From nobody Fri Apr 22 15:25:04 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B3BCD19997D6; Fri, 22 Apr 2022 15:25:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KlJB91vlmz4SDD; Fri, 22 Apr 2022 15:25:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650641105; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y5YPXRWzxHW7I2xeww7WrcTVpW2rbttnbGJtlxNI8xg=; b=R6VYhm4bpjSrXje9QrB7TtHfLwfYI5HKEtcIaiP7pCvNaXclak8CN8eLT4m8rZp3WSZCk0 S1rApcs5+zBMI60rXMjKB6m5wGFAdWHIRlHUqTzNTdKB3IfXIBul0qgFMYTs3TjUQ7dtcp 31JkOQA29Jqvm/4FbaVYb8lCPRXa/1fCNhlZP/ptv1x/204+HDMNNh9QqsVCbTGjX4etKV QRoPNt37IydiOiQwxywuV4R4CnsMdCTH4pa6ffnePVw4lmDDH7zdMTwQDG/qrQI/I8+nsL XUfmPaa3bcl/AcYtDaw5Y2yNt/meluxWIz6Zv++GM2HdbySyt6OS2PCOHelNxQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CB3B51FD53; Fri, 22 Apr 2022 15:25:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23MFP4fs082017; Fri, 22 Apr 2022 15:25:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23MFP4IL082016; Fri, 22 Apr 2022 15:25:04 GMT (envelope-from git) Date: Fri, 22 Apr 2022 15:25:04 GMT Message-Id: <202204221525.23MFP4IL082016@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 91d3f40d93e3 - stable/13 - libsysdecode: Fix decoding of Capsicum rights List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 91d3f40d93e3cda1a04eb0b36158a74c67c62e37 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650641105; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y5YPXRWzxHW7I2xeww7WrcTVpW2rbttnbGJtlxNI8xg=; b=Z+nngwjVebvfs5d+JWTkRe3nbD28RVj5L63BhYTzz/F3wzwR4Ok/mz9wevUM/cABNYvBKR KIoyNj13HbOeJVQxigQpfd6QbpWIz8/GBCYI8cQxPhY5fhCRHcFEFGuvRQXXu9k20jjQMV QXwQkh8FI5MnXjrGmGhDzJDp7HYzHxRB4kGFh9phIPxuLssrQG1oAhzuJZp8mLIbdoVvAz 5nUO80jZShzNIGCu8MF/w5+1E84wdP8iuvoZv+4eNaD/DhMm76Ni8vXOf17GLV18Y+UvSN MyybUPr0V7+bEy0vWWq7+aUXSCnMqs38swJRqeSy90xe6yx7v/zDvYcQM84j+g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1650641105; a=rsa-sha256; cv=none; b=lQd5bSKW16MELRs6XhTn7SpMpsdzq+hhKPNFkfvP0O6SCV9XK21XmsBh8+ktolSru1w2Kd kdxiK8+xfjxbSl+A7yy9iYBumEHQvHdlaNotc+qGOaIh59YU5phX4t3xJpBu6o39b2GHjn jP+WglPgw+COwXFlGqxp8rFhfMjGRMd3fvgQ4YwG+714NlzSrMhyIMKfDZ83RwR++rJb4G QaR9pvYcybq4GdJ8ie192JbSeO1C13nA1OpZEANyzFhx/WTOmt+PrIiWnrW7rG/g69rtw6 DqOS3pIfFriBQkA4cWSjxby6hdD45Ey8VwUHTiFQm9FW7CZM1VA19EY43BzGYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=91d3f40d93e3cda1a04eb0b36158a74c67c62e37 commit 91d3f40d93e3cda1a04eb0b36158a74c67c62e37 Author: Mark Johnston AuthorDate: 2022-04-13 14:47:08 +0000 Commit: Mark Johnston CommitDate: 2022-04-22 14:36:22 +0000 libsysdecode: Fix decoding of Capsicum rights Capsicum rights are a bit tricky since some of them are subsets of others, and one can have rights R1 and R2 such that R1 is a subset of R2, but there is no collection of named rights whose union is R2. So, they don't behave like most other flag sets. sysdecode_cap_rights(3) does not handle this properly and so can emit misleading decodings. Try to fix all of these problems: - Include composite rights in the caprights table. - Use a constructor to sort the caprights table such that "larger" rights appear first and thus are matched first. - Don't print rights that are a subset of rights already printed, so as to minimize the length of the output. - Print a trailing message if some of the specific rights are not matched by the table. PR: 263165 Reviewed by: pauamma_gundo.com (doc), jhb, emaste Sponsored by: The FreeBSD Foundation (cherry picked from commit 869199d9922c7dee92c1c24f95b90f1d1319433e) --- lib/libsysdecode/flags.c | 53 +++++++++++++++++++++++++++++++-- lib/libsysdecode/mktables | 2 +- lib/libsysdecode/sysdecode_cap_rights.3 | 23 +++++++++++++- 3 files changed, 73 insertions(+), 5 deletions(-) diff --git a/lib/libsysdecode/flags.c b/lib/libsysdecode/flags.c index 