Hello,
As done in other parts of the kernel, introduce DPRINTF() macro
to unveil. I think this is worth doing because the code is slightly
more readable. OK?
- Michael
Index: kern_unveil.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_unveil.c,v
retrieving revision 1.15
diff -u -p -u -r1.15 kern_unveil.c
--- kern_unveil.c 25 Sep 2018 19:24:17 -0000 1.15
+++ kern_unveil.c 26 Sep 2018 15:02:51 -0000
@@ -36,6 +36,11 @@
#include <sys/pledge.h>
/* #define DEBUG_UNVEIL */
+#ifdef DEBUG_UNVEIL
+#define DPRINTF(x...) printf(x)
+#else
+#define DPRINTF(x...)
+#endif
#define UNVEIL_MAX_VNODES 128
#define UNVEIL_MAX_NAMES 128
@@ -111,9 +116,7 @@ unveil_delete_names(struct unveil *uv)
ret++;
}
rw_exit_write(&uv->uv_lock);
-#ifdef DEBUG_UNVEIL
- printf("deleted %d names\n", ret);
-#endif
+ DPRINTF("deleted %d names\n", ret);
return ret;
}
@@ -126,9 +129,7 @@ unveil_add_name(struct unveil *uv, char
unvn = unvname_new(name, strlen(name) + 1, flags);
RBT_INSERT(unvname_rbt, &uv->uv_names, unvn);
rw_exit_write(&uv->uv_lock);
-#ifdef DEBUG_UNVEIL
- printf("added name %s underneath vnode %p\n", name, uv->uv_vp);
-#endif
+ DPRINTF("added name %s underneath vnode %p\n", name, uv->uv_vp);
}
struct unvname *
@@ -138,10 +139,8 @@ unveil_namelookup(struct unveil *uv, cha
rw_enter_read(&uv->uv_lock);
-#ifdef DEBUG_UNVEIL
- printf("unveil_namelookup: looking up name %s (%p) in vnode %p\n",
+ DPRINTF("unveil_namelookup: looking up name %s (%p) in vnode %p\n",
name, name, uv->uv_vp);
-#endif
KASSERT(uv->uv_vp != NULL);
@@ -175,11 +174,9 @@ unveil_destroy(struct process *ps)
/* skip any vnodes zapped by unveil_removevnode */
if (vp != NULL) {
vp->v_uvcount--;
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d): removing vnode %p uvcount %d "
+ DPRINTF("unveil: %s(%d): removing vnode %p uvcount %d "
"in position %ld\n",
ps->ps_comm, ps->ps_pid, vp, vp->v_uvcount, i);
-#endif
vrele(vp);
}
ps->ps_uvncount -= unveil_delete_names(uv);
@@ -270,10 +267,8 @@ unveil_lookup(struct vnode *vp, struct p
/* clear the cwd unveil when we .. past it */
if (pr->ps_uvpcwd && (vp == pr->ps_uvpcwd->uv_vp)) {
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d): nuking cwd traversing vnode %p\n",
+ DPRINTF("unveil: %s(%d): nuking cwd traversing vnode %p\n",
p->p_p->ps_comm, p->p_p->ps_pid, vp);
-#endif
p->p_p->ps_uvpcwd = NULL;
p->p_p->ps_uvpcwdgone = 0;
}
@@ -292,10 +287,8 @@ unveil_lookup(struct vnode *vp, struct p
r = pr->ps_uvvcount - 1;
while (l <= r) {
size_t m = l + (r - l)/2;
-#ifdef DEBUG_UNVEIL
- printf("unveil: checking vnode %p vs. unveil vnode %p\n",
+ DPRINTF("unveil: checking vnode %p vs. unveil vnode %p\n",
vp, uv[m].uv_vp);
-#endif
if (vp == uv[m].uv_vp) {
KASSERT(uv[m].uv_vp->v_uvcount > 0);
KASSERT(uv[m].uv_vp->v_usecount > 0);
@@ -342,9 +335,7 @@ unveil_setflags(u_char *flags, u_char nf
{
#if 0
if (((~(*flags)) & nflags) != 0) {
-#ifdef DEBUG_UNVEIL
- printf("Flags escalation %llX -> %llX\n", *flags, nflags);
-#endif
+ DPRINTF("Flags escalation %llX -> %llX\n", *flags, nflags);
return 1;
}
#endif
@@ -451,11 +442,9 @@ unveil_add(struct proc *p, struct nameid
* unrestrict it.
