On Mon, Jan 18, 2016 at 01:35:46PM +0100, Sebastien Marie wrote: > On Mon, Jan 18, 2016 at 12:55:30PM +0100, Alexandre Ratchov wrote: > > > > Unfortunately, if pledge is used, pledge_ioctl() checks if the > > vnode type is VCHR and the process ends up killed. > > > > The diff below fixes this by accepting the audio ioctls if the > > vnode type is VBAD. > > > > I am unsure about returning 0 for something we know is wrong to do.
heh, it's not wrong; disconnecting audio devices is a legitimate use of them ;) > Isn't possible to return an error ? As example, calling > ioctl(TIOCGWINSZ) on no-tty device return ENOTTY. > Agreed, and it's same for chardevs: the ioctl syscall returns uncondionnaly ENOTTY on disconnected devices: sys_ioctl() calls vn_ioctl() which returns ENOTTY if vp->v_type == VBAD. > There is a difference between: > - return 0 /* let deeper processing happen */ > - return Exxx /* early return an error */ > - return pledge_fail() /* kill the process */ > > I think the good approch would be to return an error. > You're suggesting to quickly return ENOTTY in pledge_ioctl(), to avoid going through the regular code-path that returns ENOTTY anyway?
