From a1dc2096387101165d53fe98677d3e4e1d0557ad Mon Sep 17 00:00:00 2001 From: Dima Dorfman Date: Wed, 17 Jul 2002 01:46:48 +0000 Subject: [PATCH] Introduce the DEVFS "rule" subsystem. DEVFS rules permit the administrator to define certain properties of new devfs nodes before they become visible to the userland. Both static (e.g., /dev/speaker) and dynamic (e.g., /dev/bpf*, some removable devices) nodes are supported. Each DEVFS mount may have a different ruleset assigned to it, permitting different policies to be implemented for things like jails. Approved by: phk --- sbin/Makefile | 1 + sbin/devfs/Makefile | 8 + sbin/devfs/devfs.8 | 326 ++++++++++++++ sbin/devfs/devfs.c | 140 ++++++ sbin/devfs/extern.h | 55 +++ sbin/devfs/rule.c | 419 ++++++++++++++++++ sys/conf/files | 1 + sys/fs/devfs/devfs.h | 88 +++- sys/fs/devfs/devfs_devs.c | 2 + sys/fs/devfs/devfs_rule.c | 839 ++++++++++++++++++++++++++++++++++++ sys/fs/devfs/devfs_vfsops.c | 1 + sys/fs/devfs/devfs_vnops.c | 20 + 12 files changed, 1899 insertions(+), 1 deletion(-) create mode 100644 sbin/devfs/Makefile create mode 100644 sbin/devfs/devfs.8 create mode 100644 sbin/devfs/devfs.c create mode 100644 sbin/devfs/extern.h create mode 100644 sbin/devfs/rule.c create mode 100644 sys/fs/devfs/devfs_rule.c diff --git a/sbin/Makefile b/sbin/Makefile index b9c8473680a1..1dd8fdcbbf07 100644 --- a/sbin/Makefile +++ b/sbin/Makefile @@ -12,6 +12,7 @@ SUBDIR= adjkerntz \ clri \ comcontrol \ conscontrol \ + devfs \ dhclient \ disklabel \ dmesg \ diff --git a/sbin/devfs/Makefile b/sbin/devfs/Makefile new file mode 100644 index 000000000000..59c0178ea2b6 --- /dev/null +++ b/sbin/devfs/Makefile @@ -0,0 +1,8 @@ +# $FreeBSD$ + +PROG= devfs +SRCS= devfs.c rule.c +MAN= devfs.8 +WARNS?= 4 + +.include diff --git a/sbin/devfs/devfs.8 b/sbin/devfs/devfs.8 new file mode 100644 index 000000000000..48e63c6c0cdf --- /dev/null +++ b/sbin/devfs/devfs.8 @@ -0,0 +1,326 @@ +.\" +.\" Copyright (c) 2002 Dima Dorfman. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dt DEVFS 8 +.Dd July 1, 2002 +.Os +.Sh NAME +.Nm devfs +.Nd "DEVFS control" +.Sh SYNOPSIS +.Nm +.Op Fl m Ar mount-point +.Cm keyword +.Ar argument ... +.Sh DESCRIPTION +The +.Nm +utility provides an interface to manipulate properties of +.Xr devfs 5 +mounts. +.Pp +The first keyword after the program name determines the context for +the rest of the arguments. +For example, +most of the commands related to the rule subsystem must be preceded by the +.Cm rule +keyword. +The following flags are common to all keywords: +.Bl -tag -offset indent +.It Fl m Ar mount-point +Operate on +.Ar mount-point , +which is expected to be a +.Xr devfs 5 +mount. +If this option is not specified, +.Nm +operates on +.Pa /dev . +.El +.Sh RULE SUBSYSTEM +The +.Xr devfs 5 +rule subsystem provides a way for the administrator of a system to control +the attributes of DEVFS nodes. +.\" XXX devfs node? entry? what? +Each DEVFS mount-point has a +.Dq ruleset , +or a list of rules, +associated with it. +When a device driver creates a new node, +all the rules in the ruleset associated with each mount-point are applied +(see below) before the node becomes visible to the userland. +This permits the administrator to change the properties, +including the visibility, +of certain nodes. +For example, one might want to hide all disk nodes in a +.Xr jail 2 Ns 's +.Pa /dev . +.Ss Rule Manipulation +Rule manipulation commands follow the +.Cm rule +keyword. +The following flags are common to all of the rule manipulation commands: +.Bl -tag -offset indent +.It Fl s Ar ruleset +Operate on the ruleset with the number +.Ar ruleset . +If this is not specified, +the commands operate on the ruleset currently associated with the +specified mount-point. +.El +.Pp +The following commands are recognized: +.Bl -tag -offset indent +.It Cm rule add Oo Ar rulenum Oc Ar rulespec +Add the rule described by +.Ar rulespec +(defined below) +to the ruleset. +The rule has the number +.Ar rulenum +if it is explicitly specified; +otherwise, the rule number is automatically determined by the kernel. +.It Cm rule apply Ar rulenum | Ar rulespec +Apply rule number +.Ar rulenum +or the rule described by +.Ar rulespec +to the mount-point. +Rules that are "applied" have their conditions checked against all nodes +in the mount-point, and the actions taken if they match. +.It Cm rule applyset +Apply all the rules in the ruleset to the mount-point +(see above for the definition of "apply"). +.It Cm rule del Ar rulenum +Delete rule number +.Ar rulenum +from the ruleset. +.It Cm rule delset +Delete all rules from the ruleset. +.It Cm rule show Op Ar rulenum +Display the rule number +.Ar rulenum , +or all the rules in the ruleset. +The output lines (one line per rule) are expected to be valid +.Ar rulespec Ns s . +.It Cm rule showsets +Report the numbers of existing rulesets. +.It Cm ruleset Ar ruleset +Set ruleset number +.Ar ruleset +as the current ruleset for the mount-point. +.El +.Ss Rule Specification +Rules have two parts: the conditions and the actions. +The conditions determine which DEVFS nodes the rule matches, +and the actions determine what should be done when a rule matches a node. +For example, a rule can be written that sets the GID to +.Li games +for all devices with major number 53. +.Pp +The following conditions are recognized. +Conditions are ANDed together when matching a device; +if OR is desired, multiple rules can be written. +.Bl -tag -offset indent +.It Cm major Ar majdev +Matches any node with a major number equal to +.Ar majdev . +.It Cm path Ar pattern +Matches any node with a path that matches +.Ar pattern . +The latter is interpreted as a +.Xr glob 3 Ns -style +pattern. +(Note: Pattern matching is currently unimplemented; +the only wildcard recognized is an asterisk at the end of the string. +This will be corrected in the future.) +.It Cm type Ar devtype +Matches any node that is of type +.Ar devtype . +Valid types are +.Li disk , mem , tape +and +.Li tty . +.El +.Pp +The following actions are recognized. +Although there is no explicit delimiter between conditions and actions, +they may not be intermixed. +.Bl -tag -offset indent +.It Cm group Ar gid +Set the GID of the node to +.Ar gid , +which may be a group