openat(2) after unveil(2) bug

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

openat(2) after unveil(2) bug

Benjamin Baier
Hi,

using openat(2) after unveil(2) seems to misbehave.
Isolated test case below. I expect the code to succesfully end with
exit code 0 but it fails with exit code 6.

Greetings Ben


#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>

int try_openat(int, const char*);

int
main(int argc, char *argv[])
{
        int fd_tmp, fd_foo, fd_bar;

        /* shortcut */
        system("mkdir -p /tmp/regress/unveil_openat/foo/bar");
   
        fd_tmp = open("/tmp/regress/unveil_openat",
            O_RDONLY | O_DIRECTORY);
        if (fd_tmp == -1)
                return 1;

        fd_foo = try_openat(fd_tmp, "foo");
        if (fd_foo == -1)
                return 2;

        fd_bar = try_openat(fd_foo, "bar");
        if (fd_bar == -1)
                return 3;

        if (unveil("/tmp/regress/unveil_openat", "rx") == -1)
                return 4;

        fd_foo = try_openat(fd_tmp, "foo");
        if (fd_foo == -1)
                return 5;

        fd_bar = try_openat(fd_foo, "bar");
        if (fd_bar == -1)
                return 6;

        return 0;
}

int
try_openat(int fd, const char *dir)
{
        int fd_new;

        fd_new = openat(fd, dir, O_RDONLY | O_DIRECTORY);
        if (fd_new == -1)
                printf("%s: %s\n", dir, strerror(errno));
        else
                printf("%s: ok\n", dir);
        return fd_new;
}


OpenBSD 6.5-current (GENERIC.MP) #102: Sat Jul  6 00:15:43 MDT 2019
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8451125248 (8059MB)
avail mem = 8184897536 (7805MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
bios0: vendor LENOVO version "8DET69WW (1.39 )" date 07/18/2013
bios0: LENOVO 4287CTO
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT DMAR UEFI UEFI UEFI
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.30 MHz, 06-2a-07
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz, 06-2a-07
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf8000000, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 5 (EXP4)
acpiprt5 at acpi0: bus 13 (EXP5)
acpiprt6 at acpi0: bus -1 (EXP7)
acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
acpitz0 at acpi0: critical temperature is 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
acpicmos0 at acpi0
acpibat0 at acpi0: BAT0 model "42T4861" serial 12675 type LION oem "SANYO"
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
"IBM0079" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpidock0 at acpi0: GDCK docked (15)
acpivideo0 at acpi0: VID_
acpivout at acpivideo0 not configured
acpivideo1 at acpi0: VID_
cpu0: using VERW MDS workaround (except on vmm entry)
cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09
drm0 at inteldrm0
inteldrm0: msi
"Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address f0:de:f1:cd:a7:0f
ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi
azalia0: codecs: Conexant CX20590, Intel/0x2805, using Conexant CX20590
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: msi
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb4: msi
pci2 at ppb1 bus 3
iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, MIMO 2T2R, MoW, address 10:0b:a9:9e:65:34
ppb2 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb4: msi
pci3 at ppb2 bus 5
ppb3 at pci0 dev 28 function 4 "Intel 6 Series PCIE" rev 0xb4: msi
pci4 at ppb3 bus 13
sdhc0 at pci4 dev 0 function 0 "Ricoh 5U822 SD/MMC" rev 0x07: apic 2 int 16
sdhc0: SDHC 3.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
ehci1 at pci0 dev 29 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
pcib0 at pci0 dev 31 function 0 "Intel QM67 LPC" rev 0x04
ahci0 at pci0 dev 31 function 2 "Intel 6 Series AHCI" rev 0x04: msi, AHCI 1.3
ahci0: port 0: 6.0Gb/s
ahci0: port 1: 1.5Gb/s
ahci0: port 2: 3.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, SanDisk SD6SB1M1, X230> SCSI3 0/direct fixed naa.5001b449c700768f
sd0: 122104MB, 512 bytes/sector, 250069680 sectors, thin
cd0 at scsibus1 targ 1 lun 0: <Optiarc, DVD RW AD-7930H, 1.D1> ATAPI 5/cdrom removable
sd1 at scsibus1 targ 2 lun 0: <ATA, TOSHIBA THNSNH25, HTGA> SCSI3 0/direct fixed naa.500080db000064dc
sd1: 244198MB, 512 bytes/sector, 500118192 sectors, thin
ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 2 int 18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
wsmouse1 at pms0 mux 0
pms0: Synaptics clickpad, firmware 8.0, 0x1e2b1 0x940300
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
aps0 at isa0 port 0x1600/31
vmm0 at mainbus0: VMX/EPT
uhub2 at uhub0 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
uhub3 at uhub2 port 1 configuration 1 interface 0 "Standard Microsystems product 0x2514" rev 2.00/0.00 addr 3
uhidev0 at uhub3 port 2 configuration 1 interface 0 "TypeMatrix.com USB Keyboard" rev 1.10/1.50 addr 4
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
uhidev1 at uhub3 port 2 configuration 1 interface 1 "TypeMatrix.com USB Keyboard" rev 1.10/1.50 addr 4
uhidev1: iclass 3/1, 3 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
uhid2 at uhidev1 reportid 3: input=2, output=1, feature=0
uhidev2 at uhub3 port 4 configuration 1 interface 0 "SteelSeries Kinzu V2 Gaming Mouse" rev 1.10/0.96 addr 5
uhidev2: iclass 3/0
uhid3 at uhidev2: input=32, output=32, feature=255
uhidev3 at uhub3 port 4 configuration 1 interface 1 "SteelSeries Kinzu V2 Gaming Mouse" rev 1.10/0.96 addr 5
uhidev3: iclass 3/1
ums0 at uhidev3: 8 buttons, Z dir
wsmouse2 at ums0 mux 0
ugen0 at uhub2 port 4 "Broadcom Corp Broadcom Bluetooth Device" rev 2.00/7.48 addr 6
uvideo0 at uhub2 port 6 configuration 1 interface 0 "Chicony Electronics Co., Ltd. Integrated Camera" rev 2.00/8.54 addr 7
video0 at uvideo0
uhub4 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 0, 006> SCSI2 0/direct fixed
sd2: 223732MB, 512 bytes/sector, 458204672 sectors
root on sd1a (cb2b25d2bc04572e.a) swap on sd1b dump on sd1b
inteldrm0: 1366x768, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
wskbd1: connecting to wsdisplay0
wsdisplay0: screen 1-5 added (std, vt100 emulation)

Reply | Threaded
Open this post in threaded view
|

Re: openat(2) after unveil(2) bug

Bryan Steele-2
On Tue, Aug 06, 2019 at 10:23:09PM +0200, Benjamin Baier wrote:
> Hi,
>
> using openat(2) after unveil(2) seems to misbehave.
> Isolated test case below. I expect the code to succesfully end with
> exit code 0 but it fails with exit code 6.
>
> Greetings Ben

Can you re-try with a newer snapshot? July 6th is pretty old and there's
been a ton of work on unveil(2).

