svn commit: r319819 - in stable/11: lib/libc/sys share/man/man4 sys/compat/freebsd32 sys/kern

Sat, 10 Jun 2017 19:05:12 -0700 

Author: allanjude
Date: Sun Jun 11 02:04:39 2017
New Revision: 319819
URL: https://svnweb.freebsd.org/changeset/base/319819

Log:
  MFC r318765:
        Allow cpuset_{get,set}affinity in capabilities mode
  
  Approved by:  re (marius)

Modified:
  stable/11/lib/libc/sys/cpuset_getaffinity.2
  stable/11/share/man/man4/capsicum.4
  stable/11/sys/compat/freebsd32/capabilities.conf
  stable/11/sys/compat/freebsd32/freebsd32_sysent.c
  stable/11/sys/kern/capabilities.conf
  stable/11/sys/kern/init_sysent.c
  stable/11/sys/kern/kern_cpuset.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/lib/libc/sys/cpuset_getaffinity.2
==============================================================================
--- stable/11/lib/libc/sys/cpuset_getaffinity.2 Sun Jun 11 00:44:19 2017        
(r319818)
+++ stable/11/lib/libc/sys/cpuset_getaffinity.2 Sun Jun 11 02:04:39 2017        
(r319819)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd June 2, 2016
+.Dd May 23, 2017
 .Dt CPUSET_GETAFFINITY 2
 .Os
 .Sh NAME
@@ -148,8 +148,14 @@ was either preposterously large or smaller than the ke
 .It Bq Er EPERM
 The calling process did not have the credentials required to complete the
 operation.
+.It Bq Er ECAPMODE
+The calling process attempted to act on a process other than itself, while 
+in capability mode.
+See
+.Xr capsicum 4 .
 .El
 .Sh SEE ALSO
+.Xr capsicum 4 ,
 .Xr cpuset 1 ,
 .Xr cpuset 2 ,
 .Xr cpuset_getid 2 ,

Modified: stable/11/share/man/man4/capsicum.4
==============================================================================
--- stable/11/share/man/man4/capsicum.4 Sun Jun 11 00:44:19 2017        
(r319818)
+++ stable/11/share/man/man4/capsicum.4 Sun Jun 11 02:04:39 2017        
(r319819)
@@ -26,7 +26,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 5, 2016
+.Dd May 18, 2017
 .Dt CAPSICUM 4
 .Os
 .Sh NAME
@@ -87,6 +87,16 @@ greater detail in
 An extension to the POSIX shared memory API to support anonymous swap objects
 associated with file descriptors; described in greater detail in
 .Xr shm_open 2 .
+.El
+.Pp
+In some cases,
+.Nm
+limits the valid values of some parameters to traditional APIs in order to
+restrict access to global namespaces:
+.Bl -tag -width indent
+.It process IDs
+Processes can only act upon their own process ID with syscalls such as
+.Xr cpuset_setaffinity 2 .
 .El
 .Sh SEE ALSO
 .Xr cap_enter 2 ,

Modified: stable/11/sys/compat/freebsd32/capabilities.conf
==============================================================================
--- stable/11/sys/compat/freebsd32/capabilities.conf    Sun Jun 11 00:44:19 
2017        (r319818)
+++ stable/11/sys/compat/freebsd32/capabilities.conf    Sun Jun 11 02:04:39 
2017        (r319819)
@@ -76,9 +76,9 @@ close
 closefrom
 connectat
 #cpuset
-#freebsd32_cpuset_getaffinity
+freebsd32_cpuset_getaffinity
 #freebsd32_cpuset_getid
-#freebsd32_cpuset_setaffinity
+freebsd32_cpuset_setaffinity
 #freebsd32_cpuset_setid
 dup
 dup2

Modified: stable/11/sys/compat/freebsd32/freebsd32_sysent.c
==============================================================================
--- stable/11/sys/compat/freebsd32/freebsd32_sysent.c   Sun Jun 11 00:44:19 
2017        (r319818)
+++ stable/11/sys/compat/freebsd32/freebsd32_sysent.c   Sun Jun 11 02:04:39 
2017        (r319819)
@@ -552,8 +552,8 @@ struct sysent freebsd32_sysent[] = {
        { AS(freebsd32_cpuset_setid_args), (sy_call_t *)freebsd32_cpuset_setid, 
AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },       /* 485 = freebsd32_cpuset_setid 
*/
 #endif
        { AS(freebsd32_cpuset_getid_args), (sy_call_t *)freebsd32_cpuset_getid, 
AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },       /* 486 = freebsd32_cpuset_getid 
*/
-       { AS(freebsd32_cpuset_getaffinity_args), (sy_call_t 
*)freebsd32_cpuset_getaffinity, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },   /* 
487 = freebsd32_cpuset_getaffinity */
-       { AS(freebsd32_cpuset_setaffinity_args), (sy_call_t 
*)freebsd32_cpuset_setaffinity, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },   /* 
488 = freebsd32_cpuset_setaffinity */
+       { AS(freebsd32_cpuset_getaffinity_args), (sy_call_t 
*)freebsd32_cpuset_getaffinity, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, 
SY_THR_STATIC },      /* 487 = freebsd32_cpuset_getaffinity */
+       { AS(freebsd32_cpuset_setaffinity_args), (sy_call_t 
*)freebsd32_cpuset_setaffinity, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, 
SY_THR_STATIC },      /* 488 = freebsd32_cpuset_setaffinity */
        { AS(faccessat_args), (sy_call_t *)sys_faccessat, AUE_FACCESSAT, NULL, 
0, 0, SYF_CAPENABLED, SY_THR_STATIC },   /* 489 = faccessat */
        { AS(fchmodat_args), (sy_call_t *)sys_fchmodat, AUE_FCHMODAT, NULL, 0, 
0, SYF_CAPENABLED, SY_THR_STATIC },      /* 490 = fchmodat */
        { AS(fchownat_args), (sy_call_t *)sys_fchownat, AUE_FCHOWNAT, NULL, 0, 
0, SYF_CAPENABLED, SY_THR_STATIC },      /* 491 = fchownat */

