git: 2bd9826995ca - main - vfs: Permit unix sockets to be opened with O_PATH
Mark Johnston
markj at FreeBSD.org
Fri Sep 17 19:12:40 UTC 2021
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=2bd9826995ca6b23f8b088cfa035c0ad1c578ac3
commit 2bd9826995ca6b23f8b088cfa035c0ad1c578ac3
Author: Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-09-17 16:34:21 +0000
Commit: Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-09-17 18:19:06 +0000
vfs: Permit unix sockets to be opened with O_PATH
As with FIFOs, a path descriptor for a unix socket cannot be used with
kevent().
In principle connectat(2) and bindat(2) could be modified to support an
AT_EMPTY_PATH-like mode which operates on the socket referenced by an
O_PATH fd referencing a unix socket. That would eliminate the path
length limit imposed by sockaddr_un.
Update O_PATH tests.
Reviewed by: kib
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31970
---
sys/kern/vfs_vnops.c | 11 ++++-------
tests/sys/file/path_test.c | 32 ++++++++++++++++++++++++++++----
2 files changed, 32 insertions(+), 11 deletions(-)
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 93d5a9e6b127..d4229160f11e 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -399,13 +399,13 @@ vn_open_vnode(struct vnode *vp, int fmode, struct ucred *cred,
if ((fmode & O_PATH) == 0 || (fmode & FEXEC) != 0)
return (EMLINK);
}
- if (vp->v_type == VSOCK)
- return (EOPNOTSUPP);
if (vp->v_type != VDIR && fmode & O_DIRECTORY)
return (ENOTDIR);
accmode = 0;
if ((fmode & O_PATH) == 0) {
+ if (vp->v_type == VSOCK)
+ return (EOPNOTSUPP);
if ((fmode & (FWRITE | O_TRUNC)) != 0) {
if (vp->v_type == VDIR)
return (EISDIR);
@@ -437,11 +437,8 @@ vn_open_vnode(struct vnode *vp, int fmode, struct ucred *cred,
return (error);
}
if ((fmode & O_PATH) != 0) {
- if (vp->v_type == VFIFO)
- error = EPIPE;
- else
- error = VOP_ACCESS(vp, VREAD, cred, td);
- if (error == 0)
+ if (vp->v_type != VFIFO && vp->v_type != VSOCK &&
+ VOP_ACCESS(vp, VREAD, cred, td) == 0)
fp->f_flag |= FKQALLOWED;
return (0);
}
diff --git a/tests/sys/file/path_test.c b/tests/sys/file/path_test.c
index ad88c691a914..a39862cc78d6 100644
--- a/tests/sys/file/path_test.c
+++ b/tests/sys/file/path_test.c
@@ -845,13 +845,15 @@ ATF_TC_BODY(path_rights, tc)
CHECKED_CLOSE(sd[1]);
}
-/* Verify that a local socket can't be opened with O_PATH. */
+/* Verify that a local socket can be opened with O_PATH. */
ATF_TC_WITHOUT_HEAD(path_unix);
ATF_TC_BODY(path_unix, tc)
{
- char path[PATH_MAX];
+ char buf[BUFSIZ], path[PATH_MAX];
+ struct kevent ev;
struct sockaddr_un sun;
- int pathfd, sd;
+ struct stat sb;
+ int kq, pathfd, sd;
snprintf(path, sizeof(path), "path_unix.XXXXXX");
ATF_REQUIRE_MSG(mktemp(path) == path, FMT_ERR("mktemp"));
@@ -866,9 +868,31 @@ ATF_TC_BODY(path_unix, tc)
FMT_ERR("bind"));
pathfd = open(path, O_PATH);
- ATF_REQUIRE_ERRNO(EOPNOTSUPP, pathfd < 0);
+ ATF_REQUIRE_MSG(pathfd >= 0, FMT_ERR("open"));
+
+ ATF_REQUIRE_MSG(fstatat(pathfd, "", &sb, AT_EMPTY_PATH) == 0,
+ FMT_ERR("fstatat"));
+ ATF_REQUIRE_MSG(sb.st_mode & S_IFSOCK, "socket mode %#x", sb.st_mode);
+ ATF_REQUIRE_MSG(sb.st_ino != 0, "socket has inode number 0");
+
+ memset(buf, 0, sizeof(buf));
+ ATF_REQUIRE_ERRNO(EBADF, write(pathfd, buf, sizeof(buf)));
+ ATF_REQUIRE_ERRNO(EBADF, read(pathfd, buf, sizeof(buf)));
+
+ /* kevent() is disallowed with sockets. */
+ kq = kqueue();
+ ATF_REQUIRE_MSG(kq >= 0, FMT_ERR("kqueue"));
+ EV_SET(&ev, pathfd, EVFILT_READ, EV_ADD | EV_ENABLE, 0, 0, 0);
+ ATF_REQUIRE_ERRNO(EBADF, kevent(kq, &ev, 1, NULL, 0, NULL) == -1);
+
+ /* Should not be able to open a socket without O_PATH. */
+ ATF_REQUIRE_ERRNO(EOPNOTSUPP, openat(pathfd, "", O_EMPTY_PATH) == -1);
+
+ ATF_REQUIRE_MSG(funlinkat(AT_FDCWD, path, pathfd, 0) == 0,
+ FMT_ERR("funlinkat"));
CHECKED_CLOSE(sd);
+ CHECKED_CLOSE(pathfd);
}
ATF_TP_ADD_TCS(tp)
More information about the dev-commits-src-main
mailing list