> #include <stdio.h>
> #include <fcntl.h>
> #include <stdlib.h>
> #include <string.h>
> #include <errno.h>
> #include <unistd.h>
>
> int try_openat(int, const char*);
>
> int
> main(int argc, char *argv[])
> {
> int fd_tmp, fd_foo, fd_bar;
>
> /* shortcut */
> system("mkdir -p /tmp/regress/unveil_openat/foo/bar");
>    
> fd_tmp = open("/tmp/regress/unveil_openat",
>    O_RDONLY | O_DIRECTORY);
> if (fd_tmp == -1)
> return 1;
>
> fd_foo = try_openat(fd_tmp, "foo");
> if (fd_foo == -1)
> return 2;
>
> fd_bar = try_openat(fd_foo, "bar");
> if (fd_bar == -1)
> return 3;
>
> if (unveil("/tmp/regress/unveil_openat", "rx") == -1)
> return 4;
>
> fd_foo = try_openat(fd_tmp, "foo");
> if (fd_foo == -1)
> return 5;
>
> fd_bar = try_openat(fd_foo, "bar");
> if (fd_bar == -1)
> return 6;
>
> return 0;
> }
>
> int
> try_openat(int fd, const char *dir)
> {
> int fd_new;
>
> fd_new = openat(fd, dir, O_RDONLY | O_DIRECTORY);
> if (fd_new == -1)
> printf("%s: %s\n", dir, strerror(errno));
> else
> printf("%s: ok\n", dir);
> return fd_new;
> }
>
>
> OpenBSD 6.5-current (GENERIC.MP) #102: Sat Jul  6 00:15:43 MDT 2019
>     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8451125248 (8059MB)
> avail mem = 8184897536 (7805MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
> bios0: vendor LENOVO version "8DET69WW (1.39 )" date 07/18/2013
> bios0: LENOVO 4287CTO
> acpi0 at bios0: ACPI 4.0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT DMAR UEFI UEFI UEFI
> acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.30 MHz, 06-2a-07
> cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
> cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 1, core 0, package 0
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz, 06-2a-07
> cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 0, core 1, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
> cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 1, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xf8000000, bus 0-63
> acpiec0 at acpi0
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (PEG_)
> acpiprt2 at acpi0: bus 2 (EXP1)
> acpiprt3 at acpi0: bus 3 (EXP2)
> acpiprt4 at acpi0: bus 5 (EXP4)
> acpiprt5 at acpi0: bus 13 (EXP5)
> acpiprt6 at acpi0: bus -1 (EXP7)
> acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
> acpitz0 at acpi0: critical temperature is 99 degC
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: SLPB
> acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
> acpicmos0 at acpi0
> acpibat0 at acpi0: BAT0 model "42T4861" serial 12675 type LION oem "SANYO"
> acpiac0 at acpi0: AC unit online
> acpithinkpad0 at acpi0
> "IBM0079" at acpi0 not configured
> "PNP0C14" at acpi0 not configured
> "PNP0C14" at acpi0 not configured
> acpidock0 at acpi0: GDCK docked (15)
> acpivideo0 at acpi0: VID_
> acpivout at acpivideo0 not configured
> acpivideo1 at acpi0: VID_
> cpu0: using VERW MDS workaround (except on vmm entry)
> cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
> inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09
> drm0 at inteldrm0
> inteldrm0: msi
> "Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
> em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address f0:de:f1:cd:a7:0f
> ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi
> azalia0: codecs: Conexant CX20590, Intel/0x2805, using Conexant CX20590
> audio0 at azalia0
> ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: msi
> pci1 at ppb0 bus 2
> ppb1 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb4: msi
> pci2 at ppb1 bus 3
> iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, MIMO 2T2R, MoW, address 10:0b:a9:9e:65:34
> ppb2 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb4: msi
> pci3 at ppb2 bus 5
> ppb3 at pci0 dev 28 function 4 "Intel 6 Series PCIE" rev 0xb4: msi
> pci4 at ppb3 bus 13
> sdhc0 at pci4 dev 0 function 0 "Ricoh 5U822 SD/MMC" rev 0x07: apic 2 int 16
> sdhc0: SDHC 3.0, 50 MHz base clock
> sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
> ehci1 at pci0 dev 29 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 23
> usb1 at ehci1: USB revision 2.0
> uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> pcib0 at pci0 dev 31 function 0 "Intel QM67 LPC" rev 0x04
> ahci0 at pci0 dev 31 function 2 "Intel 6 Series AHCI" rev 0x04: msi, AHCI 1.3
> ahci0: port 0: 6.0Gb/s
> ahci0: port 1: 1.5Gb/s
> ahci0: port 2: 3.0Gb/s
> scsibus1 at ahci0: 32 targets
> sd0 at scsibus1 targ 0 lun 0: <ATA, SanDisk SD6SB1M1, X230> SCSI3 0/direct fixed naa.5001b449c700768f
> sd0: 122104MB, 512 bytes/sector, 250069680 sectors, thin
> cd0 at scsibus1 targ 1 lun 0: <Optiarc, DVD RW AD-7930H, 1.D1> ATAPI 5/cdrom removable
> sd1 at scsibus1 targ 2 lun 0: <ATA, TOSHIBA THNSNH25, HTGA> SCSI3 0/direct fixed naa.500080db000064dc
> sd1: 244198MB, 512 bytes/sector, 500118192 sectors, thin
> ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 2 int 18
> iic0 at ichiic0
> spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard
> pms0 at pckbc0 (aux slot)
> wsmouse0 at pms0 mux 0
> wsmouse1 at pms0 mux 0
> pms0: Synaptics clickpad, firmware 8.0, 0x1e2b1 0x940300
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> aps0 at isa0 port 0x1600/31
> vmm0 at mainbus0: VMX/EPT
> uhub2 at uhub0 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> uhub3 at uhub2 port 1 configuration 1 interface 0 "Standard Microsystems product 0x2514" rev 2.00/0.00 addr 3
> uhidev0 at uhub3 port 2 configuration 1 interface 0 "TypeMatrix.com USB Keyboard" rev 1.10/1.50 addr 4
> uhidev0: iclass 3/1
> ukbd0 at uhidev0: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> uhidev1 at uhub3 port 2 configuration 1 interface 1 "TypeMatrix.com USB Keyboard" rev 1.10/1.50 addr 4
> uhidev1: iclass 3/1, 3 report ids
> uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
> uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
> uhid2 at uhidev1 reportid 3: input=2, output=1, feature=0
> uhidev2 at uhub3 port 4 configuration 1 interface 0 "SteelSeries Kinzu V2 Gaming Mouse" rev 1.10/0.96 addr 5
> uhidev2: iclass 3/0
> uhid3 at uhidev2: input=32, output=32, feature=255
> uhidev3 at uhub3 port 4 configuration 1 interface 1 "SteelSeries Kinzu V2 Gaming Mouse" rev 1.10/0.96 addr 5
> uhidev3: iclass 3/1
> ums0 at uhidev3: 8 buttons, Z dir
> wsmouse2 at ums0 mux 0
> ugen0 at uhub2 port 4 "Broadcom Corp Broadcom Bluetooth Device" rev 2.00/7.48 addr 6
> uvideo0 at uhub2 port 6 configuration 1 interface 0 "Chicony Electronics Co., Ltd. Integrated Camera" rev 2.00/8.54 addr 7
> video0 at uvideo0
> uhub4 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 0, 006> SCSI2 0/direct fixed
> sd2: 223732MB, 512 bytes/sector, 458204672 sectors
> root on sd1a (cb2b25d2bc04572e.a) swap on sd1b dump on sd1b
> inteldrm0: 1366x768, 32bpp
> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
> wskbd1: connecting to wsdisplay0
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
>
>

Reply | Threaded
Open this post in threaded view
|

Re: openat(2) after unveil(2) bug

Bryan Steele-2
On Tue, Aug 06, 2019 at 04:42:11PM -0400, Bryan Steele wrote:

> On Tue, Aug 06, 2019 at 10:23:09PM +0200, Benjamin Baier wrote:
> > Hi,
> >
> > using openat(2) after unveil(2) seems to misbehave.
> > Isolated test case below. I expect the code to succesfully end with
> > exit code 0 but it fails with exit code 6.
> >
> > Greetings Ben
>
> Can you re-try with a newer snapshot? July 6th is pretty old and there's
> been a ton of work on unveil(2).

