From nobody Sun Jan 16 15:41:13 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0817C195DADA; Sun, 16 Jan 2022 15:41:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JcK5561BNz3R9t; Sun, 16 Jan 2022 15:41:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642347673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B62k/dLPxv8pGRDvo29w9gc8FIJX3cegsqWagD3GWNA=; b=rjRim9A9pbQEzB5l+Zzirr8uWy7m0b3rIm0B1jiEur7ER/+nP/GkiiMgqHKzW3MCdOsrWx 5fnnxzqInFsHI3xPKDyNs3aIPDc6NyMJE6/NB4GdXuXoq+lldlNWKIkgYdqhR3xuDMHrQz MIzEyrnt2P1Is/9xbYi1S0QxB5zAID+HGrsfna1Rkc1MJkiCGtj7EPuDfLCKA/gk9zR2XC YphFjE0Wt3v0FuEOc+ijc87eh53xuZYf1gQgm8AoAR2kw5Po0g/txi4w2rnW3N7l6O1YsU kdn8RObVmbCn4HFeYr1i6iuuHVgcjcWL4nyHFC8PeT4CVyjjM7YlW//pRT1hIQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id ABDC01C77A; Sun, 16 Jan 2022 15:41:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20GFfDeQ038386; Sun, 16 Jan 2022 15:41:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20GFfDD0038373; Sun, 16 Jan 2022 15:41:13 GMT (envelope-from git) Date: Sun, 16 Jan 2022 15:41:13 GMT Message-Id: <202201161541.20GFfDD0038373@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: af30714ff433 - stable/13 - fd: Avoid truncating output buffers for KERN_PROC_{CWD,FILEDESC} List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: af30714ff433bad84b9d5e72740991fee7cb1414 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642347673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B62k/dLPxv8pGRDvo29w9gc8FIJX3cegsqWagD3GWNA=; b=a0pMpKW3MeCn1OCHTGrm21Tdk+BQfQAK/nAOlDqOfl/iTFtrv+/RxBLFxgyMsJUKfT9+DA qx0qVWSN/0yKZ/ZKl8IT67SKoIgP8pcntlTmPgL7wvMwp2uKJAmJlk3J4FpXW6J1GTnKoP IW1tDfKeqJy+jOBqOqcPS8Kykj80/dCnYk0NaS5Ef9BnOD/LIgz7aXkG8tKPlRSoL+Pp1D kqCYWN7oI28Uhp4hlKjMEg25jaqQ0/tEPpsoWyid6dTTWrgU8fwrwh+Egtlo0dN0HyU8AR qNhOjcxm7nVz32C5ENb57WSwz6Mbx0En1Cp8gDonWRO5R2sMG7HeCuAR5MPj5A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1642347673; a=rsa-sha256; cv=none; b=YuNSTRs3pz9cwh5MqcqdkBoMTyV6GUpp3DdTiofI2D9qi7wA4lyxoEAt+E42VbUYHu3XSg yzFItjgaEuDYqysg4sTPn8ixtSF3dUiG+veMlExJhXXcfJ1xwPpyxhaTDTFLg9JQ9bAUh5 /FDke+iUfQ3HHJVxUT+hi5L5jsEonvA3GTk7j/oGa9Hdtkfv+5Rh3s6Vw7tKkDVp/c5iIR +D/FiPrwIi3ugveTLTVRoVfpATqPptgsEbipRua1wUfwhGv1n1ga+e+Z3XPpbzjL/Yg4l5 UHHpmgmHzCOETYG7ongqwTDLPoprdyo44wy25vHGyu2IvolXmQSUhbXSEV5J8w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=af30714ff433bad84b9d5e72740991fee7cb1414 commit af30714ff433bad84b9d5e72740991fee7cb1414 Author: Mark Johnston AuthorDate: 2021-12-16 21:07:04 +0000 Commit: Mark Johnston CommitDate: 2022-01-16 15:40:25 +0000 fd: Avoid truncating output buffers for KERN_PROC_{CWD,FILEDESC} These sysctls failed to return an error if the caller had provided too short an output buffer. Change them to return ENOMEM instead, to ensure that callers can detect truncation in the face of a concurrently changing fd table. PR: 228432 Discussed with: cem, jhb (cherry picked from commit 36bd49ac4db8c62a3b354094646cbd8547ad2c51) --- sys/kern/kern_descrip.c | 54 ++++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 25 deletions(-) diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 651a992b0e02..f3dd675d806a 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -4378,14 +4378,13 @@ export_kinfo_to_sb(struct export_fd_buf *efbuf) kif = &efbuf->kif; if (efbuf->remainder != -1) { - if (efbuf->remainder < kif->kf_structsize) { - /* Terminate export. */ - efbuf->remainder = 0; - return (0); - } + if (efbuf->remainder < kif->kf_structsize) + return (ENOMEM); efbuf->remainder -= kif->kf_structsize; } - return (sbuf_bcat(efbuf->sb, kif, kif->kf_structsize) == 0 ? 