svn commit: r306174 - in head/sys: compat/cloudabi compat/linux kern netinet sys
Mariusz Zaborski
oshogbo at freebsd.org
Thu Sep 22 22:34:45 UTC 2016
Thanks, I was able to reproduce that :)
I attached the patch. Could you please confirm that it fix the problem?
Thank you and sorry for inconveniences,
Mariusz
On 22 September 2016 at 18:11, Ruslan Bukin <ruslan.bukin at cl.cam.ac.uk> wrote:
> I have just tested this with MIPS64EL and the result is the same.
> So you can try both EL or EB
>
> e.g. make -j16 TARGET=mips TARGET_ARCH=mips64el KERNCONF=MALTA64 buildkernel
>
> Ruslan
>
> On Thu, Sep 22, 2016 at 03:21:53PM +0000, Ruslan Bukin wrote:
>> Hi
>>
>> It reports nothing. Yes I use qemu:
>> /home/rb743/dev/qemu/qemu/build1/mips64-softmmu/qemu-system-mips64 -M malta -kernel ~/obj/mips.mips64/home/rb743/dev/freebsd-mips/sys/MALTA64/kernel -hda /home/rb743/world-mips64eb/mips64eb.img -nographic -smp 1 -cpu 5kf -net nic -net user -m 2048M -redir tcp:4022::22
>>
>> Ruslan
>>
>> On Thu, Sep 22, 2016 at 05:11:07PM +0200, Mariusz Zaborski wrote:
>> > I tested it on the mips for Malta kernel and it's works fine. I will
>> > try to do it on mips64, are you using qemu to test it?
>> > What is ctrl + t reporting you?
>> >
>> >
>> > On 22 September 2016 at 16:56, Ruslan Bukin <ruslan.bukin at cl.cam.ac.uk> wrote:
>> > > May be. The next line should be
>> > > /etc/rc: WARNING: $hostname is not set -- see rc.conf(5).
>> > >
>> > > but it hangs before this line
>> > >
>> > > Ruslan
>> > >
>> > > On Thu, Sep 22, 2016 at 04:39:16PM +0200, Mariusz Zaborski wrote:
>> > >> Hi Ruslan,
>> > >>
>> > >> Does it hang on some network script?
>> > >>
>> > >> Thanks,
>> > >> Mariusz
>> > >>
>> > >>
>> > >> On 22 September 2016 at 16:34, Ruslan Bukin <ruslan.bukin at cl.cam.ac.uk> wrote:
>> > >> > Hi Mariusz
>> > >> >
>> > >> > my MIPS64EB kernel stops booting with this
>> > >> >
>> > >> > somewhere here:
>> > >> > [...]
>> > >> > Starting file system checks:
>> > >> > /dev/ada0: 20369 files, 794696 used, 7573573 free (933 frags, 946580 blocks, 0.0% fragmentation)
>> > >> > Mounting local filesystems:.
>> > >> > ELF ldconfig path: /lib /usr/lib /usr/lib/compat
>> > >> > random: unblocking device.
>> > >> >
>> > >> > any idea ? (should I rebuild something?)
>> > >> >
>> > >> > thanks!
>> > >> >
>> > >> > Ruslan
>> > >> >
>> > >> > On Thu, Sep 22, 2016 at 09:58:46AM +0000, Mariusz Zaborski wrote:
>> > >> >> Author: oshogbo
>> > >> >> Date: Thu Sep 22 09:58:46 2016
>> > >> >> New Revision: 306174
>> > >> >> URL: https://svnweb.freebsd.org/changeset/base/306174
>> > >> >>
>> > >> >> Log:
>> > >> >> capsicum: propagate rights on accept(2)
>> > >> >>
>> > >> >> Descriptor returned by accept(2) should inherits capabilities rights from
>> > >> >> the listening socket.
