svn commit: r357706 - in stable: 11/contrib/netbsd-tests/lib/libc/c063 11/lib/libc/sys 11/lib/libc/tests/c063 11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs 11/sys/fs/devfs 11/sys/fs/fuse 11/sys...

Kyle Evans kevans at FreeBSD.org
Sun Feb 9 22:15:42 UTC 2020


Author: kevans
Date: Sun Feb  9 22:15:35 2020
New Revision: 357706
URL: https://svnweb.freebsd.org/changeset/base/357706

Log:
  MFC O_SEARCH: r357412, r357461, r357580, r357584, r357636, r357671, r357688
  
  r357412:
  Provide O_SEARCH
  
  O_SEARCH is defined by POSIX [0] to open a directory for searching, skipping
  permissions checks on the directory itself after the initial open(). This is
  close to the semantics we've historically applied for O_EXEC on a directory,
  which is UB according to POSIX. Conveniently, O_SEARCH on a file is also
  explicitly undefined behavior according to POSIX, so O_EXEC would be a fine
  choice. The spec goes on to state that O_SEARCH and O_EXEC need not be
  distinct values, but they're not defined to be the same value.
  
  This was pointed out as an incompatibility with other systems that had made
  its way into libarchive, which had assumed that O_EXEC was an alias for
  O_SEARCH.
  
  This defines compatibility O_SEARCH/FSEARCH (equivalent to O_EXEC and FEXEC
  respectively) and expands our UB for O_EXEC on a directory. O_EXEC on a
  directory is checked in vn_open_vnode already, so for completeness we add a
  NOEXECCHECK when O_SEARCH has been specified on the top-level fd and do not
  re-check that when descending in namei.
  
  [0] https://pubs.opengroup.org/onlinepubs/9699919799/
  
  r357461:
  namei: preserve errors from fget_cap_locked
  
  Most notably, we want to make sure we don't clobber any capabilities-related
  errors. This is a regression from r357412 (O_SEARCH) that was picked up by
  the capsicum tests.
  
  r357580:
  O_SEARCH test: drop O_SEARCH|O_RDWR local diff
  
  In FreeBSD's O_SEARCH implementation, O_SEARCH in conjunction with O_RDWR or
  O_WRONLY is explicitly rejected. In this case, O_RDWR was not necessary
  anyways as the file will get created with or without it.
  
  This was submitted upstream as misc/54940 and committed in rev 1.8 of the
  file.
  
  r357584:
  Record-only MFV of r357583: netbsd-tests: import upstreamed changes
  
  The changes in question originated in FreeBSD/head; no further action is
  required.
  
  r357636:
  MFV r357635: imnport v1.9 of the O_SEARCH tests
  
  The RCSID data was wrong, so this is effectively a record-only merge
  with correction of said data. No further changes should be needed in this
  area, as we've now upstreamed our local changes to this specific test.
  
  r357671:
  O_SEARCH test: mark revokex an expected fail on NFS
  
  The revokex test does not work when the scratch directory is created on NFS.
  Given the nature of NFS, it likely can never work without looking like a
  security hole since O_SEARCH would rely on the server knowing that the
  directory did have +x at the time of open and that it's OK for it to have
  been revoked based on POSIX specification for O_SEARCH.
  
  This does mean that O_SEARCH is only partially functional on NFS in general,
  but I suspect the execute bit getting revoked in the process is likely not
  common.
  
  r357688:
  MFV r357687: Import NFS fix for O_SEARCH tests
  
  The version that ended upstream was ultimately slightly different than the
  version committed here; notably, statvfs() is used but it's redefined
  appropriately to statfs() on FreeBSD since we don't provide the fstypename
  for the former interface.