*/
if (directory_add) {
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d): updating directory vnode %p"
+ DPRINTF("unveil: %s(%d): updating directory vnode %p"
" to unrestricted uvcount %d\n",
pr->ps_comm, pr->ps_pid, vp, vp->v_uvcount);
-#endif
if (!unveil_setflags(&uv->uv_flags, flags))
ret = EPERM;
else
@@ -471,12 +460,10 @@ unveil_add(struct proc *p, struct nameid
struct unvname *tname;
if ((tname = unveil_namelookup(uv,
ndp->ni_cnd.cn_nameptr)) != NULL) {
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d): changing flags for %s"
+ DPRINTF("unveil: %s(%d): changing flags for %s"
"in vnode %p, uvcount %d\n",
pr->ps_comm, pr->ps_pid, tname->un_name, vp,
vp->v_uvcount);
-#endif
if (!unveil_setflags(&tname->un_flags, flags))
ret = EPERM;
else
@@ -502,11 +489,9 @@ unveil_add(struct proc *p, struct nameid
if (directory_add) {
uv->uv_flags = flags;
ret = 0;
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d): added unrestricted directory vnode %p"
+ DPRINTF("unveil: %s(%d): added unrestricted directory vnode %p"
", uvcount %d\n",
pr->ps_comm, pr->ps_pid, vp, vp->v_uvcount);
-#endif
goto done;
}
@@ -514,13 +499,11 @@ unveil_add(struct proc *p, struct nameid
pr->ps_uvncount++;
ret = 0;
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d): added name %s beneath %s vnode %p,"
+ DPRINTF("unveil: %s(%d): added name %s beneath %s vnode %p,"
" uvcount %d\n",
pr->ps_comm, pr->ps_pid, ndp->ni_cnd.cn_nameptr,
uv->uv_flags ? "unrestricted" : "restricted",
vp, vp->v_uvcount);
-#endif
done:
if (ret == 0)
@@ -538,47 +521,35 @@ int
unveil_flagmatch(struct nameidata *ni, u_char flags)
{
if (flags == 0) {
-#ifdef DEBUG_UNVEIL
- printf("All operations forbidden for 0 flags\n");
-#endif
+ DPRINTF("All operations forbidden for 0 flags\n");
return 0;
}
if (ni->ni_unveil & UNVEIL_READ) {
if ((flags & UNVEIL_READ) == 0) {
-#ifdef DEBUG_UNVEIL
- printf("unveil lacks UNVEIL_READ\n");
-#endif
+ DPRINTF("unveil lacks UNVEIL_READ\n");
return 0;
}
}
if (ni->ni_unveil & UNVEIL_WRITE) {
if ((flags & UNVEIL_WRITE) == 0) {
-#ifdef DEBUG_UNVEIL
- printf("unveil lacks UNVEIL_WRITE\n");
-#endif
+ DPRINTF("unveil lacks UNVEIL_WRITE\n");
return 0;
}
}
if (ni->ni_unveil & UNVEIL_EXEC) {
if ((flags & UNVEIL_EXEC) == 0) {
-#ifdef DEBUG_UNVEIL
- printf("unveil lacks UNVEIL_EXEC\n");
-#endif
+ DPRINTF("unveil lacks UNVEIL_EXEC\n");
return 0;
}
}
if (ni->ni_unveil & UNVEIL_CREATE) {
if ((flags & UNVEIL_CREATE) == 0) {
-#ifdef DEBUG_UNVEIL
- printf("unveil lacks UNVEIL_CREATE\n");
-#endif
+ DPRINTF("unveil lacks UNVEIL_CREATE\n");
return 0;
}
}
if (ni->ni_unveil & UNVEIL_INSPECT) {
-#ifdef DEBUG_UNVEIL
- printf("any unveil allows UNVEIL_INSPECT\n");
-#endif
+ DPRINTF("any unveil allows UNVEIL_INSPECT\n");
}
return 1;
}
@@ -599,12 +570,9 @@ unveil_check_component(struct proc *p, s
if (unveil_flagmatch(ni, uv->uv_flags)) {
if (uv->uv_flags & UNVEIL_USERSET) {
ni->ni_unveil_match = uv;
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d): component
directory match"
+ DPRINTF("unveil: %s(%d): component
directory match"
" for vnode %p\n",
p->p_p->ps_comm, p->p_p->ps_pid,
dp);
-
-#endif
}
}
}
@@ -627,74 +595,58 @@ unveil_check_final(struct proc *p, struc