name +(looked up in +.Pa /etc/group ) +or number. +.It Cm hide +Hide the node. +Nodes may later be revived manually with +.Xr mknod 8 , +or with the +.Cm unhide +action. +.It Cm include Ar ruleset +Apply all the rules in ruleset number +.Ar ruleset +to the node. +This does not necessarily result in any changes to the node +(e.g., if none of the rules in the included ruleset match). +.It Cm mode Ar filemode +Set the file mode to +.Ar filemode , +which is interpreted in octal. +.It Cm user Ar uid +Set the UID to +.Ar uid , +which may be a user name +(looked up in +.Pa /etc/passwd ) +or number. +.It Cm unhide +Unhide the node. +.El +.Ss Notes +.Bl -bullet -offset indent +.It +Rulesets are created by the kernel at the first reference, +and destroyed when the last reference disappears. +E.g., a ruleset is created when a rule is added to it or when it is set +as the current ruleset for a mount-point; +a ruleset is destroyed when the last rule in it is deleted, +and no other references to it exist +(i.e., it is not included by any rules, and it is not the current ruleset +for any mount-point). +.It +Ruleset number 0 is the default ruleset for all new mount-points. +It is always empty, cannot be modified or deleted, and does not show up +in the output of +.Cm showsets . +.It +Rules and rulesets are unique to the entire system, +not a particular mount-point. +I.e., a +.Cm showsets +will return the same information regardless of the mount-point specified with +.Fl m . +The mount-point is only relevant when changing what its current ruleset is, +or when using one of the apply commands. +.El +.Ss Examples +When the system boots, +the only ruleset that exists is ruleset number 0; +since the latter may not be modified, we have to create another ruleset +before adding rules. +Note that since most of the following examples don't specify +.Fl m , +the operations are performed on +.Pa /dev +(this only matters for things that might change the properties of nodes). +.Pp +.Dl devfs ruleset 10 +.Pp +Specify that ruleset 10 should be the current ruleset for +.Pa /dev +(if it does not already exist, it is created). +.Pp +.Dl devfs rule add path speaker mode 666 +.Pp +Add a rule that causes all nodes that have a path that matches +"speaker" +(this is only +.Pa /dev/speaker ) +to have the file mode 666 (read and write for all). +Note that if any such nodes already exist, their mode will not be changed +unless this rule (or ruleset) is explicitly applied (see below). +The mode +.Em will +be changed if the node is created +.Em after +the rule is added +(e.g., the +.Pa atspeaker +module is loaded after the above rule is added). +.Pp +.Dl devfs rule applyset +.Pp +Apply all the rules in the current ruleset to all the existing nodes. +E.g., if the above rule was added after +.Pa /dev/speaker +was created, +this command will cause its file mode to be changed to 666, +as rule rule prescribes. +.Pp +.Dl devfs rule add path "snp*" mode 660 group snoopers +.Pp +(Quoting the argument to +.Cm path +is often necessary to disable the shell's globbing features.) +For all devices with a path that matches "snp*", +set the file more to 660, and the GID to +.Li snoopers . +This permits users in the +.Li snoopers +group to use the +.Xr snp 4 +devices. +.Pp +.Dl devfs rule -s 20 add major 53 group games +.Pp +Add a rule to ruleset number 20. +Since this ruleset is not the current ruleset for any mount-points, +this rule is never applied automatically (unless ruleset 20 becomes +a current ruleset for some mount-point at a later time). +However, it can be applied explicitly, as such: +.Pp +.Dl devfs -m /my/jail/dev rule -s 20 applyset +.Pp +This will apply all rules in ruleset number 20 to the DEVFS mount on +.Pa /my/jail/dev . +It doesn't matter that ruleset 20 is not the current ruleset for that +mount-point; the rules are applied regardless. +.Pp +.Dl devfs rule apply hide +.Pp +Since this rule has no conditions, the action +.Pq Cm hide +will be applied to all nodes. +Since hiding all nodes isn't very useful, we can undo like so: +.Pp +.Dl devfs rule apply unhide +.Sh SEE ALSO +.Xr jail 2 , +.Xr glob 3 , +.Xr devfs 5 , +.Xr chmod 8 , +.Xr chown 8 , +.Xr jail 8 , +.Xr mknod 8 +.Sh AUTHORS +.An Dima Dorfman diff --git a/sbin/devfs/devfs.c b/sbin/devfs/devfs.c new file mode 100644 index 000000000000..4622bb9de40c --- /dev/null +++ b/sbin/devfs/devfs.c @@ -0,0 +1,140 @@ +/*- + * Copyright (c) 2002 Dima Dorfman. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * DEVFS control. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "extern.h" + +int mpfd; + +static ctbl_t ctbl_main = { + { "rule", rule_main }, + { "ruleset", ruleset_main }, + { NULL, NULL } +}; + +int +main(int ac, char **av) +{ + const char *mountpt; + struct cmd *c; + char ch; + + mountpt = NULL; + while ((ch = getopt(ac, av, "m:")) != -1) + switch (ch) { + case 'm': + mountpt = optarg; + break; + default: + usage(); + } + ac -= optind; + av += optind; + if (ac < 1) + usage(); + + if (mountpt == NULL) + mountpt = _PATH_DEV; + mpfd = open(mountpt, O_RDONLY); + if (mpfd == -1) + err(1, "open: %s", mountpt); + + for (c = ctbl_main; c->name != NULL; ++c) + if (strcmp(c->name, av[0]) == 0) + exit((*c->handler)(ac, av)); + errx(1, "unknown command: %s", av[0]); +} + +/* + * Convert an integer to a "number" (ruleset numbers and rule numbers + * are 16-bit). If the conversion is successful, num contains the + * integer representation of s and 1 is returned; otherwise, 0 is + * returned and num is unchanged. + */ +int +atonum(const char *s, uint16_t *num) +{ + unsigned long ul; + char *cp; + + ul = strtoul(s, &cp, 10); + if (ul > UINT16_MAX || *cp != '\0') + return (0); + *num = (uint16_t)ul; + return (1); +} + +/* + * Convert user input in ASCII to an integer. + */ +int +eatoi(const char *s) +{ + char *cp; + long l; + + l = strtol(s, &cp, 10); + if (l > INT_MAX || *cp != '\0') + errx(1, "error converting to integer: %s", s); + return ((int)l); +} + +/* + * As atonum(), but the result of failure is death. + */ +uint16_t +eatonum(const char *s) +{ + uint16_t num; + + if (!atonum(s, &num)) + errx(1, "error converting to number: %s", s); /* XXX clarify */ + return (num); +} + +void +usage(void) +{ + + fprintf(stderr, "usage: devfs rule|ruleset arguments\n"); + exit(1); +} diff --git a/sbin/devfs/extern.h b/sbin/devfs/extern.h new file mode 100644 index 000000000000..9814b1561ce8 --- /dev/null +++ b/sbin/devfs/extern.h @@ -0,0 +1,55 @@ +/*- + * Copyright (c) 2002 Dima Dorfman. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef __DEVFS_H__ +#define __DEVFS_H__ + +#include + +struct intstr { + const char *s; + int i; +}; + +typedef int (command_t)(int, char **); +typedef struct cmd ctbl_t[]; +struct cmd { + const char *name; + command_t *handler; +}; + +command_t rule_main, ruleset_main; + +int atonum(const char *, uint16_t *); +int eatoi(const char *); +uint16_t eatonum(const char *); +void usage(void) __dead2; + +extern int mpfd; /* Mount-point file descriptor. */ + +#endif /* !__DEVFS_H__ */ diff --git a/sbin/devfs/rule.c b/sbin/devfs/rule.c new file mode 100644 index 000000000000..27ad2a600364 --- /dev/null +++ b/sbin/devfs/rule.c @@ -0,0 +1,419 @@ +/*- + * Copyright (c) 2002 Dima Dorfman. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Rule subsystem manipulation. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "extern.h" + +static void rulespec_intok(struct devfs_rule *dr, int ac, char **av, + devfs_rsnum rsnum); +static void rulespec_outfp(FILE *fp, struct devfs_rule *dr); + +static command_t rule_add, rule_apply, rule_applyset; +static command_t rule_del, rule_delset, rule_show, rule_showsets; + +static ctbl_t ctbl_rule = { + { "add", rule_add }, + { "apply", rule_apply }, + { "applyset", rule_applyset }, + { "del", rule_del }, + { "delset", rule_delset }, + { "show", rule_show }, + { "showsets", rule_showsets }, + { NULL, NULL } +}; + +static struct intstr ist_type[] = { + { "disk", D_DISK }, + { "mem", D_MEM }, + { "tape", D_TAPE }, + { "tty", D_TTY }, + { NULL, -1 } +}; + +devfs_rsnum in_rsnum; + +int +rule_main(int ac, char **av) +{ + struct cmd *c; + char ch; + + setprogname("devfs rule"); + optreset = optind = 1; + while ((ch = getopt(ac, av, "s:")) != -1) + switch (ch) { + case 's': + in_rsnum = eatonum(optarg); + break; + default: + usage(); + } + ac -= optind; + av += optind; + if (ac < 1) + usage(); + + for (c = ctbl_rule; c->name != NULL; ++c) + if (strcmp(c->name, av[0]) == 0) + exit((*c->handler)(ac, av)); + errx(1, "unknown command: %s", av[0]); +} + +static int +rule_add(int ac, char **av) +{ + struct devfs_rule dr; + int rv; + + if (ac < 2) + usage(); + rulespec_intok(&dr, ac - 1, av + 1, in_rsnum); + rv = ioctl(mpfd, DEVFSIO_RADD, &dr); + if (rv == -1) + err(1, "ioctl DEVFSIO_RADD"); + return (0); +} + +static int +rule_apply(int ac __unused, char **av __unused) +{ + struct devfs_rule dr; + devfs_rnum rnum; + devfs_rid rid; + int rv; + + if (ac < 2) + usage(); + if (!atonum(av[1], &rnum)) { + rulespec_intok(&dr, ac - 1, av + 1, in_rsnum); + rv = ioctl(mpfd, DEVFSIO_RAPPLY, &dr); + if (rv == -1) + err(1, "ioctl DEVFSIO_RAPPLY"); + } else { + rid = mkrid(in_rsnum, rnum); + rv = ioctl(mpfd, DEVFSIO_RAPPLYID, &rid); + if (rv == -1) + err(1, "ioctl DEVFSIO_RAPPLYID"); + } + return (0); +} + +static int +rule_applyset(int ac, char **av __unused) +{ + int rv; + + if (ac != 1) + usage(); + rv = ioctl(mpfd, DEVFSIO_SAPPLY, &in_rsnum); + if (rv == -1) + err(1, "ioctl DEVFSIO_SAPPLY"); + return (0); +} + +static int +rule_del(int ac __unused, char **av) +{ + devfs_rid rid; + int rv; + + if (av[1] == NULL) + usage(); + rid = mkrid(in_rsnum, eatoi(av[1])); + rv = ioctl(mpfd, DEVFSIO_RDEL, &rid); + if (rv == -1) + err(1, "ioctl DEVFSIO_RDEL"); + return (0); +} + +static int +rule_delset(int ac, char **av __unused) +{ + struct devfs_rule dr; + int rv; + + if (ac != 1) + usage(); + memset(&dr, '\0', sizeof(dr)); + dr.dr_magic = DEVFS_MAGIC; + dr.dr_id = mkrid(in_rsnum, 0); + while (ioctl(mpfd, DEVFSIO_RGETNEXT, &dr) != -1) { + rv = ioctl(mpfd, DEVFSIO_RDEL, &dr.dr_id); + if (rv == -1) + err(1, "ioctl DEVFSIO_RDEL"); + } + if (errno != ENOENT) + err(1, "ioctl DEVFSIO_RGETNEXT"); + return (0); +} + +static int +rule_show(int ac __unused, char **av) +{ + struct devfs_rule dr; + devfs_rnum rnum; + int rv; + + memset(&dr, '\0', sizeof(dr)); + dr.dr_magic = DEVFS_MAGIC; + if (av[1] != NULL) { + rnum = eatoi(av[1]); + dr.dr_id = mkrid(in_rsnum, rnum - 1); + rv = ioctl(mpfd, DEVFSIO_RGETNEXT, &dr); + if (rv == -1) + err(1, "ioctl DEVFSIO_RGETNEXT"); + if (rid2rn(dr.dr_id) == rnum) + rulespec_outfp(stdout, &dr); + } else { + dr.dr_id = mkrid(in_rsnum, 0); + while (ioctl(mpfd, DEVFSIO_RGETNEXT, &dr) != -1) + rulespec_outfp(stdout, &dr); + if (errno != ENOENT) + err(1, "ioctl DEVFSIO_RGETNEXT"); + } + return (0); +} + +static int +rule_showsets(int ac, char **av __unused) +{ + devfs_rsnum rsnum; + + if (ac != 1) + usage(); + rsnum = 0; + while (ioctl(mpfd, DEVFSIO_SGETNEXT, &rsnum) != -1) + printf("%d\n", rsnum); + if (errno != ENOENT) + err(1, "ioctl DEVFSIO_SGETNEXT"); + return (0); +} + +int +ruleset_main(int ac, char **av) +{ + devfs_rsnum rsnum; + int rv; + + setprogname("devfs ruleset"); + if (ac < 2) + usage(); + rsnum = eatonum(av[1]); + rv = ioctl(mpfd, DEVFSIO_SUSE, &rsnum); + if (rv == -1) + err(1, "ioctl DEVFSIO_SUSE"); + return (0); +} + + +/* + * Construct a /struct devfs_rule/ from ac and av. + */ +static void +rulespec_intok(struct devfs_rule *dr, int ac __unused, char **av, + devfs_rsnum rsnum) +{ + struct intstr *is; + struct passwd *pw; + struct group *gr; + devfs_rnum rnum; + char *cp; + long l; + + memset(dr, '\0', sizeof(*dr)); + + /* + * We don't maintain ac hereinafter. + */ + if (av[0] == NULL) + errx(1, "unexpected end of rulespec"); + + /* If the first argument is an integer, treat it as a rule number. */ + if (!atonum(av[0], &rnum)) + rnum = 0; /* auto-number */ + else + ++av; + + /* + * These aren't table-driven since that would result in more + * tiny functions than I care to deal with. + */ + for (;;) { + if (av[0] == NULL) + break; + else if (strcmp(av[0], "type") == 0) { + if (av[1] == NULL) + errx(1, "expecting argument for type"); + for (is = ist_type; is->s != NULL; ++is) + if (strcmp(av[1], is->s) == 0) { + dr->dr_dswflags |= is->i; + break; + } + if (is->s == NULL) + errx(1, "unknown type: %s", av[1]); + dr->dr_icond |= DRC_DSWFLAGS; + av += 2; + } else if (strcmp(av[0], "path") == 0) { + if (av[1] == NULL) + errx(1, "expecting