Modified:
  stable/12/contrib/netbsd-tests/lib/libc/c063/t_o_search.c
  stable/12/lib/libc/sys/open.2
  stable/12/lib/libc/tests/c063/Makefile
  stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
  stable/12/sys/fs/devfs/devfs_vnops.c
  stable/12/sys/fs/fuse/fuse_vnops.c
  stable/12/sys/fs/nfsclient/nfs_clvnops.c
  stable/12/sys/fs/smbfs/smbfs_vnops.c
  stable/12/sys/fs/tmpfs/tmpfs_vnops.c
  stable/12/sys/kern/vfs_cache.c
  stable/12/sys/kern/vfs_lookup.c
  stable/12/sys/kern/vfs_subr.c
  stable/12/sys/sys/fcntl.h
  stable/12/sys/sys/namei.h
  stable/12/sys/sys/vnode.h
Directory Properties:
  stable/12/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/11/contrib/netbsd-tests/lib/libc/c063/t_o_search.c
  stable/11/lib/libc/sys/open.2
  stable/11/lib/libc/tests/c063/Makefile
  stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
  stable/11/sys/fs/devfs/devfs_vnops.c
  stable/11/sys/fs/fuse/fuse_vnops.c
  stable/11/sys/fs/nfsclient/nfs_clvnops.c
  stable/11/sys/fs/smbfs/smbfs_vnops.c
  stable/11/sys/fs/tmpfs/tmpfs_vnops.c
  stable/11/sys/kern/vfs_cache.c
  stable/11/sys/kern/vfs_lookup.c
  stable/11/sys/kern/vfs_subr.c
  stable/11/sys/sys/fcntl.h
  stable/11/sys/sys/namei.h
  stable/11/sys/sys/vnode.h
Directory Properties:
  stable/11/   (props changed)

Modified: stable/12/contrib/netbsd-tests/lib/libc/c063/t_o_search.c
==============================================================================
--- stable/12/contrib/netbsd-tests/lib/libc/c063/t_o_search.c	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/contrib/netbsd-tests/lib/libc/c063/t_o_search.c	Sun Feb  9 22:15:35 2020	(r357706)
@@ -1,4 +1,4 @@
-/*	$NetBSD: t_o_search.c,v 1.5 2017/01/10 22:25:01 christos Exp $ */
+/*	$NetBSD: t_o_search.c,v 1.10 2020/02/08 19:58:36 kamil Exp $ */
 
 /*-
  * Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -29,13 +29,16 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: t_o_search.c,v 1.5 2017/01/10 22:25:01 christos Exp $");
+__RCSID("$NetBSD: t_o_search.c,v 1.10 2020/02/08 19:58:36 kamil Exp $");
 
 #include <atf-c.h>
 
-#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/mount.h>
+#include <sys/statvfs.h>
 #include <sys/stat.h>
 
+#include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
@@ -50,10 +53,15 @@ __RCSID("$NetBSD: t_o_search.c,v 1.5 2017/01/10 22:25:
  * until a decision is reached about the semantics of O_SEARCH and a
  * non-broken implementation is available.
  */
-#if (O_MASK & O_SEARCH) != 0
+#if defined(__FreeBSD__) || (O_MASK & O_SEARCH) != 0
 #define USE_O_SEARCH
 #endif
 
+#ifdef __FreeBSD__
+#define	statvfs		statfs
+#define	fstatvfs	fstatfs
+#endif
+
 #define DIR "dir"
 #define FILE "dir/o_search"
 #define BASEFILE "o_search"
@@ -257,12 +265,82 @@ ATF_TC_BODY(o_search_notdir, tc)
 	int fd;
 
 	ATF_REQUIRE(mkdir(DIR, 0755) == 0);
-	ATF_REQUIRE((dfd = open(FILE, O_CREAT|O_RDWR|O_SEARCH, 0644)) != -1);
+	ATF_REQUIRE((dfd = open(FILE, O_CREAT|O_SEARCH, 0644)) != -1);
 	ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) == -1);
 	ATF_REQUIRE(errno == ENOTDIR);
 	ATF_REQUIRE(close(dfd) == 0);
 }
 
