Re: doas called multiple times hangs

Sun, 20 Jan 2019 21:05:03 -0800 

Ted Unangst wrote:
> Dariusz Sendkowski wrote:
> > Yes, it does.
> > 
> > I extracted 'unveilcommands' function from doas.c and put it into a
> > standalone program to run it.
> > It turned out the result was the same as in doas command. When I disable
> > unveil, then it works fine.
> 
> This diff should fix the problem.

Actually, miscalculation. This is a better diff. Sorry for the trouble.
Against current, but should be adaptable to stable.

Index: vfs_syscalls.c
===================================================================
RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.310
diff -u -p -r1.310 vfs_syscalls.c
--- vfs_syscalls.c      3 Jan 2019 21:52:31 -0000       1.310
+++ vfs_syscalls.c      21 Jan 2019 04:57:17 -0000
@@ -92,6 +92,7 @@ int dofutimens(struct proc *, int, struc
 int dounmount_leaf(struct mount *, int, struct proc *);
 int unveil_add(struct proc *, struct nameidata *, const char *);
 void unveil_removevnode(struct vnode *vp);
+void unveil_free_traversed_vnodes(struct nameidata *);
 ssize_t unveil_find_cover(struct vnode *, struct proc *);
 struct unveil *unveil_lookup(struct vnode *, struct proc *, ssize_t *);
 
@@ -911,7 +912,7 @@ sys_unveil(struct proc *p, void *v, regi
 
        nd.ni_pledge = PLEDGE_UNVEIL;
        if ((error = namei(&nd)) != 0)
-               return (error);
+               goto end;
 
        /*
         * XXX Any access to the file or directory will allow us to
@@ -948,6 +949,10 @@ sys_unveil(struct proc *p, void *v, regi
                vrele(nd.ni_vp);
        if (nd.ni_dvp && nd.ni_dvp != nd.ni_vp)
                vrele(nd.ni_dvp);
+
+       pool_put(&namei_pool, nd.ni_cnd.cn_pnbuf);
+end:
+       unveil_free_traversed_vnodes(&nd);
 
        return (error);
 }
Index: kern_unveil.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_unveil.c,v
retrieving revision 1.22
diff -u -p -r1.22 kern_unveil.c
--- kern_unveil.c       17 Jan 2019 03:26:19 -0000      1.22
+++ kern_unveil.c       21 Jan 2019 05:01:26 -0000
@@ -630,8 +630,6 @@ unveil_add(struct proc *p, struct nameid
  done:
        if (ret == 0)
                unveil_add_traversed_vnodes(p, ndp);
-       unveil_free_traversed_vnodes(ndp);
-       pool_put(&namei_pool, ndp->ni_cnd.cn_pnbuf);
        return ret;
 }

Reply via email to