argument for path"); + if (strlcpy(dr->dr_pathptrn, av[1], DEVFS_MAXPTRNLEN) + >= DEVFS_MAXPTRNLEN) + warnx("pattern specified too long; truncated"); + dr->dr_icond |= DRC_PATHPTRN; + av += 2; + } else if (strcmp(av[0], "major") == 0) { + if (av[1] == NULL) + errx(1, "expecting argument for major"); + dr->dr_major = eatoi(av[1]); + dr->dr_icond |= DRC_MAJOR; + av += 2; + } else + break; + } + for (;;) { + if (av[0] == NULL) + break; + else if (strcmp(av[0], "hide") == 0) { + dr->dr_iacts |= DRA_BACTS; + dr->dr_bacts |= DRB_HIDE; + ++av; + } else if (strcmp(av[0], "unhide") == 0) { + dr->dr_iacts |= DRA_BACTS; + dr->dr_bacts |= DRB_UNHIDE; + ++av; + } else if (strcmp(av[0], "user") == 0) { + if (av[1] == NULL) + errx(1, "expecting argument for user"); + dr->dr_iacts |= DRA_UID; + pw = getpwnam(av[1]); + if (pw != NULL) + dr->dr_uid = pw->pw_uid; + else + dr->dr_uid = eatoi(av[1]); /* XXX overflow */ + av += 2; + } else if (strcmp(av[0], "group") == 0) { + if (av[1] == NULL) + errx(1, "expecting argument for group"); + dr->dr_iacts |= DRA_GID; + gr = getgrnam(av[1]); + if (gr != NULL) + dr->dr_gid = gr->gr_gid; + else + dr->dr_gid = eatoi(av[1]); /* XXX overflow */ + av += 2; + } else if (strcmp(av[0], "mode") == 0) { + if (av[1] == NULL) + errx(1, "expecting argument for mode"); + dr->dr_iacts |= DRA_MODE; + l = strtol(av[1], &cp, 8); + if (l > (1 << (sizeof(dr->dr_mode) * 8)) - 1 || + *cp != '\0') + errx(1, "invalid mode: %s", av[1]); + dr->dr_mode = l; + av += 2; + } else if (strcmp(av[0], "include") == 0) { + if (av[1] == NULL) + errx(1, "expecting argument for include"); + dr->dr_iacts |= DRA_INCSET; + dr->dr_incset = eatonum(av[1]); + av += 2; + } else + errx(1, "unknown argument: %s", av[0]); + } + + dr->dr_id = mkrid(rsnum, rnum); + dr->dr_magic = DEVFS_MAGIC; +} + +/* + * Write a human-readable (and machine-parsable, by rulespec_in*()) + * representation of dr to bufp. *bufp should be free(3)'d when the + * caller is finished with it. + */ +static void +rulespec_outfp(FILE *fp, struct devfs_rule *dr) +{ + struct intstr *is; + struct passwd *pw; + struct group *gr; + + fprintf(fp, "%d", rid2rn(dr->dr_id)); + + if (dr->dr_icond & DRC_DSWFLAGS) + for (is = ist_type; is->s != NULL; ++is) + if (dr->dr_dswflags & is->i) + fprintf(fp, " type %s", is->s); + if (dr->dr_icond & DRC_PATHPTRN) + fprintf(fp, " path %s", dr->dr_pathptrn); + if (dr->dr_icond & DRC_MAJOR) + fprintf(fp, " major %d", dr->dr_major); + + if (dr->dr_iacts & DRA_BACTS) { + if (dr->dr_bacts & DRB_HIDE) + fprintf(fp, " hide"); + if (dr->dr_bacts & DRB_UNHIDE) + fprintf(fp, " unhide"); + } + if (dr->dr_iacts & DRA_UID) { + pw = getpwuid(dr->dr_uid); + if (pw == NULL) + fprintf(fp, " user %d", dr->dr_uid); + else + fprintf(fp, " user %s", pw->pw_name); + } + if (dr->dr_iacts & DRA_GID) { + gr = getgrgid(dr->dr_gid); + if (gr == NULL) + fprintf(fp, " group %d", dr->dr_gid); + else + fprintf(fp, " group %s", gr->gr_name); + } + if (dr->dr_iacts & DRA_MODE) + fprintf(fp, " mode %o", dr->dr_mode); + if (dr->dr_iacts & DRA_INCSET) + fprintf(fp, " include %d", dr->dr_incset); + + fprintf(fp, "\n"); +} diff --git a/sys/conf/files b/sys/conf/files index 97ae16efe46f..7a596ce96ec3 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -677,6 +677,7 @@ dev/xe/if_xe_pccard.c optional xe card dev/xe/if_xe_pccard.c optional xe pccard fs/deadfs/dead_vnops.c standard fs/devfs/devfs_devs.c standard +fs/devfs/devfs_rule.c standard fs/devfs/devfs_vfsops.c standard fs/devfs/devfs_vnops.c standard fs/fdescfs/fdesc_vfsops.c optional fdescfs diff --git a/sys/fs/devfs/devfs.h b/sys/fs/devfs/devfs.h index 137797f4c8db..2f0dc762018b 100644 --- a/sys/fs/devfs/devfs.h +++ b/sys/fs/devfs/devfs.h @@ -3,6 +3,8 @@ * The Regents of the University of California. All rights reserved. * Copyright (c) 2000 * Poul-Henning Kamp. All rights reserved. + * Copyright (c) 2002 + * Dima Dorfman. All rights reserved. * * This code is derived from software donated to Berkeley by * Jan-Simon Pendry. @@ -37,7 +39,86 @@ #ifndef _FS_DEVFS_DEVFS_H_ #define _FS_DEVFS_DEVFS_H_ -#ifdef _KERNEL /* No userland stuff in here... */ +#define DEVFS_MAGIC 0xdb0a087a + +/* + * Identifiers. The ruleset and rule numbers are 16-bit values. The + * "rule ID" is a combination of the ruleset and rule number; it + * should be able to univocally describe a rule in the system. In + * this implementation, the upper 16 bits of the rule ID is the + * ruleset number; the lower 16 bits, the rule number within the + * aforementioned ruleset. + */ +typedef uint16_t devfs_rnum; +typedef uint16_t devfs_rsnum; +typedef uint32_t devfs_rid; + +/* + * Identifier manipulators. + */ +#define rid2rsn(rid) ((rid) >> 16) +#define rid2rn(rid) ((rid) & 0xffff) +#define mkrid(rsn, rn) ((rn) | ((rsn) << 16)) + +/* + * Plain DEVFS rule. This gets shared between kernel and userland + * verbatim, so it shouldn't contain any pointers or other kernel- or + * userland-specific values. + */ +struct devfs_rule { + uint32_t dr_magic; /* Magic number. */ + devfs_rid dr_id; /* Identifier. */ + + /* + * Conditions under which this rule should be applied. These + * are ANDed together since OR can be simulated by using + * multiple rules. dr_icond determines which of the other + * variables we should process. + */ + int dr_icond; +#define DRC_DSWFLAGS 0x001 +#define DRC_PATHPTRN 0x002 +#define DRC_MAJOR 0x004 + int dr_dswflags; /* cdevsw flags to match. */ +#define DEVFS_MAXPTRNLEN 200 + char dr_pathptrn[DEVFS_MAXPTRNLEN]; /* Pattern to match path. */ + int dr_major; /* Device major number. */ + + /* + * Things to change. dr_iacts determines which of the other + * variables we should process. + */ + int dr_iacts; +#define DRA_BACTS 0x001 +#define DRA_UID 0x002 +#define DRA_GID 0x004 +#define DRA_MODE 0x008 +#define DRA_INCSET 0x010 + int dr_bacts; /* Boolean (on/off) action. */ +#define DRB_HIDE 0x001 /* Hide entry (DE_WHITEOUT). */ +#define DRB_UNHIDE 0x002 /* Unhide entry. */ + uid_t dr_uid; + gid_t dr_gid; + mode_t dr_mode; + devfs_rsnum dr_incset; /* Included ruleset. */ +}; + +/* + * Rule-related ioctls. + */ +#define DEVFSIO_RADD _IOWR('D', 0, struct devfs_rule) +#define DEVFSIO_RDEL _IOW('D', 1, devfs_rid) +#define DEVFSIO_RAPPLY _IOW('D', 2, struct devfs_rule) +#define