svn commit: r354047 - in stable: 11/sys/kern 12/sys/kern

John Baldwin jhb at FreeBSD.org
Thu Oct 24 20:48:31 UTC 2019 

Author: jhb
Date: Thu Oct 24 20:48:30 2019
New Revision: 354047
URL: https://svnweb.freebsd.org/changeset/base/354047

Log:
  MFC 350549: Set ISOPEN in namei flags when opening executable interpreters.
  
  These vnodes are explicitly opened via VOP_OPEN via
  exec_check_permissions identical to the main exectuable image.
  Setting ISOPEN allows filesystems to perform suitable checks in
  VOP_LOOKUP (e.g. close-to-open consistency in the NFS client).

Modified:
  stable/12/sys/kern/imgact_elf.c
  stable/12/sys/kern/kern_exec.c
Directory Properties:
  stable/12/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/11/sys/kern/imgact_elf.c
  stable/11/sys/kern/kern_exec.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/12/sys/kern/imgact_elf.c
==============================================================================
--- stable/12/sys/kern/imgact_elf.c	Thu Oct 24 20:22:52 2019	(r354046)
+++ stable/12/sys/kern/imgact_elf.c	Thu Oct 24 20:48:30 2019	(r354047)
@@ -767,8 +767,8 @@ __elfN(load_file)(struct proc *p, const char *file, u_
 	imgp->proc = p;
 	imgp->attr = attr;
 
-	NDINIT(nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF, UIO_SYSSPACE, file,
-	    curthread);
+	NDINIT(nd, LOOKUP, ISOPEN | FOLLOW | LOCKSHARED | LOCKLEAF,
+	    UIO_SYSSPACE, file, curthread);
 	if ((error = namei(nd)) != 0) {
 		nd->ni_vp = NULL;
 		goto fail;

Modified: stable/12/sys/kern/kern_exec.c
==============================================================================
--- stable/12/sys/kern/kern_exec.c	Thu Oct 24 20:22:52 2019	(r354046)
+++ stable/12/sys/kern/kern_exec.c	Thu Oct 24 20:48:30 2019	(r354047)
@@ -643,7 +643,7 @@ interpret:
 		free(imgp->freepath, M_TEMP);
 		imgp->freepath = NULL;
 		/* set new name to that of the interpreter */
-		NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
+		NDINIT(&nd, LOOKUP, ISOPEN | LOCKLEAF | FOLLOW | SAVENAME,
 		    UIO_SYSSPACE, imgp->interpreter_name, td);
 		args->fname = imgp->interpreter_name;
 		goto interpret;

More information about the svn-src-all mailing list