Nevermind.

> > #include <stdio.h>
> > #include <fcntl.h>
> > #include <stdlib.h>
> > #include <string.h>
> > #include <errno.h>
> > #include <unistd.h>
> >
> > int try_openat(int, const char*);
> >
> > int
> > main(int argc, char *argv[])
> > {
> > int fd_tmp, fd_foo, fd_bar;
> >
> > /* shortcut */
> > system("mkdir -p /tmp/regress/unveil_openat/foo/bar");
> >    
> > fd_tmp = open("/tmp/regress/unveil_openat",
> >    O_RDONLY | O_DIRECTORY);
> > if (fd_tmp == -1)
> > return 1;
> >
> > fd_foo = try_openat(fd_tmp, "foo");
> > if (fd_foo == -1)
> > return 2;
> >
> > fd_bar = try_openat(fd_foo, "bar");
> > if (fd_bar == -1)
> > return 3;
> >
> > if (unveil("/tmp/regress/unveil_openat", "rx") == -1)
> > return 4;
> >
> > fd_foo = try_openat(fd_tmp, "foo");
> > if (fd_foo == -1)
> > return 5;
> >
> > fd_bar = try_openat(fd_foo, "bar");
> > if (fd_bar == -1)
> > return 6;
> >
> > return 0;
> > }
> >
> > int
> > try_openat(int fd, const char *dir)
> > {
> > int fd_new;
> >
> > fd_new = openat(fd, dir, O_RDONLY | O_DIRECTORY);
> > if (fd_new == -1)
> > printf("%s: %s\n", dir, strerror(errno));
> > else
> > printf("%s: ok\n", dir);
> > return fd_new;
> > }
> >
> >
> > OpenBSD 6.5-current (GENERIC.MP) #102: Sat Jul  6 00:15:43 MDT 2019
> >     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 8451125248 (8059MB)
> > avail mem = 8184897536 (7805MB)
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
> > bios0: vendor LENOVO version "8DET69WW (1.39 )" date 07/18/2013
> > bios0: LENOVO 4287CTO
> > acpi0 at bios0: ACPI 4.0
> > acpi0: sleep states S0 S3 S4 S5
> > acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT DMAR UEFI UEFI UEFI
> > acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4)
> > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > acpihpet0 at acpi0: 14318179 Hz
> > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.30 MHz, 06-2a-07
> > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu0: 256KB 64b/line 8-way L2 cache
> > cpu0: smt 0, core 0, package 0
> > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> > cpu0: apic clock running at 99MHz
> > cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
> > cpu1 at mainbus0: apid 1 (application processor)
> > cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
> > cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu1: 256KB 64b/line 8-way L2 cache
> > cpu1: smt 1, core 0, package 0
> > cpu2 at mainbus0: apid 2 (application processor)
> > cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz, 06-2a-07
> > cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu2: 256KB 64b/line 8-way L2 cache
> > cpu2: smt 0, core 1, package 0
> > cpu3 at mainbus0: apid 3 (application processor)
> > cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
> > cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu3: 256KB 64b/line 8-way L2 cache
> > cpu3: smt 1, core 1, package 0
> > ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
> > acpimcfg0 at acpi0
> > acpimcfg0: addr 0xf8000000, bus 0-63
> > acpiec0 at acpi0
> > acpiprt0 at acpi0: bus 0 (PCI0)
> > acpiprt1 at acpi0: bus -1 (PEG_)
> > acpiprt2 at acpi0: bus 2 (EXP1)
> > acpiprt3 at acpi0: bus 3 (EXP2)
> > acpiprt4 at acpi0: bus 5 (EXP4)
> > acpiprt5 at acpi0: bus 13 (EXP5)
> > acpiprt6 at acpi0: bus -1 (EXP7)
> > acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> > acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> > acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> > acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> > acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
> > acpitz0 at acpi0: critical temperature is 99 degC
> > acpibtn0 at acpi0: LID_
> > acpibtn1 at acpi0: SLPB
> > acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
> > acpicmos0 at acpi0
> > acpibat0 at acpi0: BAT0 model "42T4861" serial 12675 type LION oem "SANYO"
> > acpiac0 at acpi0: AC unit online
> > acpithinkpad0 at acpi0
> > "IBM0079" at acpi0 not configured
> > "PNP0C14" at acpi0 not configured
> > "PNP0C14" at acpi0 not configured
> > acpidock0 at acpi0: GDCK docked (15)
> > acpivideo0 at acpi0: VID_
> > acpivout at acpivideo0 not configured
> > acpivideo1 at acpi0: VID_
> > cpu0: using VERW MDS workaround (except on vmm entry)
> > cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz
> > pci0 at mainbus0 bus 0
> > pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
> > inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09
> > drm0 at inteldrm0
> > inteldrm0: msi
> > "Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
> > em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address f0:de:f1:cd:a7:0f
> > ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16
> > usb0 at ehci0: USB revision 2.0
> > uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> > azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi
> > azalia0: codecs: Conexant CX20590, Intel/0x2805, using Conexant CX20590
> > audio0 at azalia0
> > ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: msi
> > pci1 at ppb0 bus 2
> > ppb1 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb4: msi
> > pci2 at ppb1 bus 3
> > iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, MIMO 2T2R, MoW, address 10:0b:a9:9e:65:34
> > ppb2 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb4: msi
> > pci3 at ppb2 bus 5
> > ppb3 at pci0 dev 28 function 4 "Intel 6 Series PCIE" rev 0xb4: msi
> > pci4 at ppb3 bus 13
> > sdhc0 at pci4 dev 0 function 0 "Ricoh 5U822 SD/MMC" rev 0x07: apic 2 int 16
> > sdhc0: SDHC 3.0, 50 MHz base clock
> > sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
> > ehci1 at pci0 dev 29 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 23
> > usb1 at ehci1: USB revision 2.0
> > uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> > pcib0 at pci0 dev 31 function 0 "Intel QM67 LPC" rev 0x04
> > ahci0 at pci0 dev 31 function 2 "Intel 6 Series AHCI" rev 0x04: msi, AHCI 1.3
> > ahci0: port 0: 6.0Gb/s
> > ahci0: port 1: 1.5Gb/s
> > ahci0: port 2: 3.0Gb/s
> > scsibus1 at ahci0: 32 targets
> > sd0 at scsibus1 targ 0 lun 0: <ATA, SanDisk SD6SB1M1, X230> SCSI3 0/direct fixed naa.5001b449c700768f
> > sd0: 122104MB, 512 bytes/sector, 250069680 sectors, thin
> > cd0 at scsibus1 targ 1 lun 0: <Optiarc, DVD RW AD-7930H, 1.D1> ATAPI 5/cdrom removable
> > sd1 at scsibus1 targ 2 lun 0: <ATA, TOSHIBA THNSNH25, HTGA> SCSI3 0/direct fixed naa.500080db000064dc
> > sd1: 244198MB, 512 bytes/sector, 500118192 sectors, thin
> > ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 2 int 18
> > iic0 at ichiic0
> > spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> > spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> > isa0 at pcib0
> > isadma0 at isa0
> > pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> > pckbd0 at pckbc0 (kbd slot)
> > wskbd0 at pckbd0: console keyboard
> > pms0 at pckbc0 (aux slot)
> > wsmouse0 at pms0 mux 0
> > wsmouse1 at pms0 mux 0
> > pms0: Synaptics clickpad, firmware 8.0, 0x1e2b1 0x940300
> > pcppi0 at isa0 port 0x61
> > spkr0 at pcppi0
> > aps0 at isa0 port 0x1600/31
> > vmm0 at mainbus0: VMX/EPT
> > uhub2 at uhub0 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> > uhub3 at uhub2 port 1 configuration 1 interface 0 "Standard Microsystems product 0x2514" rev 2.00/0.00 addr 3
> > uhidev0 at uhub3 port 2 configuration 1 interface 0 "TypeMatrix.com USB Keyboard" rev 1.10/1.50 addr 4
> > uhidev0: iclass 3/1
> > ukbd0 at uhidev0: 8 variable keys, 6 key codes
> > wskbd1 at ukbd0 mux 1
> > uhidev1 at uhub3 port 2 configuration 1 interface 1 "TypeMatrix.com USB Keyboard" rev 1.10/1.50 addr 4
> > uhidev1: iclass 3/1, 3 report ids
> > uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
> > uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
> > uhid2 at uhidev1 reportid 3: input=2, output=1, feature=0
> > uhidev2 at uhub3 port 4 configuration 1 interface 0 "SteelSeries Kinzu V2 Gaming Mouse" rev 1.10/0.96 addr 5
> > uhidev2: iclass 3/0
> > uhid3 at uhidev2: input=32, output=32, feature=255
> > uhidev3 at uhub3 port 4 configuration 1 interface 1 "SteelSeries Kinzu V2 Gaming Mouse" rev 1.10/0.96 addr 5
> > uhidev3: iclass 3/1
> > ums0 at uhidev3: 8 buttons, Z dir
> > wsmouse2 at ums0 mux 0
> > ugen0 at uhub2 port 4 "Broadcom Corp Broadcom Bluetooth Device" rev 2.00/7.48 addr 6
> > uvideo0 at uhub2 port 6 configuration 1 interface 0 "Chicony Electronics Co., Ltd. Integrated Camera" rev 2.00/8.54 addr 7
> > video0 at uvideo0
> > uhub4 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> > vscsi0 at root
> > scsibus2 at vscsi0: 256 targets
> > softraid0 at root
> > scsibus3 at softraid0: 256 targets
> > sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 0, 006> SCSI2 0/direct fixed
> > sd2: 223732MB, 512 bytes/sector, 458204672 sectors
> > root on sd1a (cb2b25d2bc04572e.a) swap on sd1b dump on sd1b
> > inteldrm0: 1366x768, 32bpp
> > wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
> > wskbd1: connecting to wsdisplay0
> > wsdisplay0: screen 1-5 added (std, vt100 emulation)
> >
> >

