From nobody Mon Sep 26 13:46:19 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MbkYm08vqz4Wc1B; Mon, 26 Sep 2022 13:46:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MbkYl6qFyz3ryn; Mon, 26 Sep 2022 13:46:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664199980; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/RZ2r1g0iCEU/gRToIpmKc/pW8a8k/z0bjXix6vdbwg=; b=YJISySddBcTlaD1H4A/avCxpPjakBUw4SZsj5X+3Fwn1o6NsigGNyTmc01WWztg0JC4c9R c17GQK8Qdb19hgMfBwp5e0n91QZy/OIhA/VQtEsLJUlTA/XF4wspXMiscMLrrdr5kkmXE9 XxfOmIzsxAoEaVD+DxLrz0NxAlvXCA3q9o4POqNcDDhnyZUEFkT4OWWH2y592QdjGSz+PU zes3AowBiQwTlld4uudg126/tagZUpRccl0PMdYIY+ZXbHxkAvwA4AH/0pw7+g/4aSJwe/ q9Mzsar/qmXxgZT7Q8HRMKG9OV1oPlnYTygG4YSgF29qHw9yg3MOaWAdj6sQRw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MbkYl5mFqznCD; Mon, 26 Sep 2022 13:46:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 28QDkJ6A009149; Mon, 26 Sep 2022 13:46:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 28QDkJhj009148; Mon, 26 Sep 2022 13:46:19 GMT (envelope-from git) Date: Mon, 26 Sep 2022 13:46:19 GMT Message-Id: <202209261346.28QDkJhj009148@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Alexander V. Chernikov" Subject: git: f375bf0e6f0b - main - netinet: pass cred instead of the curthread to ifaddr manipulation funcs. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: melifaro X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f375bf0e6f0bc6bce3e5b3c6adabc465be2665d0 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664199980; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/RZ2r1g0iCEU/gRToIpmKc/pW8a8k/z0bjXix6vdbwg=; b=U+HqT+ZkFm4I2eTaleI4K15Rzceg8mbfdbIM+17OefQCCW9hiys4Sv9v2VobhNFDpnXS5I l1g54043aoNzL5lQHurwewLvMhXB1+JCDFvOcnuDBgTqf9b+7x4wE89H6RqXmse9WFizjw gncki9iLYj0SgoV8qFS6re8PEDdvF7Zi36GbNLsp/x87MlPzEj/s7dU0+KUrj3V9AAVQMq nL5QKOLWFtDtOS6riNiRtmlxyej8YxEdKbZqXqsgMsDTu1R0ESb58j/7V9uZNkfPk8sCsx RIl9fhiywUy/EgtdHCWTSig1D9zpsj6dlMTHoze3FgKfqrMhtUzr4K2+HEFHHA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1664199980; a=rsa-sha256; cv=none; b=wZRW7WpDFL+IX/6SzGFVBEGKpAavSQTU2ENlldqIa+ejUkali1USN3MpizKLsSR2GHdV6D arslR43EtQx89LjoTWDlo9x9dYrLMchd05DCX6vfY8ZADwkSSjPMBC1vyNQlRZNLdF6GiR vkew3hYOYgvETj7MhFZvYalcRqRqXqvGXEH14HFCiL7t54OYDWH3lJku4mboy2Sio8WMiD MHvXV32ihSCqFwv4toGFEuJfu+G+8HshQAexoVxPf062pu4uxfPd4DUp8cHogN//nYDZOf 7gT5B/n176weSDCNRPwyE+kgOihEYuMy3495l6R0/pLZpPF9qpt87b5cmiAXBw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by melifaro: URL: https://cgit.FreeBSD.org/src/commit/?id=f375bf0e6f0bc6bce3e5b3c6adabc465be2665d0 commit f375bf0e6f0bc6bce3e5b3c6adabc465be2665d0 Author: Alexander V. Chernikov AuthorDate: 2022-09-26 12:07:18 +0000 Commit: Alexander V. Chernikov CommitDate: 2022-09-26 13:46:13 +0000 netinet: pass cred instead of the curthread to ifaddr manipulation funcs. Pass the credentials directly to the functions, so non-ioctl kernel users can also performan address manipulations. MFC after: 2 weeks --- sys/netinet/in.c | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 790740456160..7f88a897ff44 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -76,9 +76,9 @@ __FBSDID("$FreeBSD$"); #include #include -static int in_aifaddr_ioctl(u_long, caddr_t, struct ifnet *, struct thread *); -static int in_difaddr_ioctl(u_long, caddr_t, struct ifnet *, struct thread *); -static int in_gifaddr_ioctl(u_long, caddr_t, struct ifnet *, struct thread *); +static int in_aifaddr_ioctl(u_long, caddr_t, struct ifnet *, struct ucred *); +static int in_difaddr_ioctl(u_long, caddr_t, struct ifnet *, struct ucred *); +static int in_gifaddr_ioctl(u_long, caddr_t, struct ifnet *, struct ucred *); static void in_socktrim(struct sockaddr_in *); static void in_purgemaddrs(struct ifnet *); @@ -337,6 +337,8 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, if (ifp == NULL) return (EADDRNOTAVAIL); + struct ucred *cred = (td != NULL) ? td->td_ucred : NULL; + /* * Filter out 4 ioctls we implement directly. Forward the rest * to specific functions and ifp->if_ioctl(). @@ -349,18 +351,18 