>> > >> >>
>> > >> >> PR: 201052
>> > >> >> Reviewed by: emaste, jonathan
>> > >> >> Discussed with: many
>> > >> >> Differential Revision: https://reviews.freebsd.org/D7724
>> > >> >>
>> > >> >> Modified:
>> > >> >> head/sys/compat/cloudabi/cloudabi_sock.c
>> > >> >> head/sys/compat/linux/linux_socket.c
>> > >> >> head/sys/kern/kern_sendfile.c
>> > >> >> head/sys/kern/uipc_syscalls.c
>> > >> >> head/sys/netinet/sctp_syscalls.c
>> > >> >> head/sys/sys/socketvar.h
>> > >> >>
>> > >> >> Modified: head/sys/compat/cloudabi/cloudabi_sock.c
>> > >> >> ==============================================================================
>> > >> >> --- head/sys/compat/cloudabi/cloudabi_sock.c Thu Sep 22 09:33:22 2016 (r306173)
>> > >> >> +++ head/sys/compat/cloudabi/cloudabi_sock.c Thu Sep 22 09:58:46 2016 (r306174)
>> > >> >> @@ -210,7 +210,7 @@ cloudabi_sys_sock_stat_get(struct thread
>> > >> >> int error;
>> > >> >>
>> > >> >> error = getsock_cap(td, uap->sock, cap_rights_init(&rights,
>> > >> >> - CAP_GETSOCKOPT, CAP_GETPEERNAME, CAP_GETSOCKNAME), &fp, NULL);
>> > >> >> + CAP_GETSOCKOPT, CAP_GETPEERNAME, CAP_GETSOCKNAME), &fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> so = fp->f_data;
>> > >> >>
>> > >> >> Modified: head/sys/compat/linux/linux_socket.c
>> > >> >> ==============================================================================
>> > >> >> --- head/sys/compat/linux/linux_socket.c Thu Sep 22 09:33:22 2016 (r306173)
>> > >> >> +++ head/sys/compat/linux/linux_socket.c Thu Sep 22 09:58:46 2016 (r306174)
>> > >> >> @@ -855,7 +855,7 @@ linux_accept_common(struct thread *td, i
>> > >> >> if (error == EFAULT && namelen != sizeof(struct sockaddr_in))
>> > >> >> return (EINVAL);
>> > >> >> if (error == EINVAL) {
>> > >> >> - error1 = getsock_cap(td, s, &rights, &fp, NULL);
>> > >> >> + error1 = getsock_cap(td, s, &rights, &fp, NULL, NULL);
>> > >> >> if (error1 != 0)
>> > >> >> return (error1);
>> > >> >> so = fp->f_data;
>> > >> >>
>> > >> >> Modified: head/sys/kern/kern_sendfile.c
>> > >> >> ==============================================================================
>> > >> >> --- head/sys/kern/kern_sendfile.c Thu Sep 22 09:33:22 2016 (r306173)
>> > >> >> +++ head/sys/kern/kern_sendfile.c Thu Sep 22 09:58:46 2016 (r306174)
>> > >> >> @@ -502,7 +502,7 @@ sendfile_getsock(struct thread *td, int
>> > >> >> * The socket must be a stream socket and connected.
>> > >> >> */
>> > >> >> error = getsock_cap(td, s, cap_rights_init(&rights, CAP_SEND),
>> > >> >> - sock_fp, NULL);
>> > >> >> + sock_fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> *so = (*sock_fp)->f_data;
>> > >> >>
>> > >> >> Modified: head/sys/kern/uipc_syscalls.c
>> > >> >> ==============================================================================
>> > >> >> --- head/sys/kern/uipc_syscalls.c Thu Sep 22 09:33:22 2016 (r306173)
>> > >> >> +++ head/sys/kern/uipc_syscalls.c Thu Sep 22 09:58:46 2016 (r306174)
>> > >> >> @@ -89,20 +89,23 @@ static int sockargs(struct mbuf **, char
>> > >> >> /*
>> > >> >> * Convert a user file descriptor to a kernel file entry and check if required
>> > >> >> * capability rights are present.
>> > >> >> + * If required copy of current set of capability rights is returned.
>> > >> >> * A reference on the file entry is held upon returning.
>> > >> >> */
>> > >> >> int
>> > >> >> getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,
>> > >> >> - struct file **fpp, u_int *fflagp)
>> > >> >> + struct file **fpp, u_int *fflagp, struct filecaps *havecapsp)
>> > >> >> {
>> > >> >> struct file *fp;
>> > >> >> int error;
>> > >> >>
>> > >> >> - error = fget_unlocked(td->td_proc->p_fd, fd, rightsp, &fp, NULL);
>> > >> >> + error = fget_cap(td, fd, rightsp, &fp, havecapsp);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> if (fp->f_type != DTYPE_SOCKET) {