return (0);
if (ni->ni_cnd.cn_flags & BYPASSUNVEIL) {
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d): BYPASSUNVEIL.\n",
+ DPRINTF("unveil: %s(%d): BYPASSUNVEIL.\n",
p->p_p->ps_comm, p->p_p->ps_pid);
-#endif
CLR(ni->ni_pledge, PLEDGE_STATLIE);
return (0);
}
if (ni->ni_vp != NULL && ni->ni_vp->v_type == VDIR) {
uv = unveil_lookup(ni->ni_vp, p);
if (uv == NULL) {
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d) no match for vnode %p\n",
+ DPRINTF("unveil: %s(%d) no match for vnode %p\n",
p->p_p->ps_comm, p->p_p->ps_pid, ni->ni_vp);
-#endif
goto done;
}
if (!unveil_flagmatch(ni, uv->uv_flags)) {
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d) flag mismatch for directory"
+ DPRINTF("unveil: %s(%d) flag mismatch for directory"
" vnode %p\n",
p->p_p->ps_comm, p->p_p->ps_pid, ni->ni_vp);
-#endif
return EACCES;
}
} else {
uv = unveil_lookup(ni->ni_dvp, p);
if (uv == NULL) {
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d) no match for directory"
+ DPRINTF("unveil: %s(%d) no match for directory"
" vnode %p\n",
p->p_p->ps_comm, p->p_p->ps_pid, ni->ni_dvp);
-#endif
goto done;
}
if ((tname = unveil_namelookup(uv, ni->ni_cnd.cn_nameptr))
== NULL) {
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d) no match for terminal '%s' in "
+ DPRINTF("unveil: %s(%d) no match for terminal '%s' in "
"directory vnode %p\n",
p->p_p->ps_comm, p->p_p->ps_pid,
ni->ni_cnd.cn_nameptr, ni->ni_dvp);
-#endif
uv = NULL;
goto done;
}
if (!unveil_flagmatch(ni, tname->un_flags)) {
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d) flag mismatch for terminal
'%s'\n",
+ DPRINTF("unveil: %s(%d) flag mismatch for terminal
'%s'\n",
p->p_p->ps_comm, p->p_p->ps_pid, tname->un_name);
-#endif
return EACCES;
}
}
ni->ni_unveil_match = uv;
done:
if (ni->ni_unveil_match) {
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d): matched \"%s\" underneath/at vnode
%p\n",
+ DPRINTF("unveil: %s(%d): matched \"%s\" underneath/at vnode
%p\n",
p->p_p->ps_comm, p->p_p->ps_pid, ni->ni_cnd.cn_nameptr,
ni->ni_unveil_match->uv_vp);
-#endif
return (0);
} else if (p->p_p->ps_uvpcwd) {
ni->ni_unveil_match = p->p_p->ps_uvpcwd;
-#ifdef DEBUG_UNVEIL
- printf("unveil: %s(%d): used cwd unveil vnode from vnode %p\n",
+ DPRINTF("unveil: %s(%d): used cwd unveil vnode from vnode %p\n",
p->p_p->ps_comm, p->p_p->ps_pid,
ni->ni_unveil_match->uv_vp);
-#endif
return (0);
} else if (p->p_p->ps_uvpcwdgone) {
printf("Corner cases make Bob cry in a corner\n");
@@ -717,10 +669,8 @@ unveil_removevnode(struct vnode *vp)
if (vp->v_uvcount == 0)
return;
-#ifdef DEBUG_UNVEIL
- printf("unveil_removevnode found vnode %p with count %d\n",
+ DPRINTF("unveil_removevnode found vnode %p with count %d\n",
vp, vp->v_uvcount);
-#endif
vref(vp); /* make sure it is held till we are done */
LIST_FOREACH(pr, &allprocess, ps_list) {
@@ -730,10 +680,8 @@ unveil_removevnode(struct vnode *vp)
uv->uv_vp != NULL) {
uv->uv_vp = NULL;
uv->uv_flags = 0;
-#ifdef DEBUG_UNVEIL
- printf("unveil_removevnode vnode %p now count %d\n",
+ DPRINTF("unveil_removevnode vnode %p now count %d\n",
vp, vp->v_uvcount);
-#endif
pr->ps_uvshrink = 1;
if (vp->v_uvcount > 0) {
vrele(vp);