Reply | Threaded
Open this post in threaded view
|

Re: openat(2) after unveil(2) bug

Theo de Raadt-2
In reply to this post by Benjamin Baier
The mechanism underlying unveil(2) is a vnode cache.

After unveil is activated, pathname-accessing functions (except
for unveil(2) itself) require at a vnode in that cache to be
"traversed".

I believe your first openat() references "." which is in the
unveil vnode cache, so it wins.

That gives you a vnode inside the unveil space.  An openat()
relative to that, does not traverse a vnode in the unveil vnode
cache, so it fails.

You could notice that if it was a symbolic link, which climbed upwards
and then downwards again, and managed to cross the unveil vnode
cache, then it would work.

Odd isn't it?  But it is pretty fundamental to how the filesystem
is partitioned so you can't sneak around and get outside, though
the manual page doesn't explain the mechanism too precisely (that
is kind of intentional, because userland programmers shouldn't
always have vnodes in their faces -- notice we don't mention anywhere
that in unix unlinked files still work via pre-opened fd's?)

There maybe a solution to this.  fd's opened post-unveil, as a
result of a traversal, could carry a flag indicating they are
inside the unveil space, and are OK.

Benjamin Baier <[hidden email]> wrote:

> using openat(2) after unveil(2) seems to misbehave.
> Isolated test case below. I expect the code to succesfully end with
> exit code 0 but it fails with exit code 6.
>
> Greetings Ben
>
>
> #include <stdio.h>
> #include <fcntl.h>
> #include <stdlib.h>
> #include <string.h>
> #include <errno.h>
> #include <unistd.h>
>
> int try_openat(int, const char*);
>
> int
> main(int argc, char *argv[])
> {
> int fd_tmp, fd_foo, fd_bar;
>
> /* shortcut */
> system("mkdir -p /tmp/regress/unveil_openat/foo/bar");
>    
> fd_tmp = open("/tmp/regress/unveil_openat",
>    O_RDONLY | O_DIRECTORY);
> if (fd_tmp == -1)
> return 1;
>
> fd_foo = try_openat(fd_tmp, "foo");
> if (fd_foo == -1)
> return 2;
>
> fd_bar = try_openat(fd_foo, "bar");
> if (fd_bar == -1)
> return 3;
>
> if (unveil("/tmp/regress/unveil_openat", "rx") == -1)
> return 4;
>
> fd_foo = try_openat(fd_tmp, "foo");
> if (fd_foo == -1)
> return 5;
>
> fd_bar = try_openat(fd_foo, "bar");
> if (fd_bar == -1)
> return 6;
>
> return 0;
> }
>
> int
> try_openat(int fd, const char *dir)
> {
> int fd_new;
>
> fd_new = openat(fd, dir, O_RDONLY | O_DIRECTORY);
> if (fd_new == -1)
> printf("%s: %s\n", dir, strerror(errno));
> else
> printf("%s: ok\n", dir);
> return fd_new;
> }
>
>
> OpenBSD 6.5-current (GENERIC.MP) #102: Sat Jul  6 00:15:43 MDT 2019
>     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8451125248 (8059MB)
> avail mem = 8184897536 (7805MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
> bios0: vendor LENOVO version "8DET69WW (1.39 )" date 07/18/2013
> bios0: LENOVO 4287CTO
> acpi0 at bios0: ACPI 4.0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT DMAR UEFI UEFI UEFI
> acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.30 MHz, 06-2a-07
> cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
> cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 1, core 0, package 0
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz, 06-2a-07
> cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 0, core 1, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
> cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 1, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xf8000000, bus 0-63
> acpiec0 at acpi0
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (PEG_)
> acpiprt2 at acpi0: bus 2 (EXP1)
> acpiprt3 at acpi0: bus 3 (EXP2)
> acpiprt4 at acpi0: bus 5 (EXP4)
> acpiprt5 at acpi0: bus 13 (EXP5)
> acpiprt6 at acpi0: bus -1 (EXP7)
> acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
> acpitz0 at acpi0: critical temperature is 99 degC
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: SLPB
> acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
> acpicmos0 at acpi0
> acpibat0 at acpi0: BAT0 model "42T4861" serial 12675 type LION oem "SANYO"
> acpiac0 at acpi0: AC unit online
> acpithinkpad0 at acpi0
> "IBM0079" at acpi0 not configured
> "PNP0C14" at acpi0 not configured
> "PNP0C14" at acpi0 not configured
> acpidock0 at acpi0: GDCK docked (15)
> acpivideo0 at acpi0: VID_
> acpivout at acpivideo0 not configured
> acpivideo1 at acpi0: VID_
> cpu0: using VERW MDS workaround (except on vmm entry)
> cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
> inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09
> drm0 at inteldrm0
> inteldrm0: msi
> "Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
> em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address f0:de:f1:cd:a7:0f
> ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi
> azalia0: codecs: Conexant CX20590, Intel/0x2805, using Conexant CX20590
> audio0 at azalia0
> ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: msi
> pci1 at ppb0 bus 2
> ppb1 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb4: msi
> pci2 at ppb1 bus 3
> iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, MIMO 2T2R, MoW, address 10:0b:a9:9e:65:34
> ppb2 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb4: msi
> pci3 at ppb2 bus 5
> ppb3 at pci0 dev 28 function 4 "Intel 6 Series PCIE" rev 0xb4: msi
> pci4 at ppb3 bus 13
> sdhc0 at pci4 dev 0 function 0 "Ricoh 5U822 SD/MMC" rev 0x07: apic 2 int 16
> sdhc0: SDHC 3.0, 50 MHz base clock
> sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
> ehci1 at pci0 dev 29 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 23
> usb1 at ehci1: USB revision 2.0
> uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> pcib0 at pci0 dev 31 function 0 "Intel QM67 LPC" rev 0x04
> ahci0 at pci0 dev 31 function 2 "Intel 6 Series AHCI" rev 0x04: msi, AHCI 1.3
> ahci0: port 0: 6.0Gb/s
> ahci0: port 1: 1.5Gb/s
> ahci0: port 2: 3.0Gb/s
> scsibus1 at ahci0: 32 targets
> sd0 at scsibus1 targ 0 lun 0: <ATA, SanDisk SD6SB1M1, X230> SCSI3 0/direct fixed naa.5001b449c700768f
> sd0: 122104MB, 512 bytes/sector, 250069680 sectors, thin
> cd0 at scsibus1 targ 1 lun 0: <Optiarc, DVD RW AD-7930H, 1.D1> ATAPI 5/cdrom removable
> sd1 at scsibus1 targ 2 lun 0: <ATA, TOSHIBA THNSNH25, HTGA> SCSI3 0/direct fixed naa.500080db000064dc
> sd1: 244198MB, 512 bytes/sector, 500118192 sectors, thin
> ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 2 int 18
> iic0 at ichiic0
> spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard
> pms0 at pckbc0 (aux slot)
> wsmouse0 at pms0 mux 0
> wsmouse1 at pms0 mux 0
> pms0: Synaptics clickpad, firmware 8.0, 0x1e2b1 0x940300
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> aps0 at isa0 port 0x1600/31
> vmm0 at mainbus0: VMX/EPT
> uhub2 at uhub0 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> uhub3 at uhub2 port 1 configuration 1 interface 0 "Standard Microsystems product 0x2514" rev 2.00/0.00 addr 3
> uhidev0 at uhub3 port 2 configuration 1 interface 0 "TypeMatrix.com USB Keyboard" rev 1.10/1.50 addr 4
> uhidev0: iclass 3/1
> ukbd0 at uhidev0: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> uhidev1 at uhub3 port 2 configuration 1 interface 1 "TypeMatrix.com USB Keyboard" rev 1.10/1.50 addr 4
> uhidev1: iclass 3/1, 3 report ids
> uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
> uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
> uhid2 at uhidev1 reportid 3: input=2, output=1, feature=0
> uhidev2 at uhub3 port 4 configuration 1 interface 0 "SteelSeries Kinzu V2 Gaming Mouse" rev 1.10/0.96 addr 5
> uhidev2: iclass 3/0
> uhid3 at uhidev2: input=32, output=32, feature=255
> uhidev3 at uhub3 port 4 configuration 1 interface 1 "SteelSeries Kinzu V2 Gaming Mouse" rev 1.10/0.96 addr 5
> uhidev3: iclass 3/1
> ums0 at uhidev3: 8 buttons, Z dir
> wsmouse2 at ums0 mux 0
> ugen0 at uhub2 port 4 "Broadcom Corp Broadcom Bluetooth Device" rev 2.00/7.48 addr 6
> uvideo0 at uhub2 port 6 configuration 1 interface 0 "Chicony Electronics Co., Ltd. Integrated Camera" rev 2.00/8.54 addr 7
> video0 at uvideo0
> uhub4 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 0, 006> SCSI2 0/direct fixed
> sd2: 223732MB, 512 bytes/sector, 458204672 sectors
> root on sd1a (cb2b25d2bc04572e.a) swap on sd1b dump on sd1b
> inteldrm0: 1366x768, 32bpp
> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
> wskbd1: connecting to wsdisplay0
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
>

Reply | Threaded
Open this post in threaded view
|

Re: openat(2) after unveil(2) bug

Benjamin Baier
On Thu, 08 Aug 2019 09:47:46 -0600
"Theo de Raadt" <[hidden email]> wrote:

> The mechanism underlying unveil(2) is a vnode cache.
>
> After unveil is activated, pathname-accessing functions (except
> for unveil(2) itself) require at a vnode in that cache to be
> "traversed".
>
> I believe your first openat() references "." which is in the
> unveil vnode cache, so it wins.
>
> That gives you a vnode inside the unveil space.  An openat()
> relative to that, does not traverse a vnode in the unveil vnode
> cache, so it fails.
>
> You could notice that if it was a symbolic link, which climbed upwards
> and then downwards again, and managed to cross the unveil vnode
> cache, then it would work.
Yes, it does work when setup like so

/tmp/regress/unveil_openat/foo $ ls -l  
total 4
lrwxr-xr-x  1 ben  wheel   10 Aug  8 22:02 bar -> ../foo/baz
drwxr-xr-x  2 ben  wheel  512 Aug  6 21:52 baz