+#ifdef USE_O_SEARCH
+ATF_TC(o_search_nord);
+ATF_TC_HEAD(o_search_nord, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "See that openat succeeds with no read permission");
+	atf_tc_set_md_var(tc, "require.user", "unprivileged");
+}
+ATF_TC_BODY(o_search_nord, tc)
+{
+	int dfd, fd;
+
+	ATF_REQUIRE(mkdir(DIR, 0755) == 0);
+	ATF_REQUIRE((fd = open(FILE, O_CREAT|O_RDWR, 0644)) != -1);
+	ATF_REQUIRE(close(fd) == 0);
+
+	ATF_REQUIRE(chmod(DIR, 0100) == 0);
+	ATF_REQUIRE((dfd = open(DIR, O_SEARCH, 0)) != -1);
+
+	ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) != -1);
+
+	ATF_REQUIRE(close(dfd) == 0);
+}
+
+ATF_TC(o_search_getdents);
+ATF_TC_HEAD(o_search_getdents, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "See that O_SEARCH forbids getdents");
+}
+ATF_TC_BODY(o_search_getdents, tc)
+{
+	char buf[1024];
+	int dfd;
+
+	ATF_REQUIRE(mkdir(DIR, 0755) == 0);
+	ATF_REQUIRE((dfd = open(DIR, O_SEARCH, 0)) != -1);
+	ATF_REQUIRE(getdents(dfd, buf, sizeof(buf)) < 0);
+	ATF_REQUIRE(close(dfd) == 0);
+}
+
+ATF_TC(o_search_revokex);
+ATF_TC_HEAD(o_search_revokex, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "See that *at behaves after chmod -x");
+	atf_tc_set_md_var(tc, "require.user", "unprivileged");
+}
+ATF_TC_BODY(o_search_revokex, tc)
+{
+	struct statvfs vst;
+	struct stat sb;
+	int dfd, fd;
+
+	ATF_REQUIRE(mkdir(DIR, 0755) == 0);
+	ATF_REQUIRE((fd = open(FILE, O_CREAT|O_RDWR, 0644)) != -1);
+	ATF_REQUIRE(close(fd) == 0);
+
+	ATF_REQUIRE((dfd = open(DIR, O_SEARCH, 0)) != -1);
+
+	/* Drop permissions. The kernel must still not check the exec bit. */
+	ATF_REQUIRE(chmod(DIR, 0000) == 0);
+
+	fstatvfs(dfd, &vst);
+	if (strcmp(vst.f_fstypename, "nfs") == 0)
+		atf_tc_expect_fail("NFS protocol cannot observe O_SEARCH semantics");
+
+	ATF_REQUIRE(fstatat(dfd, BASEFILE, &sb, 0) == 0);
+
+	ATF_REQUIRE(close(dfd) == 0);
+}
+#endif /* USE_O_SEARCH */
+
 ATF_TP_ADD_TCS(tp)
 {
 
@@ -277,6 +355,11 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, o_search_unpriv_flag2);
 #endif
 	ATF_TP_ADD_TC(tp, o_search_notdir);
+#ifdef USE_O_SEARCH
+	ATF_TP_ADD_TC(tp, o_search_nord);
+	ATF_TP_ADD_TC(tp, o_search_getdents);
+	ATF_TP_ADD_TC(tp, o_search_revokex);
+#endif
 
 	return atf_no_error();
 }

Modified: stable/12/lib/libc/sys/open.2
==============================================================================
--- stable/12/lib/libc/sys/open.2	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/lib/libc/sys/open.2	Sun Feb  9 22:15:35 2020	(r357706)
@@ -28,7 +28,7 @@
 .\"     @(#)open.2	8.2 (Berkeley) 11/16/93
 .\" $FreeBSD$
 .\"
-.Dd September 17, 2019
+.Dd February 9, 2020
 .Dt OPEN 2
 .Os
 .Sh NAME
@@ -126,6 +126,7 @@ O_RDONLY	open for reading only
 O_WRONLY	open for writing only
 O_RDWR		open for reading and writing
 O_EXEC		open for execute only
+O_SEARCH	open for search only, an alias for O_EXEC
 O_NONBLOCK	do not block on open
 O_APPEND	append on each write
 O_CREAT		create file if it does not exist
@@ -266,6 +267,19 @@ means is implementation specific.
 The run-time linker (rtld) uses this flag to ensure shared objects have
 been verified before operating on them.
 .Pp
+When
+.Fa fd
+is opened with
+.Dv O_SEARCH ,
+execute permissions are checked at open time.
+The
+.Fa fd
+may not be used for any read operations like
+.Xr getdirentries 2 .
+The primary use for this descriptor will be as the lookup descriptor for the
+.Fn *at
+family of functions.
+.Pp
 If successful,
 .Fn open
 returns a non-negative integer, termed a file descriptor.
@@ -458,9 +472,12 @@ An attempt was made to open a descriptor with an illeg
 of
 .Dv O_RDONLY ,
 .Dv O_WRONLY ,
-.Dv O_RDWR
+or
+.Dv O_RDWR ,
 and
-.Dv O_EXEC .
+.Dv O_EXEC
+or
+.Dv O_SEARCH .
 .It Bq Er EBADF
 The
 .Fa path