DEVFSIO_RAPPLYID _IOW('D', 3, devfs_rid) +#define DEVFSIO_RGETNEXT _IOWR('D', 4, struct devfs_rule) + +#define DEVFSIO_SUSE _IOW('D', 10, devfs_rsnum) +#define DEVFSIO_SAPPLY _IOW('D', 11, devfs_rsnum) +#define DEVFSIO_SGETNEXT _IOWR('D', 12, devfs_rsnum) + +/* XXX: DEVFSIO_RS_GET_INFO for refcount, active if any, etc. */ + +#ifdef _KERNEL /* * These are default sizes for the DEVFS inode table and the overflow @@ -94,6 +175,7 @@ struct devfs_mount { struct devfs_dirent **dm_overflow; int dm_inode; struct lock dm_lock; + devfs_rsnum dm_ruleset; }; /* @@ -106,6 +188,10 @@ struct devfs_mount { extern vop_t **devfs_vnodeop_p; extern vop_t **devfs_specop_p; +void devfs_rules_apply(struct devfs_mount *dm, struct devfs_dirent *de); +void devfs_rules_init(void); +int devfs_rules_ioctl(struct mount *mp, int cmd, caddr_t data, struct thread *td); +void devfs_rules_newmount(struct devfs_mount *dm, struct thread *td); int devfs_allocv (struct devfs_dirent *de, struct mount *mp, struct vnode **vpp, struct thread *td); dev_t *devfs_itod (int inode); struct devfs_dirent **devfs_itode (struct devfs_mount *dm, int inode); diff --git a/sys/fs/devfs/devfs_devs.c b/sys/fs/devfs/devfs_devs.c index ef9827cf5e45..fd378b8c0ca2 100644 --- a/sys/fs/devfs/devfs_devs.c +++ b/sys/fs/devfs/devfs_devs.c @@ -352,6 +352,7 @@ devfs_populate(struct devfs_mount *dm) } *dep = de; de->de_dir = dd; + devfs_rules_apply(dm, de); TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list); #if 0 printf("Add ino%d %s\n", i, dev->si_name); @@ -435,6 +436,7 @@ devfs_init(void *junk) devfs_create_hook = devfs_create; devfs_destroy_hook = devfs_destroy; devfs_present = 1; + devfs_rules_init(); } SYSINIT(devfs, SI_SUB_DEVFS, SI_ORDER_FIRST, devfs_init, NULL); diff --git a/sys/fs/devfs/devfs_rule.c b/sys/fs/devfs/devfs_rule.c new file mode 100644 index 000000000000..3f19da2c3054 --- /dev/null +++ b/sys/fs/devfs/devfs_rule.c @@ -0,0 +1,839 @@ +/*- + * Copyright (c) 2002 Dima Dorfman. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* + * DEVFS ruleset implementation. + * + * A note on terminology: To "run" a rule on a dirent is to take the + * prescribed action; to "apply" a rule is to check whether it matches + * a dirent and run if if it does. + * + * A note on locking: Only foreign entry points (non-static functions) + * should deal with locking. Everything else assumes we already hold + * the required kind of lock. + * + * A note on namespace: devfs_rules_* are the non-static functions for + * the entire "ruleset" subsystem, devfs_rule_* are the static + * functions that operate on rules, and devfs_ruleset_* are the static + * functions that operate on rulesets. The line between the last two + * isn't always clear, but the guideline is still useful. + * + * A note on "special" identifiers: Ruleset 0 is the NULL, or empty, + * ruleset; it cannot be deleted or changed in any way. This may be + * assumed inside the code; e.g., a ruleset of 0 may be interpeted to + * mean "no ruleset". The interpretation of rule 0 is + * command-dependent, but in no case is there a real rule with number + * 0. + * + * A note on errno codes: To make it easier for the userland to tell + * what went wrong, we sometimes use errno codes that are not entirely + * appropriate for the error but that would be less ambiguous than the + * appropriate "generic" code. For example, when we can't find a + * ruleset, we return ESRCH instead of ENOENT (except in + * DEVFSIO_{R,S}GETNEXT, where a nonexistent ruleset means "end of + * list", and the userland expects ENOENT to be this indicator); this + * way, when an operation fails, it's clear that what couldn't be + * found is a ruleset and not a rule (well, it's clear to those who + * know the convention). + */ + +#include "opt_devfs.h" +#ifndef NODEVFS + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + + +/* + * Kernel version of devfs_rule. + */ +struct devfs_krule { + SLIST_ENTRY(devfs_krule) dk_list; + struct devfs_ruleset *dk_ruleset; + struct devfs_rule dk_rule; +}; + +/* + * Structure to describe a ruleset. + */ +struct devfs_ruleset { + SLIST_ENTRY(devfs_ruleset) ds_list; + devfs_rsnum ds_number; + SLIST_HEAD(, devfs_krule) ds_rules; + int ds_refcount; + int ds_flags; +#define DS_IMMUTABLE 0x001 +}; + +static devfs_rid devfs_rid_input(devfs_rid rid, struct devfs_mount *dm); + +static void devfs_rule_applyde(struct devfs_krule *dk,struct devfs_dirent *de); +static void devfs_rule_applyde_recursive(struct devfs_krule *dk, + struct devfs_dirent *de); +static void devfs_rule_applydm(struct devfs_krule *dk, struct devfs_mount *dm); +static int devfs_rule_autonumber(struct devfs_ruleset *ds, devfs_rnum *rnp); +static struct devfs_krule *devfs_rule_byid(devfs_rid rid); +static int devfs_rule_delete(struct devfs_krule **dkp); +static dev_t devfs_rule_getdev(struct devfs_dirent *de); +static int devfs_rule_input(struct devfs_rule *dr, struct devfs_mount *dm); +static int devfs_rule_insert(struct devfs_rule *dr); +static int devfs_rule_match(struct devfs_krule *dk, struct devfs_dirent *de); +static int devfs_rule_matchpath(struct devfs_krule *dk, + struct devfs_dirent *de); +static void devfs_rule_run(struct devfs_krule *dk, struct devfs_dirent *de); + +static void devfs_ruleset_applyde(struct devfs_ruleset *ds, + struct devfs_dirent *de); +static void devfs_ruleset_applydm(struct devfs_ruleset *ds, + struct devfs_mount *dm); +static struct devfs_ruleset *devfs_ruleset_bynum(devfs_rsnum rsnum); +static struct devfs_ruleset *devfs_ruleset_create(devfs_rsnum rsnum); +static void devfs_ruleset_destroy(struct devfs_ruleset **dsp); +static void devfs_ruleset_reap(struct devfs_ruleset **dsp); +static int devfs_ruleset_use(devfs_rsnum rsnum, struct devfs_mount *dm); + +static SLIST_HEAD(, devfs_ruleset) devfs_rulesets; + +/* + * Called to apply the proper rules for de before the latter can be + * exposed to the userland. This should be called with an exclusive + * lock on dm in case we need to run anything. + */ +void +devfs_rules_apply(struct devfs_mount *dm, struct devfs_dirent *de) +{ + struct devfs_ruleset *ds; + + ds = devfs_ruleset_bynum(dm->dm_ruleset); + KASSERT(ds != NULL, ("mount-point has NULL ruleset")); + devfs_ruleset_applyde(ds, de); +} + +/* + * Rule subsystem