> Odd isn't it?  But it is pretty fundamental to how the filesystem
> is partitioned so you can't sneak around and get outside, though
> the manual page doesn't explain the mechanism too precisely (that
> is kind of intentional, because userland programmers shouldn't
> always have vnodes in their faces -- notice we don't mention anywhere
> that in unix unlinked files still work via pre-opened fd's?)
>
> There maybe a solution to this.  fd's opened post-unveil, as a
> result of a traversal, could carry a flag indicating they are
> inside the unveil space, and are OK.
>
> Benjamin Baier <[hidden email]> wrote:
>
> > using openat(2) after unveil(2) seems to misbehave.
> > Isolated test case below. I expect the code to succesfully end with
> > exit code 0 but it fails with exit code 6.
> >
> > Greetings Ben
> >
> >
> > #include <stdio.h>
> > #include <fcntl.h>
> > #include <stdlib.h>
> > #include <string.h>
> > #include <errno.h>
> > #include <unistd.h>
> >
> > int try_openat(int, const char*);
> >
> > int
> > main(int argc, char *argv[])
> > {
> > int fd_tmp, fd_foo, fd_bar;
> >
> > /* shortcut */
> > system("mkdir -p /tmp/regress/unveil_openat/foo/bar");
> >    
> > fd_tmp = open("/tmp/regress/unveil_openat",
> >    O_RDONLY | O_DIRECTORY);
> > if (fd_tmp == -1)
> > return 1;
> >
> > fd_foo = try_openat(fd_tmp, "foo");
> > if (fd_foo == -1)
> > return 2;
> >
> > fd_bar = try_openat(fd_foo, "bar");
> > if (fd_bar == -1)
> > return 3;
> >
> > if (unveil("/tmp/regress/unveil_openat", "rx") == -1)
> > return 4;
> >
> > fd_foo = try_openat(fd_tmp, "foo");
> > if (fd_foo == -1)
> > return 5;
> >
> > fd_bar = try_openat(fd_foo, "bar");
> > if (fd_bar == -1)
> > return 6;
> >
> > return 0;
> > }
> >
> > int
> > try_openat(int fd, const char *dir)
> > {
> > int fd_new;
> >
> > fd_new = openat(fd, dir, O_RDONLY | O_DIRECTORY);
> > if (fd_new == -1)
> > printf("%s: %s\n", dir, strerror(errno));
> > else
> > printf("%s: ok\n", dir);
> > return fd_new;
> > }
> >
> >
> > OpenBSD 6.5-current (GENERIC.MP) #102: Sat Jul  6 00:15:43 MDT 2019
> >     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 8451125248 (8059MB)
> > avail mem = 8184897536 (7805MB)
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
> > bios0: vendor LENOVO version "8DET69WW (1.39 )" date 07/18/2013
> > bios0: LENOVO 4287CTO
> > acpi0 at bios0: ACPI 4.0
> > acpi0: sleep states S0 S3 S4 S5
> > acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT DMAR UEFI UEFI UEFI
> > acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4)
> > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > acpihpet0 at acpi0: 14318179 Hz
> > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.30 MHz, 06-2a-07
> > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu0: 256KB 64b/line 8-way L2 cache
> > cpu0: smt 0, core 0, package 0
> > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> > cpu0: apic clock running at 99MHz
> > cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
> > cpu1 at mainbus0: apid 1 (application processor)
> > cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
> > cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu1: 256KB 64b/line 8-way L2 cache
> > cpu1: smt 1, core 0, package 0
> > cpu2 at mainbus0: apid 2 (application processor)
> > cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz, 06-2a-07
> > cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu2: 256KB 64b/line 8-way L2 cache
> > cpu2: smt 0, core 1, package 0
> > cpu3 at mainbus0: apid 3 (application processor)
> > cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
> > cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu3: 256KB 64b/line 8-way L2 cache
> > cpu3: smt 1, core 1, package 0
> > ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
> > acpimcfg0 at acpi0
> > acpimcfg0: addr 0xf8000000, bus 0-63
> > acpiec0 at acpi0
> > acpiprt0 at acpi0: bus 0 (PCI0)
> > acpiprt1 at acpi0: bus -1 (PEG_)
> > acpiprt2 at acpi0: bus 2 (EXP1)
> > acpiprt3 at acpi0: bus 3 (EXP2)
> > acpiprt4 at acpi0: bus 5 (EXP4)
> > acpiprt5 at acpi0: bus 13 (EXP5)
> > acpiprt6 at acpi0: bus -1 (EXP7)
> > acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> > acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> > acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> > acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
> > acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
> > acpitz0 at acpi0: critical temperature is 99 degC
> > acpibtn0 at acpi0: LID_
> > acpibtn1 at acpi0: SLPB
> > acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
> > acpicmos0 at acpi0
> > acpibat0 at acpi0: BAT0 model "42T4861" serial 12675 type LION oem "SANYO"
> > acpiac0 at acpi0: AC unit online
> > acpithinkpad0 at acpi0
> > "IBM0079" at acpi0 not configured
> > "PNP0C14" at acpi0 not configured
> > "PNP0C14" at acpi0 not configured
> > acpidock0 at acpi0: GDCK docked (15)
> > acpivideo0 at acpi0: VID_