Modified: stable/12/lib/libc/tests/c063/Makefile
==============================================================================
--- stable/12/lib/libc/tests/c063/Makefile	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/lib/libc/tests/c063/Makefile	Sun Feb  9 22:15:35 2020	(r357706)
@@ -1,7 +1,5 @@
 # $FreeBSD$
 
-#TODO: t_o_search
-
 NETBSD_ATF_TESTS_C=	faccessat_test
 NETBSD_ATF_TESTS_C+=	fchmodat_test
 NETBSD_ATF_TESTS_C+=	fchownat_test
@@ -11,6 +9,7 @@ NETBSD_ATF_TESTS_C+=	linkat_test
 NETBSD_ATF_TESTS_C+=	mkdirat_test
 NETBSD_ATF_TESTS_C+=	mkfifoat_test
 NETBSD_ATF_TESTS_C+=	mknodat_test
+NETBSD_ATF_TESTS_C+=	o_search_test
 NETBSD_ATF_TESTS_C+=	openat_test
 NETBSD_ATF_TESTS_C+=	readlinkat_test
 NETBSD_ATF_TESTS_C+=	renameat_test

Modified: stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
==============================================================================
--- stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	Sun Feb  9 22:15:35 2020	(r357706)
@@ -1593,10 +1593,14 @@ zfs_lookup(vnode_t *dvp, char *nm, vnode_t **vpp, stru
 	 * Check accessibility of directory.
 	 */
 	if (!cached) {
-		error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr);
-		if (error != 0) {
-			ZFS_EXIT(zfsvfs);
-			return (error);
+		if ((cnp->cn_flags & NOEXECCHECK) != 0) {
+			cnp->cn_flags &= ~NOEXECCHECK;
+		} else {
+			error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr);
+			if (error != 0) {
+				ZFS_EXIT(zfsvfs);
+				return (error);
+			}
 		}
 	}
 

Modified: stable/12/sys/fs/devfs/devfs_vnops.c
==============================================================================
--- stable/12/sys/fs/devfs/devfs_vnops.c	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/fs/devfs/devfs_vnops.c	Sun Feb  9 22:15:35 2020	(r357706)
@@ -919,8 +919,8 @@ devfs_lookupx(struct vop_lookup_args *ap, int *dm_unlo
 	if ((flags & ISDOTDOT) && (dvp->v_vflag & VV_ROOT))
 		return (EIO);
 
-	error = VOP_ACCESS(dvp, VEXEC, cnp->cn_cred, td);
-	if (error)
+	error = vn_dir_check_exec(dvp, cnp);
+	if (error != 0)
 		return (error);
 
 	if (cnp->cn_namelen == 1 && *pname == '.') {

Modified: stable/12/sys/fs/fuse/fuse_vnops.c
==============================================================================
--- stable/12/sys/fs/fuse/fuse_vnops.c	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/fs/fuse/fuse_vnops.c	Sun Feb  9 22:15:35 2020	(r357706)
@@ -1005,7 +1005,9 @@ fuse_vnop_lookup(struct vop_lookup_args *ap)
 	if (islastcn && vfs_isrdonly(mp) && (nameiop != LOOKUP))
 		return EROFS;
 
-	if ((err = fuse_internal_access(dvp, VEXEC, td, cred)))
+	if ((cnp->cn_flags & NOEXECCHECK) != 0)
+		cnp->cn_flags &= ~NOEXECCHECK;
+	else if ((err = fuse_internal_access(dvp, VEXEC, td, cred)))
 		return err;
 
 	if (flags & ISDOTDOT) {

Modified: stable/12/sys/fs/nfsclient/nfs_clvnops.c
==============================================================================
--- stable/12/sys/fs/nfsclient/nfs_clvnops.c	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/fs/nfsclient/nfs_clvnops.c	Sun Feb  9 22:15:35 2020	(r357706)
@@ -1148,7 +1148,8 @@ nfs_lookup(struct vop_lookup_args *ap)
 	}
 	NFSUNLOCKNODE(np);
 
