From nobody Tue Jul 23 13:19:30 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WSyRQ5p8fz5Rx2x;
	Tue, 23 Jul 2024 13:19:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4WSyRQ5DJ9z4Hn7;
	Tue, 23 Jul 2024 13:19:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1721740770;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=e/+TZaJU35mPQRzh1iPZ5VX43sYad8+f3tlzgV4jFTQ=;
	b=kAoKrx9xl/ta8RVD5vDuWAOT/n0oYQU++nHYK4FR3WgqAdT5YJDVpp925/HR4oLr6v5XNT
	aaj5/pU95k/SqjuYVyk+kokTy7uT1IjVNHzI0IhTiK5uF5VKy3Bc/osG1BDY4Z/UPlkDC3
	9WhkQuKBlaQmV3vachgKAoSOa52STlI4MbsHqX55WAjPO6F6Qnx4JOJT81b6PxTGZcg/MZ
	0R2/S8GCmv5jPbxUrB5jxRTQ2hNZOzSrVjs+2U/Ru/NX98OYIfOyjb25rgW2+LdCZFcWsY
	2RPNaM9/bA9gYaTneY5G8+3neJdYTVsBYJfgO+6RDsrauIKAym5ARjsrYhyQFQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1721740770; a=rsa-sha256; cv=none;
	b=VtdMTXkqLidpO5tSS2jWZoSRuEqsqAOxeSAJkOKBKGtJ1tOR0ndJKy54NubjXEXp3b0SSB
	gdaf8Eh2JQ0sc2YkNe/9YgR85XbDxTPp33D+uQEIi/5uJbX4ofDeFRIPxiYIrD8IJUVzGC
	9jE/3q8EjWhPWQDnvvBulUxl2f/koHFBbj/W2epRvCmReTMQSrU9ApJiMCxmbgDbXG/5xx
	27itMhr26xIFpiIYTXys76S42V1cY05VrGweH9FxHmNUwO8TLGd2qy7Qk2zlLbhXJZynQY
	LEnaQV45TStcDTtEqxMb9tnlE3VoEqPwqoLj39g/6LBzTWCxnEYP45va3Sq13Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1721740770;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=e/+TZaJU35mPQRzh1iPZ5VX43sYad8+f3tlzgV4jFTQ=;
	b=H7siixc6RoMAyYpLBoW2BUwvQy0WnMHaTahwiGTb4dE1v72JqmlFvidah9+uX3a0sUnXcb
	Yw+VsbJqECIYyJqCHyi2GmburvFt5UEjV38GiAiO0UOKEfDtRZHSrtW773XYa+NIQ9dga4
	HE8IJxaVJnlxwD19ctrgDaAxi3GLKcxvlJOE9p079uDnlxkrrWm/fJAZxaHXhJ+7hXy/xC
	CK6QZhdA11rtJh0C77KDXcPdrVuw8sumEwo0HGYsNEeRPqQJYNAxI21Ncd4amhEEJjTfot
	jjBgBdTP0+NhzbWHKWudj6GenWsljzIZjAvpps3Baj2gvFcD7xcM7c9+7SGPpA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WSyRQ4kmkzVvK;
	Tue, 23 Jul 2024 13:19:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46NDJUu5004216;
	Tue, 23 Jul 2024 13:19:30 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46NDJUrB004213;
	Tue, 23 Jul 2024 13:19:30 GMT
	(envelope-from git)
Date: Tue, 23 Jul 2024 13:19:30 GMT
Message-Id: <202407231319.46NDJUrB004213@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 88c041e4870c - stable/14 - socket: Pass capsicum
  rights down to socket option handlers
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 88c041e4870c278fe7c326e8ac0880cb76586c29
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=88c041e4870c278fe7c326e8ac0880cb76586c29

commit 88c041e4870c278fe7c326e8ac0880cb76586c29
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-07-08 15:46:33 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-07-23 13:01:29 +0000

    socket: Pass capsicum rights down to socket option handlers
    
    One needs the CAP_GETSOCKOPT and CAP_SETSOCKOPT rights to call
    getsockopt(2) and setsockopt(2) on a socket descriptor, respectively.
    The syscall layer checks this, but individual socket option handlers
    have no access to the file descriptor and so can't check for additional
    rights, should the want to do so.  In particular, a forthcoming
    implementation of SO_SPLICE logically requires at least CAP_RECV and
    CAP_SEND rights.
    
    Modify the syscall layer to look up Capsicum rights on the descriptor
    and pass that along to socket option handlers; this way, the handlers
    can check for additional rights if they need to.
    
    Reviewed by:    gallatin, glebius
    MFC after:      2 weeks
    Sponsored by:   Klara, Inc.
    Sponsored by:   Stormshield
    Differential Revision:  https://reviews.freebsd.org/D45673
    
    (cherry picked from commit e2e771deeca7c10eaa46f380a9b64079468ec209)
---
 sys/kern/uipc_syscalls.c | 9 +++++++--
 sys/sys/sockopt.h        | 2 ++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 6c13740d8094..6121bde4c574 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1236,6 +1236,7 @@ kern_setsockopt(struct thread *td, int s, int level, int name, const void *val,
 {
 	struct socket *so;
 	struct file *fp;
+	struct filecaps fcaps;
 	struct sockopt sopt;
 	int error;
 
@@ -1261,8 +1262,10 @@ kern_setsockopt(struct thread *td, int s, int level, int name, const void *val,
 	}
 
 	AUDIT_ARG_FD(s);
-	error = getsock(td, s, &cap_setsockopt_rights, &fp);
+	error = getsock_cap(td, s, &cap_setsockopt_rights, &fp,
+	    &fcaps);
 	if (error == 0) {
+		sopt.sopt_rights = &fcaps.fc_rights;
 		so = fp->f_data;
 		error = sosetopt(so, &sopt);
 		fdrop(fp, td);
@@ -1300,6 +1303,7 @@ kern_getsockopt(struct thread *td, int s, int level, int name, void *val,
 {
 	struct socket *so;
 	struct file *fp;
+	struct filecaps fcaps;
 	struct sockopt sopt;
 	int error;
 
@@ -1325,8 +1329,9 @@ kern_getsockopt(struct thread *td, int s, int level, int name, void *val,
 	}
 
 	AUDIT_ARG_FD(s);
-	error = getsock(td, s, &cap_getsockopt_rights, &fp);
+	error = getsock_cap(td, s, &cap_getsockopt_rights, &fp, &fcaps);
 	if (error == 0) {
+		sopt.sopt_rights = &fcaps.fc_rights;
 		so = fp->f_data;
 		error = sogetopt(so, &sopt);
 		*valsize = sopt.sopt_valsize;
diff --git a/sys/sys/sockopt.h b/sys/sys/sockopt.h
index 11799dde4883..b139062cf492 100644
--- a/sys/sys/sockopt.h
+++ b/sys/sys/sockopt.h
@@ -37,6 +37,7 @@
 #error "no user-serviceable parts inside"
 #endif
 
+struct cap_rights;
 struct thread;
 struct socket;
 
@@ -52,6 +53,7 @@ struct	sockopt {
 	int	sopt_name;	/* third arg of [gs]etsockopt */
 	void   *sopt_val;	/* fourth arg of [gs]etsockopt */
 	size_t	sopt_valsize;	/* (almost) fifth arg of [gs]etsockopt */
+	struct cap_rights *sopt_rights; /* Capsicum rights attached to the fd */
 	struct	thread *sopt_td; /* calling thread or null if kernel */
 };