> > acpivout at acpivideo0 not configured
> > acpivideo1 at acpi0: VID_
> > cpu0: using VERW MDS workaround (except on vmm entry)
> > cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz
> > pci0 at mainbus0 bus 0
> > pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
> > inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09
> > drm0 at inteldrm0
> > inteldrm0: msi
> > "Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
> > em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address f0:de:f1:cd:a7:0f
> > ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16
> > usb0 at ehci0: USB revision 2.0
> > uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> > azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi
> > azalia0: codecs: Conexant CX20590, Intel/0x2805, using Conexant CX20590
> > audio0 at azalia0
> > ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: msi
> > pci1 at ppb0 bus 2
> > ppb1 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb4: msi
> > pci2 at ppb1 bus 3
> > iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, MIMO 2T2R, MoW, address 10:0b:a9:9e:65:34
> > ppb2 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb4: msi
> > pci3 at ppb2 bus 5
> > ppb3 at pci0 dev 28 function 4 "Intel 6 Series PCIE" rev 0xb4: msi
> > pci4 at ppb3 bus 13
> > sdhc0 at pci4 dev 0 function 0 "Ricoh 5U822 SD/MMC" rev 0x07: apic 2 int 16
> > sdhc0: SDHC 3.0, 50 MHz base clock
> > sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
> > ehci1 at pci0 dev 29 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 23
> > usb1 at ehci1: USB revision 2.0
> > uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> > pcib0 at pci0 dev 31 function 0 "Intel QM67 LPC" rev 0x04
> > ahci0 at pci0 dev 31 function 2 "Intel 6 Series AHCI" rev 0x04: msi, AHCI 1.3
> > ahci0: port 0: 6.0Gb/s
> > ahci0: port 1: 1.5Gb/s
> > ahci0: port 2: 3.0Gb/s
> > scsibus1 at ahci0: 32 targets
> > sd0 at scsibus1 targ 0 lun 0: <ATA, SanDisk SD6SB1M1, X230> SCSI3 0/direct fixed naa.5001b449c700768f
> > sd0: 122104MB, 512 bytes/sector, 250069680 sectors, thin
> > cd0 at scsibus1 targ 1 lun 0: <Optiarc, DVD RW AD-7930H, 1.D1> ATAPI 5/cdrom removable
> > sd1 at scsibus1 targ 2 lun 0: <ATA, TOSHIBA THNSNH25, HTGA> SCSI3 0/direct fixed naa.500080db000064dc
> > sd1: 244198MB, 512 bytes/sector, 500118192 sectors, thin
> > ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 2 int 18
> > iic0 at ichiic0
> > spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> > spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> > isa0 at pcib0
> > isadma0 at isa0
> > pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> > pckbd0 at pckbc0 (kbd slot)
> > wskbd0 at pckbd0: console keyboard
> > pms0 at pckbc0 (aux slot)
> > wsmouse0 at pms0 mux 0
> > wsmouse1 at pms0 mux 0
> > pms0: Synaptics clickpad, firmware 8.0, 0x1e2b1 0x940300
> > pcppi0 at isa0 port 0x61
> > spkr0 at pcppi0
> > aps0 at isa0 port 0x1600/31
> > vmm0 at mainbus0: VMX/EPT
> > uhub2 at uhub0 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> > uhub3 at uhub2 port 1 configuration 1 interface 0 "Standard Microsystems product 0x2514" rev 2.00/0.00 addr 3
> > uhidev0 at uhub3 port 2 configuration 1 interface 0 "TypeMatrix.com USB Keyboard" rev 1.10/1.50 addr 4
> > uhidev0: iclass 3/1
> > ukbd0 at uhidev0: 8 variable keys, 6 key codes
> > wskbd1 at ukbd0 mux 1
> > uhidev1 at uhub3 port 2 configuration 1 interface 1 "TypeMatrix.com USB Keyboard" rev 1.10/1.50 addr 4
> > uhidev1: iclass 3/1, 3 report ids
> > uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
> > uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
> > uhid2 at uhidev1 reportid 3: input=2, output=1, feature=0
> > uhidev2 at uhub3 port 4 configuration 1 interface 0 "SteelSeries Kinzu V2 Gaming Mouse" rev 1.10/0.96 addr 5
> > uhidev2: iclass 3/0
> > uhid3 at uhidev2: input=32, output=32, feature=255
> > uhidev3 at uhub3 port 4 configuration 1 interface 1 "SteelSeries Kinzu V2 Gaming Mouse" rev 1.10/0.96 addr 5
> > uhidev3: iclass 3/1
> > ums0 at uhidev3: 8 buttons, Z dir
> > wsmouse2 at ums0 mux 0
> > ugen0 at uhub2 port 4 "Broadcom Corp Broadcom Bluetooth Device" rev 2.00/7.48 addr 6
> > uvideo0 at uhub2 port 6 configuration 1 interface 0 "Chicony Electronics Co., Ltd. Integrated Camera" rev 2.00/8.54 addr 7
> > video0 at uvideo0
> > uhub4 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
> > vscsi0 at root
> > scsibus2 at vscsi0: 256 targets
> > softraid0 at root
> > scsibus3 at softraid0: 256 targets
> > sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 0, 006> SCSI2 0/direct fixed
> > sd2: 223732MB, 512 bytes/sector, 458204672 sectors
> > root on sd1a (cb2b25d2bc04572e.a) swap on sd1b dump on sd1b
> > inteldrm0: 1366x768, 32bpp
> > wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
> > wskbd1: connecting to wsdisplay0
> > wsdisplay0: screen 1-5 added (std, vt100 emulation)
> >

