU sets of its vcpu threads Reviewed by: emaste, oshogbo, rwatson MFC after: 2 weeks Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D10170 Modified: head/lib/libc/sys/cpuset_getaffinity.2 head/share/man/man4/capsicum.4 head/sys/compat/freebsd32/capabilities.conf head/sys/kern/capabilities.conf head/sys/kern/kern_cpuset.c Modified: head/lib/libc/sys/cpuset_getaffinity.2 ============================================================================== --- head/lib/libc/sys/cpuset_getaffinity.2 Wed May 24 00:36:27 2017 (r318764) +++ head/lib/libc/sys/cpuset_getaffinity.2 Wed May 24 00:58:30 2017 (r318765) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 2, 2016 +.Dd May 23, 2017 .Dt CPUSET_GETAFFINITY 2 .Os .Sh NAME @@ -148,8 +148,14 @@ was either preposterously large or small .It Bq Er EPERM The calling process did not have the credentials required to complete the operation. +.It Bq Er ECAPMODE +The calling process attempted to act on a process other than itself, while +in capability mode. +See +.Xr capsicum 4 . .El .Sh SEE ALSO +.Xr capsicum 4 , .Xr cpuset 1 , .Xr cpuset 2 , .Xr cpuset_getid 2 , Modified: head/share/man/man4/capsicum.4 ============================================================================== --- head/share/man/man4/capsicum.4 Wed May 24 00:36:27 2017 (r318764) +++ head/share/man/man4/capsicum.4 Wed May 24 00:58:30 2017 (r318765) @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 5, 2016 +.Dd May 18, 2017 .Dt CAPSICUM 4 .Os .Sh NAME @@ -88,6 +88,16 @@ An extension to the POSIX shared memory associated with file descriptors; described in greater detail in .Xr shm_open 2 . .El +.Pp +In some cases, +.Nm +limits the valid values of some parameters to traditional APIs in order to +restrict access to global namespaces: +.Bl -tag -width indent +.It process IDs +Processes can only act upon their own process ID with syscalls such as +.Xr cpuset_setaffinity 2 . +.El .Sh SEE ALSO .Xr cap_enter 2 , .Xr cap_fcntls_limit 2 , Modified: head/sys/compat/freebsd32/capabilities.conf ============================================================================== --- head/sys/compat/freebsd32/capabilities.conf Wed May 24 00:36:27 2017 (r318764) +++ head/sys/compat/freebsd32/capabilities.conf Wed May 24 00:58:30 2017 (r318765) @@ -76,9 +76,9 @@ close closefrom connectat #cpuset -#freebsd32_cpuset_getaffinity +freebsd32_cpuset_getaffinity #freebsd32_cpuset_getid -#freebsd32_cpuset_setaffinity +freebsd32_cpuset_setaffinity #freebsd32_cpuset_setid dup dup2 Modified: head/sys/kern/capabilities.conf ============================================================================== --- head/sys/kern/capabilities.conf Wed May 24 00:36:27 2017 (r318764) +++ head/sys/kern/capabilities.conf Wed May 24 00:58:30 2017 (r318765) @@ -133,13 +133,12 @@ closefrom connectat ## -## cpuset(2) and related calls require scoping by process, but should -## eventually be allowed, at least in the current process case. +## cpuset(2) and related calls are limited to caller's own process/thread. ## #cpuset -#cpuset_getaffinity +cpuset_getaffinity #cpuset_getid -#cpuset_setaffinity +cpuset_setaffinity #cpuset_setid ## Modified: head/sys/kern/kern_cpuset.c ============================================================================== --- head/sys/kern/kern_cpuset.c Wed May 24 00:36:27 2017 (r318764) +++ head/sys/kern/kern_cpuset.c Wed May 24 00:58:30 2017 (r318765) @@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$"); #include <sys/sched.h> #include <sys/smp.h> #include <sys/syscallsubr.h> +#include <sys/capsicum.h> #include <sys/cpuset.h> #include <sys/sx.h> #include <sys/queue.h> @@ -522,6 +523,7 @@ cpuset_setproc(pid_t pid, struct cpuset int threads; int nfree; int error; + /* * The algorithm requires two passes due to locking considerations. * @@ -1096,6 +1098,15 @@ kern_cpuset_getaffinity(struct thread *t if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY) return (ERANGE); + /* In Capability mode, you can only get your own CPU set. */ + if (IN_CAPABILITY_MODE(td)) { + if (level != CPU_LEVEL_WHICH) + return (ECAPMODE); + if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) + return (ECAPMODE); + if (id != -1) + return (ECAPMODE); + } size = cpusetsize; mask = malloc(size, M_TEMP, M_WAITOK | M_ZERO); error = cpuset_which(which, id, &p, &ttd, &set); @@ -1204,6 +1215,15 @@ kern_cpuset_setaffinity(struct thread *t if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY) return (ERANGE); + /* In Capability mode, you can only set your own CPU set. */ + if (IN_CAPABILITY_MODE(td)) { + if (level != CPU_LEVEL_WHICH) + return (ECAPMODE); + if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) + return (ECAPMODE); + if (id != -1) + return (ECAPMODE); + } mask = malloc(cpusetsize, M_TEMP, M_WAITOK | M_ZERO); error = copyin(maskp, mask, cpusetsize); if (error)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705240058.v4O0wUMW014502>