git: 54a01b5326b9 - stable/13 - vfs: Permit unix sockets to be opened with O_PATH
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 17 Oct 2021 21:15:55 UTC
The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=54a01b5326b9b73c4fbccb5bc085b5884eebe814 commit 54a01b5326b9b73c4fbccb5bc085b5884eebe814 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-09-17 16:34:21 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-10-17 21:15:44 +0000 vfs: Permit unix sockets to be opened with O_PATH As with FIFOs, a path descriptor for a unix socket cannot be used with kevent(). In principle connectat(2) and bindat(2) could be modified to support an AT_EMPTY_PATH-like mode which operates on the socket referenced by an O_PATH fd referencing a unix socket. That would eliminate the path length limit imposed by sockaddr_un. Update O_PATH tests. Reviewed by: kib Sponsored by: The FreeBSD Foundation (cherry picked from commit 2bd9826995ca6b23f8b088cfa035c0ad1c578ac3) --- sys/kern/vfs_vnops.c | 11 ++++------- tests/sys/file/path_test.c | 32 ++++++++++++++++++++++++++++---- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index e8d6df5c4193..b78c24e3e313 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -393,13 +393,13 @@ vn_open_vnode(struct vnode *vp, int fmode, struct ucred *cred, if ((fmode & O_PATH) == 0 || (fmode & FEXEC) != 0) return (EMLINK); } - if (vp->v_type == VSOCK) - return (EOPNOTSUPP); if (vp->v_type != VDIR && fmode & O_DIRECTORY) return (ENOTDIR); accmode = 0; if ((fmode & O_PATH) == 0) { + if (vp->v_type == VSOCK) + return (EOPNOTSUPP); if ((fmode & (FWRITE | O_TRUNC)) != 0) { if (vp->v_type == VDIR) return (EISDIR); @@ -431,11 +431,8 @@ vn_open_vnode(struct vnode *vp, int fmode, struct ucred *cred, return (error); } if ((fmode & O_PATH) != 0) { - if (vp->v_type == VFIFO) - error = EPIPE; - else - error = VOP_ACCESS(vp, VREAD, cred, td); - if (error == 0) + if (vp->v_type != VFIFO && vp->v_type != VSOCK && + VOP_ACCESS(vp, VREAD, cred, td) == 0) fp->f_flag |= FKQALLOWED; return (0); } diff --git a/tests/sys/file/path_test.c b/tests/sys/file/path_test.c index ad88c691a914..a39862cc78d6 100644 --- a/tests/sys/file/path_test.c +++ b/tests/sys/file/path_test.c @@ -845,13 +845,15 @@ ATF_TC_BODY(path_rights, tc) CHECKED_CLOSE(sd[1]); } -/* Verify that a local socket can't be opened with O_PATH. */ +/* Verify that a local socket can be opened with O_PATH. */ ATF_TC_WITHOUT_HEAD(path_unix); ATF_TC_BODY(path_unix, tc) { - char path[PATH_MAX]; + char buf[BUFSIZ], path[PATH_MAX]; + struct kevent ev; struct sockaddr_un sun; - int pathfd, sd; + struct stat sb; + int kq, pathfd, sd; snprintf(path, sizeof(path), "path_unix.XXXXXX"); ATF_REQUIRE_MSG(mktemp(path) == path, FMT_ERR("mktemp")); @@ -866,9 +868,31 @@ ATF_TC_BODY(path_unix, tc) FMT_ERR("bind")); pathfd = open(path, O_PATH); - ATF_REQUIRE_ERRNO(EOPNOTSUPP, pathfd < 0); + ATF_REQUIRE_MSG(pathfd >= 0, FMT_ERR("open")); + + ATF_REQUIRE_MSG(fstatat(pathfd, "", &sb, AT_EMPTY_PATH) == 0, + FMT_ERR("fstatat")); + ATF_REQUIRE_MSG(sb.st_mode & S_IFSOCK, "socket mode %#x", sb.st_mode); + ATF_REQUIRE_MSG(sb.st_ino != 0, "socket has inode number 0"); + + memset(buf, 0, sizeof(buf)); + ATF_REQUIRE_ERRNO(EBADF, write(pathfd, buf, sizeof(buf))); + ATF_REQUIRE_ERRNO(EBADF, read(pathfd, buf, sizeof(buf))); + + /* kevent() is disallowed with sockets. */ + kq = kqueue(); + ATF_REQUIRE_MSG(kq >= 0, FMT_ERR("kqueue")); + EV_SET(&ev, pathfd, EVFILT_READ, EV_ADD | EV_ENABLE, 0, 0, 0); + ATF_REQUIRE_ERRNO(EBADF, kevent(kq, &ev, 1, NULL, 0, NULL) == -1); + + /* Should not be able to open a socket without O_PATH. */ + ATF_REQUIRE_ERRNO(EOPNOTSUPP, openat(pathfd, "", O_EMPTY_PATH) == -1); + + ATF_REQUIRE_MSG(funlinkat(AT_FDCWD, path, pathfd, 0) == 0, + FMT_ERR("funlinkat")); CHECKED_CLOSE(sd); + CHECKED_CLOSE(pathfd); } ATF_TP_ADD_TCS(tp)