>> > >> >> fdrop(fp, td);
>> > >> >> + if (havecapsp != NULL)
>> > >> >> + filecaps_free(havecapsp);
>> > >> >> return (ENOTSOCK);
>> > >> >> }
>> > >> >> if (fflagp != NULL)
>> > >> >> @@ -188,7 +191,7 @@ kern_bindat(struct thread *td, int dirfd
>> > >> >> AUDIT_ARG_FD(fd);
>> > >> >> AUDIT_ARG_SOCKADDR(td, dirfd, sa);
>> > >> >> error = getsock_cap(td, fd, cap_rights_init(&rights, CAP_BIND),
>> > >> >> - &fp, NULL);
>> > >> >> + &fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> so = fp->f_data;
>> > >> >> @@ -235,7 +238,7 @@ sys_listen(struct thread *td, struct lis
>> > >> >>
>> > >> >> AUDIT_ARG_FD(uap->s);
>> > >> >> error = getsock_cap(td, uap->s, cap_rights_init(&rights, CAP_LISTEN),
>> > >> >> - &fp, NULL);
>> > >> >> + &fp, NULL, NULL);
>> > >> >> if (error == 0) {
>> > >> >> so = fp->f_data;
>> > >> >> #ifdef MAC
>> > >> >> @@ -308,6 +311,7 @@ kern_accept4(struct thread *td, int s, s
>> > >> >> struct file *headfp, *nfp = NULL;
>> > >> >> struct sockaddr *sa = NULL;
>> > >> >> struct socket *head, *so;
>> > >> >> + struct filecaps fcaps;
>> > >> >> cap_rights_t rights;
>> > >> >> u_int fflag;
>> > >> >> pid_t pgid;
>> > >> >> @@ -318,7 +322,7 @@ kern_accept4(struct thread *td, int s, s
>> > >> >>
>> > >> >> AUDIT_ARG_FD(s);
>> > >> >> error = getsock_cap(td, s, cap_rights_init(&rights, CAP_ACCEPT),
>> > >> >> - &headfp, &fflag);
>> > >> >> + &headfp, &fflag, &fcaps);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> head = headfp->f_data;
>> > >> >> @@ -331,7 +335,8 @@ kern_accept4(struct thread *td, int s, s
>> > >> >> if (error != 0)
>> > >> >> goto done;
>> > >> >> #endif
>> > >> >> - error = falloc(td, &nfp, &fd, (flags & SOCK_CLOEXEC) ? O_CLOEXEC : 0);
>> > >> >> + error = falloc_caps(td, &nfp, &fd,
>> > >> >> + (flags & SOCK_CLOEXEC) ? O_CLOEXEC : 0, &fcaps);
>> > >> >> if (error != 0)
>> > >> >> goto done;
>> > >> >> ACCEPT_LOCK();
>> > >> >> @@ -440,6 +445,8 @@ noconnection:
>> > >> >> * a reference on nfp to the caller on success if they request it.
>> > >> >> */
>> > >> >> done:
>> > >> >> + if (nfp == NULL)
>> > >> >> + filecaps_free(&fcaps);
>> > >> >> if (fp != NULL) {
>> > >> >> if (error == 0) {
>> > >> >> *fp = nfp;
>> > >> >> @@ -511,7 +518,7 @@ kern_connectat(struct thread *td, int di
>> > >> >> AUDIT_ARG_FD(fd);
>> > >> >> AUDIT_ARG_SOCKADDR(td, dirfd, sa);
>> > >> >> error = getsock_cap(td, fd, cap_rights_init(&rights, CAP_CONNECT),
>> > >> >> - &fp, NULL);
>> > >> >> + &fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> so = fp->f_data;
>> > >> >> @@ -754,7 +761,7 @@ kern_sendit(struct thread *td, int s, st
>> > >> >> AUDIT_ARG_SOCKADDR(td, AT_FDCWD, mp->msg_name);
>> > >> >> cap_rights_set(&rights, CAP_CONNECT);
>> > >> >> }
>> > >> >> - error = getsock_cap(td, s, &rights, &fp, NULL);
>> > >> >> + error = getsock_cap(td, s, &rights, &fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> so = (struct socket *)fp->f_data;
>> > >> >> @@ -923,7 +930,7 @@ kern_recvit(struct thread *td, int s, st
>> > >> >>
>> > >> >> AUDIT_ARG_FD(s);
>> > >> >> error = getsock_cap(td, s, cap_rights_init(&rights, CAP_RECV),
>> > >> >> - &fp, NULL);
>> > >> >> + &fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> so = fp->f_data;
>> > >> >> @@ -1198,7 +1205,7 @@ sys_shutdown(struct thread *td, struct s
>> > >> >>
>> > >> >> AUDIT_ARG_FD(uap->s);
>> > >> >> error = getsock_cap(td, uap->s, cap_rights_init(&rights, CAP_SHUTDOWN),
>> > >> >> - &fp, NULL);
>> > >> >> + &fp, NULL, NULL);
>> > >> >> if (error == 0) {
>> > >> >> so = fp->f_data;
>> > >> >> error = soshutdown(so, uap->how);
>> > >> >> @@ -1257,7 +1264,7 @@ kern_setsockopt(struct thread *td, int s
>> > >> >>
>> > >> >> AUDIT_ARG_FD(s);
