Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 Jun 2015 09:52:37 +0000 (UTC)
From:      Mateusz Guzik <mjg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r284443 - in head/sys: compat/svr4 kern ofed/include/linux security/audit
Message-ID:  <201506160952.t5G9qbFK065723@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: mjg
Date: Tue Jun 16 09:52:36 2015
New Revision: 284443
URL: https://svnweb.freebsd.org/changeset/base/284443

Log:
  fd: make rights a mandatory argument to fget_unlocked

Modified:
  head/sys/compat/svr4/svr4_misc.c
  head/sys/kern/kern_descrip.c
  head/sys/ofed/include/linux/file.h
  head/sys/security/audit/audit_arg.c

Modified: head/sys/compat/svr4/svr4_misc.c
==============================================================================
--- head/sys/compat/svr4/svr4_misc.c	Tue Jun 16 09:08:30 2015	(r284442)
+++ head/sys/compat/svr4/svr4_misc.c	Tue Jun 16 09:52:36 2015	(r284443)
@@ -622,6 +622,7 @@ svr4_sys_fchroot(td, uap)
 	struct thread *td;
 	struct svr4_sys_fchroot_args *uap;
 {
+	cap_rights_t rights;
 	struct filedesc	*fdp = td->td_proc->p_fd;
 	struct vnode	*vp;
 	struct file	*fp;
@@ -630,7 +631,7 @@ svr4_sys_fchroot(td, uap)
 	if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0)
 		return error;
 	/* XXX: we have the chroot priv... what cap might we need? all? */
-	if ((error = getvnode(fdp, uap->fd, 0, &fp)) != 0)
+	if ((error = getvnode(fdp, uap->fd, cap_rights_init(&rights), &fp)) != 0)
 		return error;
 	vp = fp->f_vnode;
 	VREF(vp);

Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c	Tue Jun 16 09:08:30 2015	(r284442)
+++ head/sys/kern/kern_descrip.c	Tue Jun 16 09:52:36 2015	(r284443)
@@ -746,7 +746,8 @@ kern_fcntl(struct thread *td, int fd, in
 		arg = arg ? 128 * 1024: 0;
 		/* FALLTHROUGH */
 	case F_READAHEAD:
-		error = fget_unlocked(fdp, fd, NULL, &fp, NULL);
+		error = fget_unlocked(fdp, fd,
+		    cap_rights_init(&rights), &fp, NULL);
 		if (error != 0)
 			break;
 		if (fp->f_type != DTYPE_VNODE) {
@@ -2368,11 +2369,9 @@ fget_unlocked(struct filedesc *fdp, int 
 		if (fp == NULL)
 			return (EBADF);
 #ifdef CAPABILITIES
-		if (needrightsp != NULL) {
-			error = cap_check(&haverights, needrightsp);
-			if (error != 0)
-				return (error);
-		}
+		error = cap_check(&haverights, needrightsp);
+		if (error != 0)
+			return (error);
 #endif
 	retry:
 		count = fp->f_count;

Modified: head/sys/ofed/include/linux/file.h
==============================================================================
--- head/sys/ofed/include/linux/file.h	Tue Jun 16 09:08:30 2015	(r284442)
+++ head/sys/ofed/include/linux/file.h	Tue Jun 16 09:52:36 2015	(r284443)
@@ -33,6 +33,7 @@
 #include <sys/file.h>
 #include <sys/filedesc.h>
 #include <sys/refcount.h>
+#include <sys/capsicum.h>
 #include <sys/proc.h>
 
 #include <linux/fs.h>
@@ -46,10 +47,11 @@ extern struct fileops linuxfileops;
 static inline struct linux_file *
 linux_fget(unsigned int fd)
 {
+	cap_rights_t rights;
 	struct file *file;
 
-	if (fget_unlocked(curthread->td_proc->p_fd, fd, NULL, &file,
-	    NULL) != 0) {
+	if (fget_unlocked(curthread->td_proc->p_fd, fd,
+	    cap_rights_init(&rights), &file, NULL) != 0) {
 		return (NULL);
 	}
 	return (struct linux_file *)file->f_data;
@@ -71,10 +73,11 @@ fput(struct linux_file *filp)
 static inline void
 put_unused_fd(unsigned int fd)
 {
+	cap_rights_t rights;
 	struct file *file;
 
-	if (fget_unlocked(curthread->td_proc->p_fd, fd, NULL, &file,
-	    NULL) != 0) {
+	if (fget_unlocked(curthread->td_proc->p_fd, fd,
+	    cap_rights_init(&rights), &file, NULL) != 0) {
 		return;
 	}
 	/*
@@ -91,10 +94,11 @@ put_unused_fd(unsigned int fd)
 static inline void
 fd_install(unsigned int fd, struct linux_file *filp)
 {
+	cap_rights_t rights;
 	struct file *file;
 
-	if (fget_unlocked(curthread->td_proc->p_fd, fd, NULL, &file,
-	    NULL) != 0) {
+	if (fget_unlocked(curthread->td_proc->p_fd, fd,
+	    cap_rights_init(&rights), &file, NULL) != 0) {
 		file = NULL;
 	}
 	filp->_file = file;

Modified: head/sys/security/audit/audit_arg.c
==============================================================================
--- head/sys/security/audit/audit_arg.c	Tue Jun 16 09:08:30 2015	(r284442)
+++ head/sys/security/audit/audit_arg.c	Tue Jun 16 09:52:36 2015	(r284443)
@@ -32,6 +32,7 @@ __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
 #include <sys/filedesc.h>
+#include <sys/capsicum.h>
 #include <sys/ipc.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
@@ -894,6 +895,7 @@ audit_arg_fcntl_rights(uint32_t fcntlrig
 void
 audit_sysclose(struct thread *td, int fd)
 {
+	cap_rights_t rights;
 	struct kaudit_record *ar;
 	struct vnode *vp;
 	struct file *fp;
@@ -906,7 +908,7 @@ audit_sysclose(struct thread *td, int fd
 
 	audit_arg_fd(fd);
 
-	if (getvnode(td->td_proc->p_fd, fd, 0, &fp) != 0)
+	if (getvnode(td->td_proc->p_fd, fd, cap_rights_init(&rights), &fp) != 0)
 		return;
 
 	vp = fp->f_vnode;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506160952.t5G9qbFK065723>