-	if ((error = VOP_ACCESS(dvp, VEXEC, cnp->cn_cred, td)) != 0)
+	error = vn_dir_check_exec(dvp, cnp);
+	if (error != 0)
 		return (error);
 	error = cache_lookup(dvp, vpp, cnp, &nctime, &ncticks);
 	if (error > 0 && error != ENOENT)

Modified: stable/12/sys/fs/smbfs/smbfs_vnops.c
==============================================================================
--- stable/12/sys/fs/smbfs/smbfs_vnops.c	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/fs/smbfs/smbfs_vnops.c	Sun Feb  9 22:15:35 2020	(r357706)
@@ -1198,7 +1198,8 @@ smbfs_lookup(ap)
 	islastcn = flags & ISLASTCN;
 	if (islastcn && (mp->mnt_flag & MNT_RDONLY) && (nameiop != LOOKUP))
 		return EROFS;
-	if ((error = VOP_ACCESS(dvp, VEXEC, cnp->cn_cred, td)) != 0)
+	error = vn_dir_check_exec(dvp, cnp);
+	if (error != 0)
 		return error;
 	smp = VFSTOSMBFS(mp);
 	dnp = VTOSMB(dvp);

Modified: stable/12/sys/fs/tmpfs/tmpfs_vnops.c
==============================================================================
--- stable/12/sys/fs/tmpfs/tmpfs_vnops.c	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/fs/tmpfs/tmpfs_vnops.c	Sun Feb  9 22:15:35 2020	(r357706)
@@ -90,7 +90,7 @@ tmpfs_lookup1(struct vnode *dvp, struct vnode **vpp, s
 	*vpp = NULLVP;
 
 	/* Check accessibility of requested node as a first step. */
-	error = VOP_ACCESS(dvp, VEXEC, cnp->cn_cred, cnp->cn_thread);
+	error = vn_dir_check_exec(dvp, cnp);
 	if (error != 0)
 		goto out;
 

Modified: stable/12/sys/kern/vfs_cache.c
==============================================================================
--- stable/12/sys/kern/vfs_cache.c	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/kern/vfs_cache.c	Sun Feb  9 22:15:35 2020	(r357706)
@@ -2105,9 +2105,7 @@ vfs_cache_lookup(struct vop_lookup_args *ap)
 	int error;
 	struct vnode **vpp = ap->a_vpp;
 	struct componentname *cnp = ap->a_cnp;
-	struct ucred *cred = cnp->cn_cred;
 	int flags = cnp->cn_flags;
-	struct thread *td = cnp->cn_thread;
 
 	*vpp = NULL;
 	dvp = ap->a_dvp;
@@ -2119,8 +2117,8 @@ vfs_cache_lookup(struct vop_lookup_args *ap)
 	    (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME))
 		return (EROFS);
 
-	error = VOP_ACCESS(dvp, VEXEC, cred, td);
-	if (error)
+	error = vn_dir_check_exec(dvp, cnp);
+	if (error != 0)
 		return (error);
 
 	error = cache_lookup(dvp, vpp, cnp, NULL, NULL);