>> > >> >> error = getsock_cap(td, s, cap_rights_init(&rights, CAP_SETSOCKOPT),
>> > >> >> - &fp, NULL);
>> > >> >> + &fp, NULL, NULL);
>> > >> >> if (error == 0) {
>> > >> >> so = fp->f_data;
>> > >> >> error = sosetopt(so, &sopt);
>> > >> >> @@ -1323,7 +1330,7 @@ kern_getsockopt(struct thread *td, int s
>> > >> >>
>> > >> >> AUDIT_ARG_FD(s);
>> > >> >> error = getsock_cap(td, s, cap_rights_init(&rights, CAP_GETSOCKOPT),
>> > >> >> - &fp, NULL);
>> > >> >> + &fp, NULL, NULL);
>> > >> >> if (error == 0) {
>> > >> >> so = fp->f_data;
>> > >> >> error = sogetopt(so, &sopt);
>> > >> >> @@ -1376,7 +1383,7 @@ kern_getsockname(struct thread *td, int
>> > >> >>
>> > >> >> AUDIT_ARG_FD(fd);
>> > >> >> error = getsock_cap(td, fd, cap_rights_init(&rights, CAP_GETSOCKNAME),
>> > >> >> - &fp, NULL);
>> > >> >> + &fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> so = fp->f_data;
>> > >> >> @@ -1463,7 +1470,7 @@ kern_getpeername(struct thread *td, int
>> > >> >>
>> > >> >> AUDIT_ARG_FD(fd);
>> > >> >> error = getsock_cap(td, fd, cap_rights_init(&rights, CAP_GETPEERNAME),
>> > >> >> - &fp, NULL);
>> > >> >> + &fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> so = fp->f_data;
>> > >> >>
>> > >> >> Modified: head/sys/netinet/sctp_syscalls.c
>> > >> >> ==============================================================================
>> > >> >> --- head/sys/netinet/sctp_syscalls.c Thu Sep 22 09:33:22 2016 (r306173)
>> > >> >> +++ head/sys/netinet/sctp_syscalls.c Thu Sep 22 09:58:46 2016 (r306174)
>> > >> >> @@ -248,7 +248,7 @@ sys_sctp_generic_sendmsg (td, uap)
>> > >> >> }
>> > >> >>
>> > >> >> AUDIT_ARG_FD(uap->sd);
>> > >> >> - error = getsock_cap(td, uap->sd, &rights, &fp, NULL);
>> > >> >> + error = getsock_cap(td, uap->sd, &rights, &fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> goto sctp_bad;
>> > >> >> #ifdef KTRACE
>> > >> >> @@ -361,7 +361,7 @@ sys_sctp_generic_sendmsg_iov(td, uap)
>> > >> >> }
>> > >> >>
>> > >> >> AUDIT_ARG_FD(uap->sd);
>> > >> >> - error = getsock_cap(td, uap->sd, &rights, &fp, NULL);
>> > >> >> + error = getsock_cap(td, uap->sd, &rights, &fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> goto sctp_bad1;
>> > >> >>
>> > >> >> @@ -477,7 +477,7 @@ sys_sctp_generic_recvmsg(td, uap)
>> > >> >>
>> > >> >> AUDIT_ARG_FD(uap->sd);
>> > >> >> error = getsock_cap(td, uap->sd, cap_rights_init(&rights, CAP_RECV),
>> > >> >> - &fp, NULL);
>> > >> >> + &fp, NULL, NULL);
>> > >> >> if (error != 0)
>> > >> >> return (error);
>> > >> >> #ifdef COMPAT_FREEBSD32
>> > >> >>
>> > >> >> Modified: head/sys/sys/socketvar.h
>> > >> >> ==============================================================================
>> > >> >> --- head/sys/sys/socketvar.h Thu Sep 22 09:33:22 2016 (r306173)
>> > >> >> +++ head/sys/sys/socketvar.h Thu Sep 22 09:58:46 2016 (r306174)
>> > >> >> @@ -321,6 +321,7 @@ extern u_long sb_max;
>> > >> >> extern so_gen_t so_gencnt;
>> > >> >>
>> > >> >> struct file;
>> > >> >> +struct filecaps;
>> > >> >> struct filedesc;
>> > >> >> struct mbuf;
>> > >> >> struct sockaddr;
>> > >> >> @@ -340,7 +341,7 @@ struct uio;
>> > >> >> */
>> > >> >> int getsockaddr(struct sockaddr **namp, caddr_t uaddr, size_t len);
>> > >> >> int getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,
>> > >> >> - struct file **fpp, u_int *fflagp);
>> > >> >> + struct file **fpp, u_int *fflagp, struct filecaps *havecaps);
>> > >> >> void soabort(struct socket *so);
>> > >> >> int soaccept(struct socket *so, struct sockaddr **nam);
>> > >> >> void soaio_enqueue(struct task *task);
>> > >> >>
>> >
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fget_cap.patch
Type: text/x-patch
Size: 887 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20160923/bb321162/attachment.bin>
More information about the svn-src-head
mailing list