Reply | Threaded
Open this post in threaded view
|

Re: openat(2) after unveil(2) bug

Bob Beck-2
In reply to this post by Theo de Raadt-2
> Benjamin Baier <[hidden email]> wrote:
>
> > using openat(2) after unveil(2) seems to misbehave.
> > Isolated test case below. I expect the code to succesfully end with
> > exit code 0 but it fails with exit code 6.
> >
> > Greetings Ben
> >
> >
> > #include <stdio.h>
> > #include <fcntl.h>
> > #include <stdlib.h>
> > #include <string.h>
> > #include <errno.h>
> > #include <unistd.h>
> >
> > int try_openat(int, const char*);
> >
> > int
> > main(int argc, char *argv[])
> > {
> > int fd_tmp, fd_foo, fd_bar;
> >
> > /* shortcut */
> > system("mkdir -p /tmp/regress/unveil_openat/foo/bar");
> >    
> > fd_tmp = open("/tmp/regress/unveil_openat",
> >    O_RDONLY | O_DIRECTORY);
> > if (fd_tmp == -1)
> > return 1;
> >
> > fd_foo = try_openat(fd_tmp, "foo");
> > if (fd_foo == -1)
> > return 2;
> >
> > fd_bar = try_openat(fd_foo, "bar");
> > if (fd_bar == -1)
> > return 3;
> >
> > if (unveil("/tmp/regress/unveil_openat", "rx") == -1)
> > return 4;
> >
> > fd_foo = try_openat(fd_tmp, "foo");
> > if (fd_foo == -1)
> > return 5;
> >
> > fd_bar = try_openat(fd_foo, "bar");
> > if (fd_bar == -1)
> > return 6;
> >
> > return 0;
> > }
> >
> > int
> > try_openat(int fd, const char *dir)
> > {
> > int fd_new;
> >
> > fd_new = openat(fd, dir, O_RDONLY | O_DIRECTORY);
> > if (fd_new == -1)
> > printf("%s: %s\n", dir, strerror(errno));
> > else
> > printf("%s: ok\n", dir);
> > return fd_new;
> > }


Greetings Benjamin!

Thanks for the well written test case!

So, the issue here is that unveil wasn't dealing correctly with the case where
a relative path lookup was started from a directory file descriptor instead of
the current working directory. In the current working directory case, unveil
has kept a cache of what unveil to use for the process's working directory.

Unfortunately in the arbirary openat() case this doesn't work. and in fact
it wouldn't have worked correctly for any of the *at things.  when you called
openat() from the descriptor corresponding to your unveil'ed directory, it worked
because it found the unveil at the starting point, but, when you called openat from
a directory below the unveil point, it never found a corresponding unveil, and your
lookup would fail.

Try the fix below (on current) which does work for me with your test case

-Bob

Index: kern/kern_unveil.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_unveil.c,v
retrieving revision 1.32
diff -u -p -u -p -r1.32 kern_unveil.c
--- kern/kern_unveil.c 5 Aug 2019 13:31:07 -0000 1.32
+++ kern/kern_unveil.c 8 Sep 2019 21:52:04 -0000
@@ -711,21 +711,50 @@ unveil_covered(struct unveil *uv, struct
 
 
 /*
- * Start a relative path lookup from current working directory unveil.
+ * Start a relative path lookup. Ensure we find whatever unveil covered
+ * where we start from, either by having a saved current working directory
+ * unveil, or by walking up and finding a cover the hard way if we are
+ * doing a non AT_FDCWD relative lookup. Caller passes a NULL dp
+ * if we are using AT_FDCWD.
  */
 void
-unveil_start_relative(struct proc *p, struct nameidata *ni)
+unveil_start_relative(struct proc *p, struct nameidata *ni, struct vnode *dp)
 {
- struct unveil *uv = p->p_p->ps_uvpcwd;
+ struct unveil *uv = NULL;
+
+ if (dp != NULL && p->p_p->ps_uvpaths != NULL) {
+ ssize_t uvi;
+ /*
+ * XXX
+ * This is a non AT_FDCWD relative lookup starting
+ * from a file descriptor. As such, we can't use the
+ * saved current working directory unveil. We walk up
+ * and find what we are covered by.
+ */
+ uv = unveil_lookup(dp, p, NULL);
+ if (uv == NULL) {
+ uvi = unveil_find_cover(dp, p);
+ if (uvi >= 0) {
+ KASSERT(uvi < p->p_p->ps_uvvcount);
+ uv = &p->p_p->ps_uvpaths[uvi];
+ }
+ }
+ }
+ else {
+ /*
+ * Check saved cwd unveil match.
+ *
+ * Since ps_uvpcwd is set on chdir (UNVEIL_READ) we
+ * don't need to go up any further as in the above
+ * case.
+ */
+ uv = p->p_p->ps_uvpcwd;
+ }
 
  /*
- * Check saved cwd unveil match.
- *
- * Since ps_uvpcwd is set on chdir (UNVEIL_READ)
- * we don't need to go up any further, if the flags
- * don't match, the cwd is not a match, and unless
- * we find a matching unveil later on a later component
- * of this lookup, we'll be out of luck
+ * If the flags don't match, we have no match from our
+ * starting point. If we do not find a matching unveil later
+ * on a later component of this lookup, we'll be out of luck
  */
  if (uv && (unveil_flagmatch(ni, uv->uv_flags))) {
 #ifdef DEBUG_UNVEIL
Index: kern/vfs_lookup.c
===================================================================
RCS file: /cvs/src/sys/kern/vfs_lookup.c,v
retrieving revision 1.82
diff -u -p -u -p -r1.82 vfs_lookup.c
--- kern/vfs_lookup.c 29 Jul 2019 12:35:19 -0000 1.82
+++ kern/vfs_lookup.c 8 Sep 2019 21:07:23 -0000
@@ -217,7 +217,7 @@ fail:
  } else if (ndp->ni_dirfd == AT_FDCWD) {
  dp = fdp->fd_cdir;
  vref(dp);
- unveil_start_relative(p, ndp);
+ unveil_start_relative(p, ndp, NULL);
  unveil_check_component(p, ndp, dp);
  } else {
  struct file *fp = fd_getfile(fdp, ndp->ni_dirfd);
@@ -232,6 +232,7 @@ fail:
  return (ENOTDIR);
  }
  vref(dp);
+ unveil_start_relative(p, ndp, dp);
  unveil_check_component(p, ndp, dp);
  FRELE(fp, p);
  }
Index: sys/namei.h
===================================================================
RCS file: /cvs/src/sys/sys/namei.h,v
retrieving revision 1.42
diff -u -p -u -p -r1.42 namei.h
--- sys/namei.h 2 Aug 2019 08:12:35 -0000 1.42
+++ sys/namei.h 8 Sep 2019 21:08:31 -0000
@@ -209,7 +209,7 @@ void unveil_removevnode(struct vnode *);
 void unveil_free_traversed_vnodes(struct nameidata *);
 ssize_t unveil_find_cover(struct vnode *, struct proc *);
 struct unveil *unveil_lookup(struct vnode *, struct proc *, ssize_t *);
-void unveil_start_relative(struct proc *, struct nameidata *);
+void unveil_start_relative(struct proc *, struct nameidata *, struct vnode *);
 void unveil_check_component(struct proc *, struct nameidata *, struct vnode *);
 int unveil_check_final(struct proc *, struct nameidata *);
 