Modified: stable/12/sys/kern/vfs_lookup.c
==============================================================================
--- stable/12/sys/kern/vfs_lookup.c	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/kern/vfs_lookup.c	Sun Feb  9 22:15:35 2020	(r357706)
@@ -286,6 +286,7 @@ namei(struct nameidata *ndp)
 	struct vnode *dp;	/* the directory we are searching */
 	struct iovec aiov;		/* uio for reading symbolic links */
 	struct componentname *cnp;
+	struct file *dfp;
 	struct thread *td;
 	struct proc *p;
 	cap_rights_t rights;
@@ -405,10 +406,29 @@ namei(struct nameidata *ndp)
 				AUDIT_ARG_ATFD1(ndp->ni_dirfd);
 			if (cnp->cn_flags & AUDITVNODE2)
 				AUDIT_ARG_ATFD2(ndp->ni_dirfd);
-			error = fgetvp_rights(td, ndp->ni_dirfd,
-			    &rights, &ndp->ni_filecaps, &dp);
-			if (error == EINVAL)
+			/*
+			 * Effectively inlined fgetvp_rights, because we need to
+			 * inspect the file as well as grabbing the vnode.
+			 */
+			error = fget_cap_locked(fdp, ndp->ni_dirfd, &rights,
+			    &dfp, &ndp->ni_filecaps);
+			if (error != 0) {
+				/*
+				 * Preserve the error; it should either be EBADF
+				 * or capability-related, both of which can be
+				 * safely returned to the caller.
+				 */
+			} else if (dfp->f_ops == &badfileops) {
+				error = EBADF;
+			} else if (dfp->f_vnode == NULL) {
 				error = ENOTDIR;
+			} else {
+				dp = dfp->f_vnode;
+				vrefact(dp);
+
+				if ((dfp->f_flag & FSEARCH) != 0)
+					cnp->cn_flags |= NOEXECCHECK;
+			}
 #ifdef CAPABILITIES
 			/*
 			 * If file descriptor doesn't have all rights,

Modified: stable/12/sys/kern/vfs_subr.c
==============================================================================
--- stable/12/sys/kern/vfs_subr.c	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/kern/vfs_subr.c	Sun Feb  9 22:15:35 2020	(r357706)
@@ -5705,3 +5705,15 @@ __mnt_vnode_markerfree_active(struct vnode **mvp, stru
 	mtx_unlock(&mp->mnt_listmtx);
 	mnt_vnode_markerfree_active(mvp, mp);
 }
+
+int
+vn_dir_check_exec(struct vnode *vp, struct componentname *cnp)
+{
+
+	if ((cnp->cn_flags & NOEXECCHECK) != 0) {
+		cnp->cn_flags &= ~NOEXECCHECK;
+		return (0);
+	}
+
+	return (VOP_ACCESS(vp, VEXEC, cnp->cn_cred, cnp->cn_thread));
+}

Modified: stable/12/sys/sys/fcntl.h
==============================================================================
--- stable/12/sys/sys/fcntl.h	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/sys/fcntl.h	Sun Feb  9 22:15:35 2020	(r357706)
@@ -119,9 +119,11 @@ typedef	__pid_t		pid_t;
 #if __POSIX_VISIBLE >= 200809
 #define	O_DIRECTORY	0x00020000	/* Fail if not directory */
 #define	O_EXEC		0x00040000	/* Open for execute only */
+#define	O_SEARCH	O_EXEC
 #endif
 #ifdef	_KERNEL
 #define	FEXEC		O_EXEC
+#define	FSEARCH		O_SEARCH
 #endif
 
 #if __POSIX_VISIBLE >= 200809

Modified: stable/12/sys/sys/namei.h
==============================================================================
--- stable/12/sys/sys/namei.h	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/sys/namei.h	Sun Feb  9 22:15:35 2020	(r357706)
@@ -159,7 +159,8 @@ struct nameidata {
 #define	AUDITVNODE2	0x08000000 /* audit the looked up vnode information */
 #define	TRAILINGSLASH	0x10000000 /* path ended in a slash */
 #define	NOCAPCHECK	0x20000000 /* do not perform capability checks */
-#define	PARAMASK	0x3ffffe00 /* mask of parameter descriptors */
+#define	NOEXECCHECK	0x40000000 /* do not perform exec check on dir */
+#define	PARAMASK	0x7ffffe00 /* mask of parameter descriptors */
 
 /*
  * Namei results flags

Modified: stable/12/sys/sys/vnode.h
==============================================================================
--- stable/12/sys/sys/vnode.h	Sun Feb  9 22:05:41 2020	(r357705)
+++ stable/12/sys/sys/vnode.h	Sun Feb  9 22:15:35 2020	(r357706)
@@ -921,6 +921,8 @@ int vn_chown(struct file *fp, uid_t uid, gid_t gid, st
 
 void vn_fsid(struct vnode *vp, struct vattr *va);
 
+int vn_dir_check_exec(struct vnode *vp, struct componentname *cnp);
+
 #endif /* _KERNEL */
 
 #endif /* !_SYS_VNODE_H_ */


More information about the svn-src-all mailing list