SYSINIT hook. + */ +void +devfs_rules_init(void) +{ + struct devfs_ruleset *ds; + + SLIST_INIT(&devfs_rulesets); + + ds = devfs_ruleset_create(0); + ds->ds_flags |= DS_IMMUTABLE; + ds->ds_refcount = 1; /* Prevent reaping. */ +} + +/* + * Rule subsystem ioctl hook. + */ +int +devfs_rules_ioctl(struct mount *mp, int cmd, caddr_t data, struct thread *td) +{ + struct devfs_mount *dm = VFSTODEVFS(mp); + struct devfs_ruleset *ds; + struct devfs_krule *dk; + struct devfs_rule *dr; + devfs_rsnum rsnum; + devfs_rnum rnum; + devfs_rid rid; + int error; + + /* + * XXX: This returns an error regardless of whether we + * actually support the cmd or not. + */ + error = suser(td); + if (error != 0) + return (error); + + lockmgr(&dm->dm_lock, LK_SHARED, 0, td); + + switch (cmd) { + case DEVFSIO_RADD: + dr = (struct devfs_rule *)data; + error = devfs_rule_input(dr, dm); + if (error != 0) + goto out; + dk = devfs_rule_byid(dr->dr_id); + if (dk != NULL) { + error = EEXIST; + goto out; + } + lockmgr(&dm->dm_lock, LK_UPGRADE, 0, td); + error = devfs_rule_insert(dr); + break; + case DEVFSIO_RAPPLY: + dr = (struct devfs_rule *)data; + error = devfs_rule_input(dr, dm); + if (error != 0) + goto out; + + /* + * This is one of many possible hackish + * implementations. The primary contender is an + * implementation where the rule we read in is + * temporarily inserted into some ruleset, perhaps + * with a hypothetical DRO_NOAUTO flag so that it + * doesn't get used where it isn't intended, and + * applied in the normal way. This can be done in the + * userland (DEVFSIO_ADD, DEVFSIO_APPLYID, + * DEVFSIO_DEL) or in the kernel; either way it breaks + * some corner case assumptions in other parts of the + * code (not that this implementation doesn't do + * that). + */ + if (dr->dr_iacts & DRA_INCSET && + devfs_ruleset_bynum(dr->dr_incset) == NULL) { + error = ESRCH; + goto out; + } + dk = malloc(sizeof(*dk), M_TEMP, M_WAITOK | M_ZERO); + memcpy(&dk->dk_rule, dr, sizeof(*dr)); + lockmgr(&dm->dm_lock, LK_UPGRADE, 0, td); + devfs_rule_applydm(dk, dm); + lockmgr(&dm->dm_lock, LK_DOWNGRADE, 0, td); + free(dk, M_TEMP); + error = 0; + break; + case DEVFSIO_RAPPLYID: + rid = *(devfs_rid *)data; + rid = devfs_rid_input(rid, dm); + dk = devfs_rule_byid(rid); + if (dk == NULL) { + error = ENOENT; + goto out; + } + lockmgr(&dm->dm_lock, LK_UPGRADE, 0, td); + devfs_rule_applydm(dk, dm); + error = 0; + break; + case DEVFSIO_RDEL: + rid = *(devfs_rid *)data; + rid = devfs_rid_input(rid, dm); + dk = devfs_rule_byid(rid); + if (dk == NULL) { + error = ENOENT; + goto out; + } + ds = dk->dk_ruleset; + lockmgr(&dm->dm_lock, LK_UPGRADE, 0, td); + error = devfs_rule_delete(&dk); + devfs_ruleset_reap(&ds); + break; + case DEVFSIO_RGETNEXT: + dr = (struct devfs_rule *)data; + error = devfs_rule_input(dr, dm); + if (error != 0) + goto out; + /* + * We can't use devfs_rule_byid() here since that + * requires the rule specified to exist, but we want + * getnext(N) to work whether there is a rule N or not + * (specifically, getnext(0) must work, but we should + * never have a rule 0 since the add command + * interprets 0 to mean "auto-number"). + */ + ds = devfs_ruleset_bynum(rid2rsn(dr->dr_id)); + if (ds == NULL) { + error = ENOENT; + goto out; + } + rnum = rid2rn(dr->dr_id); + SLIST_FOREACH(dk, &ds->ds_rules, dk_list) { + if (rid2rn(dk->dk_rule.dr_id) > rnum) + break; + } + if (dk == NULL) { + error = ENOENT; + goto out; + } + memcpy(dr, &dk->dk_rule, sizeof(*dr)); + error = 0; + break; + case DEVFSIO_SUSE: + rsnum = *(devfs_rsnum *)data; + lockmgr(&dm->dm_lock, LK_UPGRADE, 0, td); + error = devfs_ruleset_use(rsnum, dm); + break; + case DEVFSIO_SAPPLY: + rsnum = *(devfs_rsnum *)data; + rsnum = rid2rsn(devfs_rid_input(mkrid(rsnum, 0), dm)); + ds = devfs_ruleset_bynum(rsnum); + if (ds == NULL) { + error = ESRCH; + goto out; + } + lockmgr(&dm->dm_lock, LK_UPGRADE, 0, td); + devfs_ruleset_applydm(ds, dm); + error = 0; + break; + case DEVFSIO_SGETNEXT: + rsnum = *(devfs_rsnum *)data; + SLIST_FOREACH(ds, &devfs_rulesets, ds_list) { + if (ds->ds_number > rsnum) + break; + } + if (ds == NULL) + error = ENOENT; + else { + *(devfs_rsnum *)data = ds->ds_number; + error = 0; + } + break; + default: + error = ENOIOCTL; + break; + } + +out: + lockmgr(&dm->dm_lock, LK_RELEASE, 0, td); + return (error); +} + +/* + * Called to initialize dm_ruleset when there is a new mount-point. + */ +void +devfs_rules_newmount(struct devfs_mount *dm, struct thread *td) +{ + struct devfs_ruleset *ds; + + lockmgr(&dm->dm_lock, LK_EXCLUSIVE, 0, td); + /* + * We can't use devfs_ruleset_use() since it will try to + * decrement the refcount for the old ruleset, and there is no + * old ruleset. Making some value of ds_ruleset "special" to + * mean "don't decrement refcount" is uglier than this. + */ + ds = devfs_ruleset_bynum(0); + KASSERT(ds != NULL, ("no ruleset 0")); + ++ds->ds_refcount; + dm->dm_ruleset = 0; + lockmgr(&dm->dm_lock, LK_RELEASE, 0, td); +} + +/* + * Adjust the rule identifier to use the ruleset of dm if one isn't + * explicitly specified. + * + * Note that after this operation, rid2rsn(rid) might still be 0, and + * that's okay; ruleset 0 is a valid ruleset, but when it's read in + * from the userland, it means "current ruleset for this mount-point". + */ +static devfs_rid +devfs_rid_input(devfs_rid rid, struct devfs_mount *dm) +{ + + if (rid2rsn(rid) == 0) + return (mkrid(dm->dm_ruleset, rid2rn(rid))); + else + return (rid); +} + +/* + * Apply dk to de. + */ +static void +devfs_rule_applyde(struct devfs_krule *dk, struct devfs_dirent *de) +{ + + if (devfs_rule_match(dk, de)) + devfs_rule_run(dk, de); +} + +/* + * Apply dk to de and everything under de. + * + * XXX: This method needs a function call for every nested + * subdirectory in a devfs mount. If we plan to have many of these, + * we might eventually run out of kernel stack space. + */ +static void +devfs_rule_applyde_recursive(struct devfs_krule *dk, struct devfs_dirent *de) +{ + struct devfs_dirent *de2; + + /* XXX: Should we apply to ourselves first or last? Does it matter? */ + TAILQ_FOREACH(de2, &de->de_dlist, de_list) { + devfs_rule_applyde_recursive(dk, de2); + } + devfs_rule_applyde(dk, de); +} + +/* + * Apply dk to all entires in dm. + */ +static void +devfs_rule_applydm(struct devfs_krule *dk, struct devfs_mount *dm) +{ + + devfs_rule_applyde_recursive(dk, dm->dm_basedir); +} + +/* + * Automatically select a number for a new rule in ds, and write the + * result into rnump. + */ +static int +devfs_rule_autonumber(struct devfs_ruleset *ds, devfs_rnum *rnump) +{ + struct devfs_krule *dk; + + /* Find the last rule. */ + SLIST_FOREACH(dk, &ds->ds_rules, dk_list) { + if (SLIST_NEXT(dk, dk_list) == NULL) + break; + } + if (dk == NULL) + *rnump = 100; + else { + *rnump = rid2rn(dk->dk_rule.dr_id) + 100; + /* Detect overflow. */ + if (*rnump < rid2rn(dk->dk_rule.dr_id)) + return (ERANGE); + } + KASSERT(devfs_rule_byid(mkrid(ds->ds_number, *rnump)) == NULL, + ("autonumbering resulted in an already existing rule")); + return (0); +} + +/* + * Find a krule by id. + */ +static struct devfs_krule * +devfs_rule_byid(devfs_rid rid) +{ + struct devfs_ruleset *ds; + struct devfs_krule *dk; + devfs_rnum rn; + + rn = rid2rn(rid); + ds = devfs_ruleset_bynum(rid2rsn(rid)); + if (ds == NULL) + return (NULL); + SLIST_FOREACH(dk, &ds->ds_rules, dk_list) { + if (rid2rn(dk->dk_rule.dr_id) == rn) + return (dk); + else if (rid2rn(dk->dk_rule.dr_id) > rn) + break; + } + return (NULL); +} + +/* + * Remove dkp from any lists it may be on and remove memory associated + * with it. + */ +static int +devfs_rule_delete(struct devfs_krule **dkp) +{ + struct devfs_krule *dk = *dkp; + struct devfs_ruleset *ds; + + if (dk->dk_rule.dr_iacts & DRA_INCSET) { + ds = devfs_ruleset_bynum(dk->dk_rule.dr_incset); + KASSERT(ds != NULL, ("DRA_INCSET but bad dr_incset")); + --ds->ds_refcount; + devfs_ruleset_reap(&ds); + } + SLIST_REMOVE(&dk->dk_ruleset->ds_rules, dk, devfs_krule, dk_list); + free(dk, M_DEVFS); + *dkp = NULL; + return (0); +} + +/* + * Get a dev_t corresponding to de so we can try to match rules based + * on it. If this routine returns NULL, there is no dev_t associated + * with the dirent (symlinks and directories don't have dev_ts), and + * the caller should assume that any critera dependent on a dev_t + * don't match. + */ +static dev_t +devfs_rule_getdev(struct devfs_dirent *de) +{ + dev_t *devp, dev; + + devp = devfs_itod(de->de_inode); + if (devp != NULL) + dev = *devp; + else + dev = NULL; + /* If we think this dirent should have a dev_t, alert the user. */ + if (dev == NULL && de->de_dirent->d_type != DT_LNK && + de->de_dirent->d_type != DT_DIR) + printf("Warning: no dev_t for %s\n", de->de_dirent->d_name); + return (dev); +} + +/* + * Do what we need to do to a rule that we just loaded from the + * userland. In particular, we need to check the magic, and adjust + * the ruleset appropriate if desired. + */ +static int +devfs_rule_input(struct devfs_rule *dr, struct devfs_mount *dm) +{ + + if (dr->dr_magic != DEVFS_MAGIC) + return (ERPCMISMATCH); + dr->dr_id = devfs_rid_input(dr->dr_id, dm); + return (0); +} + +/* + * Import dr into the appropriate place in the kernel (i.e., make a + * krule). The value of dr is copied, so the pointer may be destroyed + * after this call completes. + */ +static int +devfs_rule_insert(struct devfs_rule *dr) +{ + struct devfs_ruleset *ds, *dsi; + struct devfs_krule *k1, *k2; + struct devfs_krule *dk; + devfs_rsnum rsnum; + devfs_rnum dkrn; + int error; + + /* + * This stuff seems out of place here, but we want to do it as + * soon as possible so that if it fails, we don't have to roll + * back any changes we already made (e.g., ruleset creation). + */ + if (dr->dr_iacts & DRA_INCSET) { + dsi = devfs_ruleset_bynum(dr->dr_incset); + if (dsi == NULL) + return (ESRCH); + } else + dsi = NULL; + + rsnum = rid2rsn(dr->dr_id); + ds = devfs_ruleset_bynum(rsnum); + if (ds == NULL) + ds = devfs_ruleset_create(rsnum); + if (ds->ds_flags & DS_IMMUTABLE) + return (EIO); + dkrn = rid2rn(dr->dr_id); + if (dkrn == 0) { + error = devfs_rule_autonumber(ds, &dkrn); + if (error != 0) + return (error); + } + + dk = malloc(sizeof(*dk), M_DEVFS, M_WAITOK); + dk->dk_ruleset = ds; + if (dsi != NULL) + ++dsi->ds_refcount; + /* XXX: Inspect dr? */ + memcpy(&dk->dk_rule, dr, sizeof(*dr)); + dk->dk_rule.dr_id = mkrid(rid2rsn(dk->dk_rule.dr_id), dkrn); + + k1 = SLIST_FIRST(&ds->ds_rules); + if (k1 == NULL || rid2rn(k1->dk_rule.dr_id) > dkrn) + SLIST_INSERT_HEAD(&ds->ds_rules, dk, dk_list); + else { + SLIST_FOREACH(k1, &ds->ds_rules, dk_list) { + k2 = SLIST_NEXT(k1, dk_list); + if (k2 == NULL || rid2rn(k2->dk_rule.dr_id) > dkrn) { + SLIST_INSERT_AFTER(k1, dk, dk_list); + break; + } + } + } + + return (0); +} + +/* + * Determine whether dk matches de. Returns 1 if dk should be run on + * de; 0, otherwise. + */ +static int +devfs_rule_match(struct devfs_krule *dk, struct devfs_dirent *de) +{ + struct devfs_rule *dr = &dk->dk_rule; + dev_t dev; + + dev = devfs_rule_getdev(de); + /* + * At this point, if dev is NULL, we should assume that any + * criteria that depend on it don't match. We should *not* + * just ignore them (i.e., act like they weren't specified), + * since that makes a rule that only has criteria dependent on + * the dev_t match all symlinks and directories. + * + * Note also that the following tests are somewhat reversed: + * They're actually testing to see whether the condition does + * *not* match, since the default is to assume the rule should + * be run (such as if there are no conditions). + */ + if (dr->dr_icond & DRC_DSWFLAGS) + if (dev == NULL || + (dev->si_devsw->d_flags & dr->dr_dswflags) == 0) + goto nomatch; + if (dr->dr_icond & DRC_PATHPTRN) + if (!devfs_rule_matchpath(dk, de)) + goto nomatch; + if (dr->dr_icond & DRC_MAJOR) + if (dev == NULL || major(dev) != dr->dr_major) + goto nomatch; + + return (1); + +nomatch: + return (0); +} + +/* + * Determine whether dk matches de on account of dr_pathptrn. + */ +static int +devfs_rule_matchpath(struct devfs_krule *dk, struct devfs_dirent *de) +{ + struct devfs_rule *dr = &dk->dk_rule; + char *pname; + dev_t dev; + int plen; + + dev = devfs_rule_getdev(de); + if (dev != NULL) + pname = dev->si_name; + /* XXX: Support symlinks (check d_type == DT_LNK here). */ + else + return (0); + KASSERT(pname != NULL, ("devfs_rule_matchpath: NULL pname")); + + /* + * XXX: Interpret dr_pathptrn as a real pattern (support '*', + * '?', and perhaps brace