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, break; case SIOCGIFALIAS: sx_xlock(&in_control_sx); - error = in_gifaddr_ioctl(cmd, data, ifp, td); + error = in_gifaddr_ioctl(cmd, data, ifp, cred); sx_xunlock(&in_control_sx); return (error); case SIOCDIFADDR: sx_xlock(&in_control_sx); - error = in_difaddr_ioctl(cmd, data, ifp, td); + error = in_difaddr_ioctl(cmd, data, ifp, cred); sx_xunlock(&in_control_sx); return (error); case OSIOCAIFADDR: /* 9.x compat */ case SIOCAIFADDR: sx_xlock(&in_control_sx); - error = in_aifaddr_ioctl(cmd, data, ifp, td); + error = in_aifaddr_ioctl(cmd, data, ifp, cred); sx_xunlock(&in_control_sx); return (error); case SIOCSIFADDR: @@ -376,7 +378,7 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, } if (addr->sin_addr.s_addr != INADDR_ANY && - prison_check_ip4(td->td_ucred, &addr->sin_addr) != 0) + prison_check_ip4(cred, &addr->sin_addr) != 0) return (EADDRNOTAVAIL); /* @@ -396,7 +398,7 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) if (ifa->ifa_addr->sa_family == AF_INET) { ia = (struct in_ifaddr *)ifa; - if (prison_check_ip4(td->td_ucred, + if (prison_check_ip4(cred, &ia->ia_addr.sin_addr) == 0) break; } @@ -439,7 +441,7 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, } static int -in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) +in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred) { const struct in_aliasreq *ifra = (struct in_aliasreq *)data; const struct sockaddr_in *addr = &ifra->ifra_addr; @@ -453,7 +455,7 @@ in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) bool iaIsFirst; int error = 0; - error = priv_check(td, PRIV_NET_ADDIFADDR); + error = priv_check_cred(cred, PRIV_NET_ADDIFADDR); if (error) return (error); @@ -493,7 +495,7 @@ in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) it = (struct in_ifaddr *)ifa; if (it->ia_addr.sin_addr.s_addr == addr->sin_addr.s_addr && - prison_check_ip4(td->td_ucred, &addr->sin_addr) == 0) + prison_check_ip4(cred, &addr->sin_addr) == 0) ia = it; else iaIsFirst = false; @@ -501,7 +503,7 @@ in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) NET_EPOCH_EXIT(et); if (ia != NULL) - (void )in_difaddr_ioctl(cmd, data, ifp, td); + (void )in_difaddr_ioctl(cmd, data, ifp, cred); ifa = ifa_alloc(sizeof(struct in_ifaddr), M_WAITOK); ia = (struct in_ifaddr *)ifa; @@ -654,7 +656,7 @@ fail1: } static int -in_difaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) +in_difaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred) { const struct ifreq *ifr = (struct ifreq *)data; const struct sockaddr_in *addr = (const struct sockaddr_in *) @@ -664,8 +666,8 @@ in_difaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) bool deleteAny, iaIsLast; int error; - if (td != NULL) { - error = priv_check(td, PRIV_NET_DELIFADDR); + if (cred != NULL) { + error = priv_check_cred(cred, PRIV_NET_DELIFADDR); if (error) return (error); } @@ -686,12 +688,12 @@ in_difaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) continue; it = (struct in_ifaddr *)ifa; - if (deleteAny && ia == NULL && (td == NULL || - prison_check_ip4(td->td_ucred, &it->ia_addr.sin_addr) == 0)) + if (deleteAny && ia == NULL && (cred == NULL || + prison_check_ip4(cred, &it->ia_addr.sin_addr) == 0)) ia = it; if (it->ia_addr.sin_addr.s_addr == addr->sin_addr.s_addr && - (td == NULL || prison_check_ip4(td->td_ucred, + (cred == NULL || prison_check_ip4(cred, &addr->sin_addr) == 0)) ia = it; @@ -757,7 +759,7 @@ in_difaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) } static int -in_gifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) +in_gifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred) { struct in_aliasreq *ifra = (struct in_aliasreq *)data; const struct sockaddr_in *addr = &ifra->ifra_addr; @@ -785,7 +787,7 @@ in_gifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) it = (struct in_ifaddr *)ifa; if (it->ia_addr.sin_addr.s_addr == addr->sin_addr.s_addr && - prison_check_ip4(td->td_ucred, &addr->sin_addr) == 0) { + prison_check_ip4(cred, &addr->sin_addr) == 0) { ia = it; break; }