0 : ENOMEM); + if (sbuf_bcat(efbuf->sb, kif, kif->kf_structsize) != 0) + return (sbuf_error(efbuf->sb)); + return (0); } static int @@ -4395,7 +4394,7 @@ export_file_to_sb(struct file *fp, int fd, cap_rights_t *rightsp, int error; if (efbuf->remainder == 0) - return (0); + return (ENOMEM); export_file_to_kinfo(fp, fd, rightsp, &efbuf->kif, efbuf->fdp, efbuf->flags); FILEDESC_SUNLOCK(efbuf->fdp); @@ -4411,7 +4410,7 @@ export_vnode_to_sb(struct vnode *vp, int fd, int fflags, int error; if (efbuf->remainder == 0) - return (0); + return (ENOMEM); if (efbuf->pdp != NULL) PWDDESC_XUNLOCK(efbuf->pdp); export_vnode_to_kinfo(vp, fd, fflags, &efbuf->kif, efbuf->flags); @@ -4457,22 +4456,25 @@ kern_proc_filedesc_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, fdp = fdhold(p); pdp = pdhold(p); PROC_UNLOCK(p); + efbuf = malloc(sizeof(*efbuf), M_TEMP, M_WAITOK); efbuf->fdp = NULL; efbuf->pdp = NULL; efbuf->sb = sb; efbuf->remainder = maxlen; efbuf->flags = flags; + + error = 0; if (tracevp != NULL) - export_vnode_to_sb(tracevp, KF_FD_TYPE_TRACE, FREAD | FWRITE, + error = export_vnode_to_sb(tracevp, KF_FD_TYPE_TRACE, + FREAD | FWRITE, efbuf); + if (error == 0 && textvp != NULL) + error = export_vnode_to_sb(textvp, KF_FD_TYPE_TEXT, FREAD, efbuf); - if (textvp != NULL) - export_vnode_to_sb(textvp, KF_FD_TYPE_TEXT, FREAD, efbuf); - if (cttyvp != NULL) - export_vnode_to_sb(cttyvp, KF_FD_TYPE_CTTY, FREAD | FWRITE, - efbuf); - error = 0; - if (pdp == NULL || fdp == NULL) + if (error == 0 && cttyvp != NULL) + error = export_vnode_to_sb(cttyvp, KF_FD_TYPE_CTTY, + FREAD | FWRITE, efbuf); + if (error != 0 || pdp == NULL || fdp == NULL) goto fail; efbuf->fdp = fdp; efbuf->pdp = pdp; @@ -4482,23 +4484,25 @@ kern_proc_filedesc_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, /* working directory */ if (pwd->pwd_cdir != NULL) { vrefact(pwd->pwd_cdir); - export_vnode_to_sb(pwd->pwd_cdir, KF_FD_TYPE_CWD, - FREAD, efbuf); + error = export_vnode_to_sb(pwd->pwd_cdir, + KF_FD_TYPE_CWD, FREAD, efbuf); } /* root directory */ - if (pwd->pwd_rdir != NULL) { + if (error == 0 && pwd->pwd_rdir != NULL) { vrefact(pwd->pwd_rdir); - export_vnode_to_sb(pwd->pwd_rdir, KF_FD_TYPE_ROOT, - FREAD, efbuf); + error = export_vnode_to_sb(pwd->pwd_rdir, + KF_FD_TYPE_ROOT, FREAD, efbuf); } /* jail directory */ - if (pwd->pwd_jdir != NULL) { + if (error == 0 && pwd->pwd_jdir != NULL) { vrefact(pwd->pwd_jdir); - export_vnode_to_sb(pwd->pwd_jdir, KF_FD_TYPE_JAIL, - FREAD, efbuf); + error = export_vnode_to_sb(pwd->pwd_jdir, + KF_FD_TYPE_JAIL, FREAD, efbuf); } } PWDDESC_XUNLOCK(pdp); + if (error != 0) + goto fail; if (pwd != NULL) pwd_drop(pwd); FILEDESC_SLOCK(fdp); @@ -4518,7 +4522,7 @@ kern_proc_filedesc_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, * loop continues. */ error = export_file_to_sb(fp, i, &rights, efbuf); - if (error != 0 || efbuf->remainder == 0) + if (error != 0) break; } FILEDESC_SUNLOCK(fdp);