expansion). For now, we only + * support one trailing asterisk. + */ + plen = strlen(dr->dr_pathptrn); + if (dr->dr_pathptrn[plen - 1] == '*') { + if (strlen(pname) >= plen - 1 && + strncmp(dr->dr_pathptrn, pname, plen - 1) == 0) + return (1); + } else + if (strcmp(dr->dr_pathptrn, pname) == 0) + return (1); + return (0); +} + +/* + * Run dk on de. + */ +static void +devfs_rule_run(struct devfs_krule *dk, struct devfs_dirent *de) +{ + struct devfs_rule *dr = &dk->dk_rule; + struct devfs_ruleset *ds; + + if (dr->dr_iacts & DRA_BACTS) { + if (dr->dr_bacts & DRB_HIDE) + de->de_flags |= DE_WHITEOUT; + if (dr->dr_bacts & DRB_UNHIDE) + de->de_flags &= ~DE_WHITEOUT; + } + if (dr->dr_iacts & DRA_UID) + de->de_uid = dr->dr_uid; + if (dr->dr_iacts & DRA_GID) + de->de_gid = dr->dr_gid; + if (dr->dr_iacts & DRA_MODE) + de->de_mode = dr->dr_mode; + if (dr->dr_iacts & DRA_INCSET) { + ds = devfs_ruleset_bynum(dk->dk_rule.dr_incset); + KASSERT(ds != NULL, ("DRA_INCSET but bad dr_incset")); + if (dk->dk_ruleset == ds) { + /* XXX: Do a better job of detecting loops. */ + printf("Warning: Ruleset %d including itself!\n", + dk->dk_ruleset->ds_number); + } else + devfs_ruleset_applyde(ds, de); + } +} + +/* + * Apply all the rules in ds to de. + */ +static void +devfs_ruleset_applyde(struct devfs_ruleset *ds, struct devfs_dirent *de) +{ + struct devfs_krule *dk; + + SLIST_FOREACH(dk, &ds->ds_rules, dk_list) { + devfs_rule_applyde(dk, de); + } +} + +/* + * Apply all the rules in ds to all the entires in dm. + */ +static void +devfs_ruleset_applydm(struct devfs_ruleset *ds, struct devfs_mount *dm) +{ + struct devfs_krule *dk; + + /* + * XXX: Does it matter whether we do + * + * foreach(dk in ds) + * foreach(de in dm) + * apply(dk to de) + * + * as opposed to + * + * foreach(de in dm) + * foreach(dk in ds) + * apply(dk to de) + * + * The end result is obviously the same, but does the order + * matter? + */ + SLIST_FOREACH(dk, &ds->ds_rules, dk_list) { + devfs_rule_applydm(dk, dm); + } +} + +/* + * Find a ruleset by number. + */ +static struct devfs_ruleset * +devfs_ruleset_bynum(devfs_rsnum rsnum) +{ + struct devfs_ruleset *ds; + + SLIST_FOREACH(ds, &devfs_rulesets, ds_list) { + if (ds->ds_number == rsnum) + return (ds); + } + return (NULL); +} + +/* + * Create a new ruleset. + */ +static struct devfs_ruleset * +devfs_ruleset_create(devfs_rsnum rsnum) +{ + struct devfs_ruleset *s1, *s2; + struct devfs_ruleset *ds; + + KASSERT(devfs_ruleset_bynum(rsnum) == NULL, + ("creating already existent ruleset %d", rsnum)); + + ds = malloc(sizeof(*ds), M_DEVFS, M_WAITOK | M_ZERO); + ds->ds_number = rsnum; + ds->ds_refcount = ds->ds_flags = 0; + SLIST_INIT(&ds->ds_rules); + + s1 = SLIST_FIRST(&devfs_rulesets); + if (s1 == NULL || s1->ds_number > rsnum) + SLIST_INSERT_HEAD(&devfs_rulesets, ds, ds_list); + else { + SLIST_FOREACH(s1, &devfs_rulesets, ds_list) { + s2 = SLIST_NEXT(s1, ds_list); + if (s2 == NULL || s2->ds_number > rsnum) { + SLIST_INSERT_AFTER(s1, ds, ds_list); + break; + } + } + } + + return (ds); +} + +/* + * Remove a ruleset form the system. The ruleset specified must be + * empty and not in use. + */ +static void +devfs_ruleset_destroy(struct devfs_ruleset **dsp) +{ + struct devfs_ruleset *ds = *dsp; + + KASSERT(SLIST_EMPTY(&ds->ds_rules), ("destroying non-empty ruleset")); + KASSERT(ds->ds_refcount == 0, ("destroying busy ruleset")); + KASSERT((ds->ds_flags & DS_IMMUTABLE) == 0, + ("destroying immutable ruleset")); + + SLIST_REMOVE(&devfs_rulesets, ds, devfs_ruleset, ds_list); + free(ds, M_DEVFS); + *dsp = NULL; +} + +/* + * Remove a ruleset from the system if it's empty and not used + * anywhere. This should be called after every time a rule is deleted + * from this ruleset or the reference count is decremented. + */ +static void +devfs_ruleset_reap(struct devfs_ruleset **dsp) +{ + struct devfs_ruleset *ds = *dsp; + + if (SLIST_EMPTY(&ds->ds_rules) && ds->ds_refcount == 0) { + devfs_ruleset_destroy(&ds); + *dsp = ds; + } +} + +/* + * Make rsnum the active ruleset for dm. + */ +static int +devfs_ruleset_use(devfs_rsnum rsnum, struct devfs_mount *dm) +{ + struct devfs_ruleset *cds, *ds; + + ds = devfs_ruleset_bynum(rsnum); + if (ds == NULL) + ds = devfs_ruleset_create(rsnum); + cds = devfs_ruleset_bynum(dm->dm_ruleset); + KASSERT(cds != NULL, ("mount-point has NULL ruleset")); + + /* These should probably be made atomic somehow. */ + --cds->ds_refcount; + ++ds->ds_refcount; + dm->dm_ruleset = rsnum; + + devfs_ruleset_reap(&cds); + return (0); +} + +#endif /* !NODEVFS */ diff --git a/sys/fs/devfs/devfs_vfsops.c b/sys/fs/devfs/devfs_vfsops.c index 4b2d7701be60..a46b0c4c49a6 100644 --- a/sys/fs/devfs/devfs_vfsops.c +++ b/sys/fs/devfs/devfs_vfsops.c @@ -91,6 +91,7 @@ devfs_mount(mp, ndp, td) fmp->dm_rootdir = devfs_vmkdir("(root)", 6, NULL); fmp->dm_rootdir->de_inode = 2; fmp->dm_basedir = fmp->dm_rootdir; + devfs_rules_newmount(fmp, td); error = devfs_root(mp, &rvp); if (error) { diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index 8779c96381f7..069d22469166 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -62,6 +62,7 @@ static int devfs_access(struct vop_access_args *ap); static int devfs_getattr(struct vop_getattr_args *ap); +static int devfs_ioctl(struct vop_ioctl_args *ap); static int devfs_lookupx(struct vop_lookup_args *ap); static int devfs_mknod(struct vop_mknod_args *ap); static int devfs_pathconf(struct vop_pathconf_args *ap); @@ -246,6 +247,24 @@ devfs_getattr(ap) return (error); } +static int +devfs_ioctl(ap) + struct vop_ioctl_args /* { + struct vnode *a_vp; + int a_command; + caddr_t a_data; + int a_fflag; + struct ucred *a_cred; + struct thread *a_td; + } */ *ap; +{ + int error; + + error = devfs_rules_ioctl(ap->a_vp->v_mount, ap->a_command, ap->a_data, + ap->a_td); + return (error); +} + static int devfs_lookupx(ap) struct vop_lookup_args /* { @@ -808,6 +827,7 @@ static struct vnodeopv_entry_desc devfs_vnodeop_entries[] = { { &vop_default_desc, (vop_t *) vop_defaultop }, { &vop_access_desc, (vop_t *) devfs_access }, { &vop_getattr_desc, (vop_t *) devfs_getattr }, + { &vop_ioctl_desc, (vop_t *) devfs_ioctl }, { &vop_islocked_desc, (vop_t *) vop_stdislocked }, { &vop_lock_desc, (vop_t *) vop_stdlock }, { &vop_lookup_desc, (vop_t *) devfs_lookup },