Reply | Threaded
Open this post in threaded view
|

Re: openat(2) after unveil(2) bug

Alexander Bluhm
On Sun, Sep 08, 2019 at 04:05:04PM -0600, Bob Beck wrote:

> So, the issue here is that unveil wasn't dealing correctly with the case where
> a relative path lookup was started from a directory file descriptor instead of
> the current working directory. In the current working directory case, unveil
> has kept a cache of what unveil to use for the process's working directory.
>
> Unfortunately in the arbirary openat() case this doesn't work. and in fact
> it wouldn't have worked correctly for any of the *at things.  when you called
> openat() from the descriptor corresponding to your unveil'ed directory, it worked
> because it found the unveil at the starting point, but, when you called openat from
> a directory below the unveil point, it never found a corresponding unveil, and your
> lookup would fail.
>
> Try the fix below (on current) which does work for me with your test case
>
> -Bob

OK bluhm@

> + }
> + else {

This should be on a single line.

Reply | Threaded
Open this post in threaded view
|

Re: openat(2) after unveil(2) bug

Benjamin Baier
In reply to this post by Bob Beck-2

On Sun, 8 Sep 2019 16:05:04 -0600
Bob Beck <[hidden email]> wrote:

> Greetings Benjamin!
>
> Thanks for the well written test case!
>
> So, the issue here is that unveil wasn't dealing correctly with the case where
> a relative path lookup was started from a directory file descriptor instead of
> the current working directory. In the current working directory case, unveil
> has kept a cache of what unveil to use for the process's working directory.
>
> Unfortunately in the arbirary openat() case this doesn't work. and in fact
> it wouldn't have worked correctly for any of the *at things.  when you called
> openat() from the descriptor corresponding to your unveil'ed directory, it worked
> because it found the unveil at the starting point, but, when you called openat from
> a directory below the unveil point, it never found a corresponding unveil, and your
> lookup would fail.
>
> Try the fix below (on current) which does work for me with your test case
>
> -Bob

Works for me, thx.

- Ben

> Index: kern/kern_unveil.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/kern_unveil.c,v
> retrieving revision 1.32
> diff -u -p -u -p -r1.32 kern_unveil.c
> --- kern/kern_unveil.c 5 Aug 2019 13:31:07 -0000 1.32
> +++ kern/kern_unveil.c 8 Sep 2019 21:52:04 -0000
> @@ -711,21 +711,50 @@ unveil_covered(struct unveil *uv, struct
>  
>  
>  /*
> - * Start a relative path lookup from current working directory unveil.
> + * Start a relative path lookup. Ensure we find whatever unveil covered
> + * where we start from, either by having a saved current working directory
> + * unveil, or by walking up and finding a cover the hard way if we are
> + * doing a non AT_FDCWD relative lookup. Caller passes a NULL dp
> + * if we are using AT_FDCWD.
>   */
>  void
> -unveil_start_relative(struct proc *p, struct nameidata *ni)
> +unveil_start_relative(struct proc *p, struct nameidata *ni, struct vnode *dp)
>  {
> - struct unveil *uv = p->p_p->ps_uvpcwd;
> + struct unveil *uv = NULL;
> +
> + if (dp != NULL && p->p_p->ps_uvpaths != NULL) {
> + ssize_t uvi;
> + /*
> + * XXX
> + * This is a non AT_FDCWD relative lookup starting
> + * from a file descriptor. As such, we can't use the
> + * saved current working directory unveil. We walk up
> + * and find what we are covered by.
> + */
> + uv = unveil_lookup(dp, p, NULL);
> + if (uv == NULL) {
> + uvi = unveil_find_cover(dp, p);
> + if (uvi >= 0) {
> + KASSERT(uvi < p->p_p->ps_uvvcount);
> + uv = &p->p_p->ps_uvpaths[uvi];
> + }
> + }
> + }
> + else {
> + /*
> + * Check saved cwd unveil match.
> + *
> + * Since ps_uvpcwd is set on chdir (UNVEIL_READ) we
> + * don't need to go up any further as in the above
> + * case.
> + */
> + uv = p->p_p->ps_uvpcwd;
> + }
>  
>   /*
> - * Check saved cwd unveil match.
> - *
> - * Since ps_uvpcwd is set on chdir (UNVEIL_READ)
> - * we don't need to go up any further, if the flags
> - * don't match, the cwd is not a match, and unless
> - * we find a matching unveil later on a later component
> - * of this lookup, we'll be out of luck
> + * If the flags don't match, we have no match from our
> + * starting point. If we do not find a matching unveil later
> + * on a later component of this lookup, we'll be out of luck
>   */
>   if (uv && (unveil_flagmatch(ni, uv->uv_flags))) {
>  #ifdef DEBUG_UNVEIL
> Index: kern/vfs_lookup.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/vfs_lookup.c,v
> retrieving revision 1.82
> diff -u -p -u -p -r1.82 vfs_lookup.c
> --- kern/vfs_lookup.c 29 Jul 2019 12:35:19 -0000 1.82
> +++ kern/vfs_lookup.c 8 Sep 2019 21:07:23 -0000
> @@ -217,7 +217,7 @@ fail:
>   } else if (ndp->ni_dirfd == AT_FDCWD) {
>   dp = fdp->fd_cdir;
>   vref(dp);
> - unveil_start_relative(p, ndp);
> + unveil_start_relative(p, ndp, NULL);
>   unveil_check_component(p, ndp, dp);
>   } else {
>   struct file *fp = fd_getfile(fdp, ndp->ni_dirfd);
> @@ -232,6 +232,7 @@ fail:
>   return (ENOTDIR);
>   }
>   vref(dp);
> + unveil_start_relative(p, ndp, dp);
>   unveil_check_component(p, ndp, dp);
>   FRELE(fp, p);
>   }
> Index: sys/namei.h
> ===================================================================
> RCS file: /cvs/src/sys/sys/namei.h,v
> retrieving revision 1.42
> diff -u -p -u -p -r1.42 namei.h
> --- sys/namei.h 2 Aug 2019 08:12:35 -0000 1.42
> +++ sys/namei.h 8 Sep 2019 21:08:31 -0000
> @@ -209,7 +209,7 @@ void unveil_removevnode(struct vnode *);
>  void unveil_free_traversed_vnodes(struct nameidata *);
>  ssize_t unveil_find_cover(struct vnode *, struct proc *);
>  struct unveil *unveil_lookup(struct vnode *, struct proc *, ssize_t *);
> -void unveil_start_relative(struct proc *, struct nameidata *);
> +void unveil_start_relative(struct proc *, struct nameidata *, struct vnode *);
>  void unveil_check_component(struct proc *, struct nameidata *, struct vnode *);
>  int unveil_check_final(struct proc *, struct nameidata *);
>