svn commit: r303855 - in head/sys: kern sys

Mark Johnston markj at freebsd.org
Tue Aug 9 18:25:06 UTC 2016 

On Tue, Aug 09, 2016 at 01:51:35AM +0200, Oliver Pinter wrote:
> (Added bdrewery to CC, since I'm talking with him on IRC.)
> 
> On Tue, Aug 9, 2016 at 1:43 AM, Mark Johnston <markj at freebsd.org> wrote:
> > On Tue, Aug 09, 2016 at 12:53:47AM +0200, Oliver Pinter wrote:
> >> Hi!
> >>
> >> Can you please MFC back this change 10-STABLE together with the
> >> following: https://github.com/HardenedBSD/hardenedBSD/commit/576619e564618bca3675db57580d8e1f76bd2ac7
> >>
> >> This issue is still exists on 10-STABLE, as you can test with the
> >> linked program from phabricator:
> >> https://people.freebsd.org/~mjg/reproducers/unp-gc-panic.c
> >
> > Hm, I don't think this could be MFCed directly. It changes the kernel
> > ABI by modifying the argument of dom_dispose(). This could be fixed in
> > stable/10 with a hack to call the unix domain socket code directly when
> > appropriate, which I think is preferable to the current state of things.
> > I'll look into it further.
> 
> The question is how much external / out of tree components would use
> this ABI or how acceptable to break this ABI.
> I just grepped through the src tree for internal uses, and I found only these:

I don't think it's acceptable. This could be side-stepped with a hack:

if (pr->pr_domain->dom_family == AF_LOCAL)
	unp_dispose_wrapper(so);
else if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose != NULL)
	(*pr->pr_domain->dom_dispose)(so->so_rcv.sb_mb);
...

So I'm inclined to just do that and avoid the issue.

> 
> op at opn hardenedBSD.git> git grep dom_dispose
> share/doc/smm/18.net/6.t:       int     (*dom_dispose)();       /*
> dispose of internalized rights */
> share/man/man9/domain.9:        void    (*dom_dispose)          /*
> dispose of internalized rights */
> sys/kern/uipc_debug.c:  db_printf("dom_dispose: %p\n", d->dom_dispose);
> sys/kern/uipc_socket.c: if (pr->pr_flags & PR_RIGHTS &&
> pr->pr_domain->dom_dispose != NULL)
> sys/kern/uipc_socket.c:         (*pr->pr_domain->dom_dispose)(so);
> sys/kern/uipc_socket.c:  * dom_dispose() and sbrelease_internal() are
> an inlining of what was
> sys/kern/uipc_socket.c:  * In order to avoid calling dom_dispose with
> the socket buffer mutex
> sys/kern/uipc_socket.c: if (pr->pr_flags & PR_RIGHTS &&
> pr->pr_domain->dom_dispose != NULL)
> sys/kern/uipc_socket.c:         (*pr->pr_domain->dom_dispose)(&aso);
> sys/kern/uipc_usrreq.c: .dom_dispose =          unp_dispose_so,
> sys/sys/domain.h:       void    (*dom_dispose)          /* dispose of
> internalized rights */

More information about the svn-src-head mailing list