Modified: stable/11/sys/kern/capabilities.conf
==============================================================================
--- stable/11/sys/kern/capabilities.conf        Sun Jun 11 00:44:19 2017        
(r319818)
+++ stable/11/sys/kern/capabilities.conf        Sun Jun 11 02:04:39 2017        
(r319819)
@@ -133,13 +133,12 @@ closefrom
 connectat
 
 ##
-## cpuset(2) and related calls require scoping by process, but should
-## eventually be allowed, at least in the current process case.
+## cpuset(2) and related calls are limited to caller's own process/thread.
 ##
 #cpuset
-#cpuset_getaffinity
+cpuset_getaffinity
 #cpuset_getid
-#cpuset_setaffinity
+cpuset_setaffinity
 #cpuset_setid
 
 ##

Modified: stable/11/sys/kern/init_sysent.c
==============================================================================
--- stable/11/sys/kern/init_sysent.c    Sun Jun 11 00:44:19 2017        
(r319818)
+++ stable/11/sys/kern/init_sysent.c    Sun Jun 11 02:04:39 2017        
(r319819)
@@ -532,8 +532,8 @@ struct sysent sysent[] = {
        { AS(cpuset_args), (sy_call_t *)sys_cpuset, AUE_NULL, NULL, 0, 0, 0, 
SY_THR_STATIC },   /* 484 = cpuset */
        { AS(cpuset_setid_args), (sy_call_t *)sys_cpuset_setid, AUE_NULL, NULL, 
0, 0, 0, SY_THR_STATIC },       /* 485 = cpuset_setid */
        { AS(cpuset_getid_args), (sy_call_t *)sys_cpuset_getid, AUE_NULL, NULL, 
0, 0, 0, SY_THR_STATIC },       /* 486 = cpuset_getid */
-       { AS(cpuset_getaffinity_args), (sy_call_t *)sys_cpuset_getaffinity, 
AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },   /* 487 = cpuset_getaffinity */
-       { AS(cpuset_setaffinity_args), (sy_call_t *)sys_cpuset_setaffinity, 
AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },   /* 488 = cpuset_setaffinity */
+       { AS(cpuset_getaffinity_args), (sy_call_t *)sys_cpuset_getaffinity, 
AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },      /* 487 = 
cpuset_getaffinity */
+       { AS(cpuset_setaffinity_args), (sy_call_t *)sys_cpuset_setaffinity, 
AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },      /* 488 = 
cpuset_setaffinity */
        { AS(faccessat_args), (sy_call_t *)sys_faccessat, AUE_FACCESSAT, NULL, 
0, 0, SYF_CAPENABLED, SY_THR_STATIC },   /* 489 = faccessat */
        { AS(fchmodat_args), (sy_call_t *)sys_fchmodat, AUE_FCHMODAT, NULL, 0, 
0, SYF_CAPENABLED, SY_THR_STATIC },      /* 490 = fchmodat */
        { AS(fchownat_args), (sy_call_t *)sys_fchownat, AUE_FCHOWNAT, NULL, 0, 
0, SYF_CAPENABLED, SY_THR_STATIC },      /* 491 = fchownat */

Modified: stable/11/sys/kern/kern_cpuset.c
==============================================================================
--- stable/11/sys/kern/kern_cpuset.c    Sun Jun 11 00:44:19 2017        
(r319818)
+++ stable/11/sys/kern/kern_cpuset.c    Sun Jun 11 02:04:39 2017        
(r319819)
@@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/sched.h>
 #include <sys/smp.h>
 #include <sys/syscallsubr.h>
+#include <sys/capsicum.h>
 #include <sys/cpuset.h>
 #include <sys/sx.h>
 #include <sys/queue.h>
@@ -523,6 +524,7 @@ cpuset_setproc(pid_t pid, struct cpuset *set, cpuset_t
        int threads;
        int nfree;
        int error;
+
        /*
         * The algorithm requires two passes due to locking considerations.
         * 
@@ -1097,6 +1099,15 @@ kern_cpuset_getaffinity(struct thread *td, cpulevel_t 
 
        if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY)
                return (ERANGE);
+       /* In Capability mode, you can only get your own CPU set. */
+       if (IN_CAPABILITY_MODE(td)) {
+           if (level != CPU_LEVEL_WHICH)
+               return (ECAPMODE);
+           if (which != CPU_WHICH_TID && which != CPU_WHICH_PID)
+               return (ECAPMODE);
+           if (id != -1)
+               return (ECAPMODE);
+       }
        size = cpusetsize;
        mask = malloc(size, M_TEMP, M_WAITOK | M_ZERO);
        error = cpuset_which(which, id, &p, &ttd, &set);
@@ -1201,6 +1212,15 @@ kern_cpuset_setaffinity(struct thread *td, cpulevel_t 
 
        if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY)
                return (ERANGE);
+       /* In Capability mode, you can only set your own CPU set. */
+       if (IN_CAPABILITY_MODE(td)) {
+           if (level != CPU_LEVEL_WHICH)
+               return (ECAPMODE);
+           if (which != CPU_WHICH_TID && which != CPU_WHICH_PID)
+               return (ECAPMODE);
+           if (id != -1)
+               return (ECAPMODE);
+       }
        mask = malloc(cpusetsize, M_TEMP, M_WAITOK | M_ZERO);
        error = copyin(maskp, mask, cpusetsize);
        if (error)
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"

Reply via email to