35bce1ff77f9..f02c8dd8b339 100644 --- a/lib/libsysdecode/flags.c +++ b/lib/libsysdecode/flags.c @@ -1171,7 +1171,8 @@ sysdecode_umtx_rwlock_flags(FILE *fp, u_long flags, u_long *rem) void sysdecode_cap_rights(FILE *fp, cap_rights_t *rightsp) { - struct name_table *t; + cap_rights_t diff, sum, zero; + const struct name_table *t; int i; bool comma; @@ -1181,13 +1182,59 @@ sysdecode_cap_rights(FILE *fp, cap_rights_t *rightsp) return; } } - comma = false; - for (t = caprights; t->str != NULL; t++) { + cap_rights_init(&sum); + diff = *rightsp; + for (t = caprights, comma = false; t->str != NULL; t++) { if (cap_rights_is_set(rightsp, t->val)) { + cap_rights_clear(&diff, t->val); + if (cap_rights_is_set(&sum, t->val)) { + /* Don't print redundant rights. */ + continue; + } + cap_rights_set(&sum, t->val); + fprintf(fp, "%s%s", comma ? "," : "", t->str); comma = true; } } + if (!comma) + fprintf(fp, "CAP_NONE"); + + /* + * Provide a breadcrumb if some of the provided rights are not included + * in the table, likely due to a bug in the mktables script. + */ + CAP_NONE(&zero); + if (!cap_rights_contains(&zero, &diff)) + fprintf(fp, ",unknown rights"); +} + +/* + * Pre-sort the set of rights, which has a partial ordering defined by the + * subset relation. This lets sysdecode_cap_rights() print a list of minimal + * length with a single pass over the "caprights" table. + */ +static void __attribute__((constructor)) +sysdecode_cap_rights_init(void) +{ + cap_rights_t tr, qr; + struct name_table *t, *q, tmp; + bool swapped; + + do { + for (t = caprights, swapped = false; t->str != NULL; t++) { + cap_rights_init(&tr, t->val); + for (q = t + 1; q->str != NULL; q++) { + cap_rights_init(&qr, q->val); + if (cap_rights_contains(&qr, &tr)) { + tmp = *t; + *t = *q; + *q = tmp; + swapped = true; + } + } + } + } while (swapped); } static struct name_table cmsgtypeip[] = { diff --git a/lib/libsysdecode/mktables b/lib/libsysdecode/mktables index c9c6830b04aa..5003be201fbd 100644 --- a/lib/libsysdecode/mktables +++ b/lib/libsysdecode/mktables @@ -159,7 +159,7 @@ gen_table "msgflags" "MSG_[A-Z_]+[[:space:]]+0x[0-9]+" "sys/ gen_table "sigcode" "SI_[A-Z]+[[:space:]]+0(x[0-9abcdef]+)?" "sys/signal.h" gen_table "umtxcvwaitflags" "CVWAIT_[A-Z_]+[[:space:]]+0x[0-9]+" "sys/umtx.h" gen_table "umtxrwlockflags" "URWLOCK_PREFER_READER[[:space:]]+0x[0-9]+" "sys/umtx.h" -gen_table "caprights" "CAP_[A-Z_]+[[:space:]]+CAPRIGHT\([0-9],[[:space:]]+0x[0-9]{16}ULL\)" "sys/capsicum.h" +gen_table "caprights" "CAP_[A-Z_]+[[:space:]]+((CAPRIGHT\([0-9],[[:space:]]+0x[0-9]{16}ULL\))|(\(CAP_[A-Z_]+[[:space:]]*\|.*\)))" "sys/capsicum.h" gen_table "sctpprpolicy" "SCTP_PR_SCTP_[A-Z_]+[[:space:]]+0x[0-9]+" "netinet/sctp_uio.h" "SCTP_PR_SCTP_ALL" gen_table "cmsgtypesocket" "SCM_[A-Z_]+[[:space:]]+0x[0-9]+" "sys/socket.h" if [ -e "${include_dir}/x86/sysarch.h" ]; then diff --git a/lib/libsysdecode/sysdecode_cap_rights.3 b/lib/libsysdecode/sysdecode_cap_rights.3 index 674e12ad3a01..e165e3d43938 100644 --- a/lib/libsysdecode/sysdecode_cap_rights.3 +++ b/lib/libsysdecode/sysdecode_cap_rights.3 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 24, 2017 +.Dd April 11, 2022 .Dt sysdecode_cap_rights 3 .Os .Sh NAME @@ -46,5 +46,26 @@ function outputs a comma-separated list of capability rights at .Fa rightsp to the stream .Fa fp . +.Pp +Note that some capability rights are supersets of others; for example, +.Dv CAP_PREAD +is the union of +.Dv CAP_READ +and +.Dv CAP_SEEK . +.Fn sysdecode_cap_rights +emits a minimal list of rights whose union is equal to +.Fa *rightsp . +For example, if both +.Dv CAP_READ +and +.Dv CAP_SEEK +are set in +.Fa *rightsp , +then +.Fn sysdecode_cap_rights +will include only +.Dv CAP_PREAD +in the output list. .Sh SEE ALSO .Xr sysdecode 3