From nobody Mon Jul 08 16:10:56 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WHpy90qBKz5Q3N6;
	Mon, 08 Jul 2024 16:10:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4WHpy905rXz465s;
	Mon,  8 Jul 2024 16:10:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1720455057;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=g0hwIhPh9fnuUjHtw3TrNkfxJngD2NkdscYdlLbWjuY=;
	b=KF/AlcfV7WdHy37AOuE9oEcPY00hOW+0d9QKOrMmu1+f/B3jIz1xGCotBkLSJ45xU8dSW+
	KYo/Ln5b4wOzbq7aUX+mkKxJg7yfhy/End6tvYjgDOzPBSTGnWqCZdLko3MJLhWOEq6vey
	El3OF0TacAMKa5i8j8KOKNfUHGq+iQ+JrwLj9A7lupYWbuWBBjJvyKJtQ2kG/edrCOqowo
	a39DMUc1YQCME4bPOHBPJy5auKsAjL3yIgAijhB3dgoIlQQCz5g98QzFTnuySFFdpEWBnV
	5BrSPPPIo8kdgUTRB1MMukrdGEZkAxBDPu/Opv+8veVB1ZlaH/7f+dGUYrfNIg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1720455057; a=rsa-sha256; cv=none;
	b=Fg9bBFIo93aLODYRZsxNZMUafsmoZ4Oh3hO6Ht6poXA+je8/ZMzP2ZihVOBmabxZRxisi8
	Q/MpXtSh1bdRy49xseIP9aj6lzx1Wsoe6cjmC3uAT/Bzrra3I5ZGtzm9LdaHobg6o/7YA6
	LPe3UseAaM7wRTYgz7dCLjeerzpP27WCWeasCy6eswpkJlb+ylPXA/UTKXfTejCc3YIVeT
	2SW93H9id04Ts0M4Fad5zTAYdEOxGQ/EbncRvMCjlSBABrQ/TdgtH22aSUm6CRnQiWk2yi
	cijQQMTr9MvquDczNjDPC9oP7l8RtVWh8DIa+9hJQLxaLvx3zp4U2IyD83h42A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1720455057;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=g0hwIhPh9fnuUjHtw3TrNkfxJngD2NkdscYdlLbWjuY=;
	b=rbGil0c6Envz3Ex7lys3u8xpBh48sKWbInGZOLZ1+xbu5WD+feJrtmZa4Mnq8M7YvSZmgq
	9gymFxX2ghSvFEsfmpOpw/J2J4uywJ6T3rRBg5xqlcKzwalkD9I7xBVmKL5Hliak8PiD+X
	mmjspKypr1mxl2TczTAfMvLE2fRFJnPDQ+S/vkYKPVT+jsHfYRnQDnc1RlCGpbhIIyygBo
	pYp+3aE2N/B47BBB8L4fYMuG0jH8UNvf29M8//zjI/FxbSJ2SeDuo8giIerK7gZRc2f4bf
	jYFNuW30GYYb0wF3KztVY7/svt0v02pYaASpLRJCN1MrjsO9IO7h3YEBSdtrAQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WHpy86q4FzyCF;
	Mon,  8 Jul 2024 16:10:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 468GAuYm077248;
	Mon, 8 Jul 2024 16:10:56 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 468GAu49077245;
	Mon, 8 Jul 2024 16:10:56 GMT
	(envelope-from git)
Date: Mon, 8 Jul 2024 16:10:56 GMT
Message-Id: <202407081610.468GAu49077245@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: e2e771deeca7 - main - socket: Pass capsicum rights
  down to socket option handlers
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: e2e771deeca7c10eaa46f380a9b64079468ec209
Auto-Submitted: auto-generated

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=e2e771deeca7c10eaa46f380a9b64079468ec209

commit e2e771deeca7c10eaa46f380a9b64079468ec209
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-07-08 15:46:33 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-07-08 16:10:48 +0000

    socket: Pass capsicum rights down to socket option handlers
    
    One needs the CAP_GETSOCKOPT and CAP_SETSOCKOPT rights to call
    getsockopt(2) and setsockopt(2) on a socket descriptor, respectively.
    The syscall layer checks this, but individual socket option handlers
    have no access to the file descriptor and so can't check for additional
    rights, should the want to do so.  In particular, a forthcoming
    implementation of SO_SPLICE logically requires at least CAP_RECV and
    CAP_SEND rights.
    
    Modify the syscall layer to look up Capsicum rights on the descriptor
    and pass that along to socket option handlers; this way, the handlers
    can check for additional rights if they need to.
    
    Reviewed by:    gallatin, glebius
    MFC after:      2 weeks
    Sponsored by:   Klara, Inc.
    Sponsored by:   Stormshield
    Differential Revision:  https://reviews.freebsd.org/D45673
---
 sys/kern/uipc_syscalls.c | 9 +++++++--
 sys/sys/sockopt.h        | 2 ++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 318415245ab7..e0bb7ace92c6 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1220,6 +1220,7 @@ kern_setsockopt(struct thread *td, int s, int level, int name, const void *val,
 {
 	struct socket *so;
 	struct file *fp;
+	struct filecaps fcaps;
 	struct sockopt sopt;
 	int error;
 
@@ -1245,8 +1246,10 @@ kern_setsockopt(struct thread *td, int s, int level, int name, const void *val,
 	}
 
 	AUDIT_ARG_FD(s);
-	error = getsock(td, s, &cap_setsockopt_rights, &fp);
+	error = getsock_cap(td, s, &cap_setsockopt_rights, &fp,
+	    &fcaps);
 	if (error == 0) {
+		sopt.sopt_rights = &fcaps.fc_rights;
 		so = fp->f_data;
 		error = sosetopt(so, &sopt);
 		fdrop(fp, td);
@@ -1284,6 +1287,7 @@ kern_getsockopt(struct thread *td, int s, int level, int name, void *val,
 {
 	struct socket *so;
 	struct file *fp;
+	struct filecaps fcaps;
 	struct sockopt sopt;
 	int error;
 
@@ -1309,8 +1313,9 @@ kern_getsockopt(struct thread *td, int s, int level, int name, void *val,
 	}
 
 	AUDIT_ARG_FD(s);
-	error = getsock(td, s, &cap_getsockopt_rights, &fp);
+	error = getsock_cap(td, s, &cap_getsockopt_rights, &fp, &fcaps);
 	if (error == 0) {
+		sopt.sopt_rights = &fcaps.fc_rights;
 		so = fp->f_data;
 		error = sogetopt(so, &sopt);
 		*valsize = sopt.sopt_valsize;
diff --git a/sys/sys/sockopt.h b/sys/sys/sockopt.h
index 0b3d0d5ed08c..6cc8875a2665 100644
--- a/sys/sys/sockopt.h
+++ b/sys/sys/sockopt.h
@@ -35,6 +35,7 @@
 #error "no user-serviceable parts inside"
 #endif
 
+struct cap_rights;
 struct thread;
 struct socket;
 
@@ -50,6 +51,7 @@ struct	sockopt {
 	int	sopt_name;	/* third arg of [gs]etsockopt */
 	void   *sopt_val;	/* fourth arg of [gs]etsockopt */
 	size_t	sopt_valsize;	/* (almost) fifth arg of [gs]etsockopt */
+	struct cap_rights *sopt_rights; /* Capsicum rights attached to the fd */
 	struct	thread *sopt_td; /* calling thread or null if kernel */
 };