Page MenuHomeFreeBSD
Differential D23479

namei: preserve errors from fget_cap_locked
ClosedPublic
Actions

Authored by kevans on Feb 3 2020, 3:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Apr 14, 7:48 PM
Unknown Object (File)
Feb 22 2024, 10:59 AM
Unknown Object (File)
Feb 7 2024, 12:53 PM
Unknown Object (File)
Jan 14 2024, 5:39 AM
Unknown Object (File)
Jan 2 2024, 11:10 AM
Unknown Object (File)
Dec 22 2023, 11:42 PM
Unknown Object (File)
Oct 3 2023, 10:06 AM
Unknown Object (File)
Jul 25 2023, 6:54 PM
View All 13 Files
Subscribers
imp
lwhsu

Details

Reviewers
kib
emaste
Commits
rS357461: namei: preserve errors from fget_cap_locked
Summary

Most notably, we want to make sure we don't clobber any capabilities-related errors. This is a regression from r357412 (O_SEARCH) that was picked up from the capsicum tests.

PR: 243839

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 29128

Event Timeline

kevans created this revision.Feb 3 2020, 3:15 PM
Herald added a subscriber: imp. · View Herald TranscriptFeb 3 2020, 3:15 PM
Harbormaster completed remote builds in B29128: Diff 67703.Feb 3 2020, 3:15 PM
lwhsu added a subscriber: lwhsu.Feb 3 2020, 3:36 PM
emaste added inline comments.Feb 3 2020, 6:11 PM
sys/kern/vfs_lookup.c
463–466

To me a nested

if (error == 0) {
        if (dfp->f_vnode == NULL)
                error = ENOTDIR;
        else
                error = EBADF;
}

is easier to follow

kib accepted this revision.Feb 3 2020, 6:20 PM
kib added inline comments.
sys/kern/vfs_lookup.c
463–466

I would do it diferently:

   if (error != 0) {
      /* Preserve error */
   } else if (...f_ops == &badfileops} {
     error = EBADF;
   } else if (...f_vnode == NULL) {
     error = EINVAL;
  } else {
      dp = dfp->f_vnode;
...

Note tht I restored errors from fgetvp_rights.

This revision is now accepted and ready to land.Feb 3 2020, 6:20 PM
Closed by commit rS357461: namei: preserve errors from fget_cap_locked (authored by kevans). · Explain WhyFeb 3 2020, 6:59 PM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rS357461: namei: preserve errors from fget_cap_locked.
emaste added a comment.Feb 3 2020, 7:05 PM

I would do it differently

Ah yes, this is better.

(The recent OpenSMTPD vulnerability provides a good example of the need to consider this carefully and get it right from both correctness & readability.)

Revision Contents
Changeset List

PathSize
sys/
kern/
11 lines

Diff 67703

View Options

sys/kern/vfs_lookup.c

Loading...