fd: make rights a mandatory argument to fget_unlocked
This commit is contained in:
parent
1b5e46102c
commit
a5a3a94b02
@ -622,6 +622,7 @@ svr4_sys_fchroot(td, uap)
|
|||||||
struct thread *td;
|
struct thread *td;
|
||||||
struct svr4_sys_fchroot_args *uap;
|
struct svr4_sys_fchroot_args *uap;
|
||||||
{
|
{
|
||||||
|
cap_rights_t rights;
|
||||||
struct filedesc *fdp = td->td_proc->p_fd;
|
struct filedesc *fdp = td->td_proc->p_fd;
|
||||||
struct vnode *vp;
|
struct vnode *vp;
|
||||||
struct file *fp;
|
struct file *fp;
|
||||||
@ -630,7 +631,7 @@ svr4_sys_fchroot(td, uap)
|
|||||||
if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0)
|
if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0)
|
||||||
return error;
|
return error;
|
||||||
/* XXX: we have the chroot priv... what cap might we need? all? */
|
/* XXX: we have the chroot priv... what cap might we need? all? */
|
||||||
if ((error = getvnode(fdp, uap->fd, 0, &fp)) != 0)
|
if ((error = getvnode(fdp, uap->fd, cap_rights_init(&rights), &fp)) != 0)
|
||||||
return error;
|
return error;
|
||||||
vp = fp->f_vnode;
|
vp = fp->f_vnode;
|
||||||
VREF(vp);
|
VREF(vp);
|
||||||
|
@ -746,7 +746,8 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
|
|||||||
arg = arg ? 128 * 1024: 0;
|
arg = arg ? 128 * 1024: 0;
|
||||||
/* FALLTHROUGH */
|
/* FALLTHROUGH */
|
||||||
case F_READAHEAD:
|
case F_READAHEAD:
|
||||||
error = fget_unlocked(fdp, fd, NULL, &fp, NULL);
|
error = fget_unlocked(fdp, fd,
|
||||||
|
cap_rights_init(&rights), &fp, NULL);
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
break;
|
break;
|
||||||
if (fp->f_type != DTYPE_VNODE) {
|
if (fp->f_type != DTYPE_VNODE) {
|
||||||
@ -2368,11 +2369,9 @@ fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
|
|||||||
if (fp == NULL)
|
if (fp == NULL)
|
||||||
return (EBADF);
|
return (EBADF);
|
||||||
#ifdef CAPABILITIES
|
#ifdef CAPABILITIES
|
||||||
if (needrightsp != NULL) {
|
error = cap_check(&haverights, needrightsp);
|
||||||
error = cap_check(&haverights, needrightsp);
|
if (error != 0)
|
||||||
if (error != 0)
|
return (error);
|
||||||
return (error);
|
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
retry:
|
retry:
|
||||||
count = fp->f_count;
|
count = fp->f_count;
|
||||||
|
@ -33,6 +33,7 @@
|
|||||||
#include <sys/file.h>
|
#include <sys/file.h>
|
||||||
#include <sys/filedesc.h>
|
#include <sys/filedesc.h>
|
||||||
#include <sys/refcount.h>
|
#include <sys/refcount.h>
|
||||||
|
#include <sys/capsicum.h>
|
||||||
#include <sys/proc.h>
|
#include <sys/proc.h>
|
||||||
|
|
||||||
#include <linux/fs.h>
|
#include <linux/fs.h>
|
||||||
@ -46,10 +47,11 @@ extern struct fileops linuxfileops;
|
|||||||
static inline struct linux_file *
|
static inline struct linux_file *
|
||||||
linux_fget(unsigned int fd)
|
linux_fget(unsigned int fd)
|
||||||
{
|
{
|
||||||
|
cap_rights_t rights;
|
||||||
struct file *file;
|
struct file *file;
|
||||||
|
|
||||||
if (fget_unlocked(curthread->td_proc->p_fd, fd, NULL, &file,
|
if (fget_unlocked(curthread->td_proc->p_fd, fd,
|
||||||
NULL) != 0) {
|
cap_rights_init(&rights), &file, NULL) != 0) {
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
return (struct linux_file *)file->f_data;
|
return (struct linux_file *)file->f_data;
|
||||||
@ -71,10 +73,11 @@ fput(struct linux_file *filp)
|
|||||||
static inline void
|
static inline void
|
||||||
put_unused_fd(unsigned int fd)
|
put_unused_fd(unsigned int fd)
|
||||||
{
|
{
|
||||||
|
cap_rights_t rights;
|
||||||
struct file *file;
|
struct file *file;
|
||||||
|
|
||||||
if (fget_unlocked(curthread->td_proc->p_fd, fd, NULL, &file,
|
if (fget_unlocked(curthread->td_proc->p_fd, fd,
|
||||||
NULL) != 0) {
|
cap_rights_init(&rights), &file, NULL) != 0) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
@ -91,10 +94,11 @@ put_unused_fd(unsigned int fd)
|
|||||||
static inline void
|
static inline void
|
||||||
fd_install(unsigned int fd, struct linux_file *filp)
|
fd_install(unsigned int fd, struct linux_file *filp)
|
||||||
{
|
{
|
||||||
|
cap_rights_t rights;
|
||||||
struct file *file;
|
struct file *file;
|
||||||
|
|
||||||
if (fget_unlocked(curthread->td_proc->p_fd, fd, NULL, &file,
|
if (fget_unlocked(curthread->td_proc->p_fd, fd,
|
||||||
NULL) != 0) {
|
cap_rights_init(&rights), &file, NULL) != 0) {
|
||||||
file = NULL;
|
file = NULL;
|
||||||
}
|
}
|
||||||
filp->_file = file;
|
filp->_file = file;
|
||||||
|
@ -32,6 +32,7 @@ __FBSDID("$FreeBSD$");
|
|||||||
|
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
#include <sys/filedesc.h>
|
#include <sys/filedesc.h>
|
||||||
|
#include <sys/capsicum.h>
|
||||||
#include <sys/ipc.h>
|
#include <sys/ipc.h>
|
||||||
#include <sys/mount.h>
|
#include <sys/mount.h>
|
||||||
#include <sys/proc.h>
|
#include <sys/proc.h>
|
||||||
@ -894,6 +895,7 @@ audit_arg_fcntl_rights(uint32_t fcntlrights)
|
|||||||
void
|
void
|
||||||
audit_sysclose(struct thread *td, int fd)
|
audit_sysclose(struct thread *td, int fd)
|
||||||
{
|
{
|
||||||
|
cap_rights_t rights;
|
||||||
struct kaudit_record *ar;
|
struct kaudit_record *ar;
|
||||||
struct vnode *vp;
|
struct vnode *vp;
|
||||||
struct file *fp;
|
struct file *fp;
|
||||||
@ -906,7 +908,7 @@ audit_sysclose(struct thread *td, int fd)
|
|||||||
|
|
||||||
audit_arg_fd(fd);
|
audit_arg_fd(fd);
|
||||||
|
|
||||||
if (getvnode(td->td_proc->p_fd, fd, 0, &fp) != 0)
|
if (getvnode(td->td_proc->p_fd, fd, cap_rights_init(&rights), &fp) != 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
vp = fp->f_vnode;
|
vp = fp->f_vnode;
|
||||||
|
Loading…
Reference in New Issue
Block a user