On Mon, Jan 18, 2016 at 06:56:29PM +0100, Sebastien Marie wrote:
>
> Modulo the ENOTTY error code (see previous comment), yes the purpose is
> to early return from pledge_ioctl(). pledge(2) permits to expose only a
> portion of deeper kernel code for a set of defined operations.
>
Better diff: check for VBAD on the top of pledge_ioctl() so it
handles non-audio devices as well. Return ENOTTY, as would return
ioctl with no pledge().
OK?
Index: kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.147
diff -u -p -u -p -r1.147 kern_pledge.c
--- kern_pledge.c 18 Jan 2016 17:19:55 -0000 1.147
+++ kern_pledge.c 18 Jan 2016 22:46:41 -0000
@@ -1150,8 +1150,11 @@ pledge_ioctl(struct proc *p, long com, s
}
/* fp != NULL was already checked */
- if (fp->f_type == DTYPE_VNODE)
+ if (fp->f_type == DTYPE_VNODE) {
vp = fp->f_data;
+ if (vp->v_type == VBAD)
+ return (ENOTTY);
+ }
/*
* Further sets of ioctl become available, but are checked a
