tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: factoring out the change_root() and making exporting change_{root,dir}() as interface
On Wed, Jul 29, 2009 at 04:51:57PM +0000, David Holland wrote:
> On Wed, Jul 29, 2009 at 06:13:19PM +0200, Christoph Badura wrote:
> > change_dir() actually does the namei() lookup currently.
> Yeah, and not the chdir, as Elad pointed out.
>
> > I suppose it's possible to change the interface by moving a small bit
> > of common code out of it.
> Probably better would be to move the common nameidata initialization
> into it, and return a vnode out.
>
> But in any event its name needs to be changed. :-|
I don't care about the name. I'm more interested in removing the "static"
in front of it.
So you would like it more like this:
Index: kern/vfs_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.396
diff -u -r1.396 vfs_syscalls.c
--- kern/vfs_syscalls.c 2 Jul 2009 12:53:47 -0000 1.396
+++ kern/vfs_syscalls.c 1 Aug 2009 11:58:04 -0000
@@ -110,7 +110,6 @@
MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount struct");
-static int change_dir(struct nameidata *, struct lwp *);
static int change_flags(struct vnode *, u_long, struct lwp *);
static int change_mode(struct vnode *, int, struct lwp *l);
static int change_owner(struct vnode *, uid_t, gid_t, struct lwp *, int);
@@ -1126,7 +1125,6 @@
sys_fchroot(struct lwp *l, const struct sys_fchroot_args *uap, register_t
*retval)
{
struct proc *p = l->l_proc;
- struct cwdinfo *cwdi;
struct vnode *vp;
file_t *fp;
int error, fd = SCARG(uap, fd);
@@ -1135,7 +1133,7 @@
KAUTH_REQ_SYSTEM_CHROOT_FCHROOT, NULL, NULL, NULL)) != 0)
return error;
/* fd_getvnode() will use the descriptor for us */
- if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
+ if ((error = fd_getvnode(fd, &fp)) != 0)
return error;
vp = fp->f_data;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
@@ -1148,27 +1146,7 @@
goto out;
VREF(vp);
- /*
- * Prevent escaping from chroot by putting the root under
- * the working directory. Silently chdir to / if we aren't
- * already there.
- */
- cwdi = p->p_cwdi;
- rw_enter(&cwdi->cwdi_lock, RW_WRITER);
- if (!vn_isunder(cwdi->cwdi_cdir, vp, l)) {
- /*
- * XXX would be more failsafe to change directory to a
- * deadfs node here instead
- */
- vrele(cwdi->cwdi_cdir);
- VREF(vp);
- cwdi->cwdi_cdir = vp;
- }
-
- if (cwdi->cwdi_rdir != NULL)
- vrele(cwdi->cwdi_rdir);
- cwdi->cwdi_rdir = vp;
- rw_exit(&cwdi->cwdi_lock);
+ change_root(p->p_cwdi, vp, l);
out:
fd_putfile(fd);
@@ -1188,16 +1166,15 @@
struct proc *p = l->l_proc;
struct cwdinfo *cwdi;
int error;
- struct nameidata nd;
+ struct vnode *vp;
- NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
- SCARG(uap, path));
- if ((error = change_dir(&nd, l)) != 0)
+ if ((error = chdir_lookup(SCARG(uap, path), UIO_USERSPACE,
+ &vp, l)) != 0)
return (error);
cwdi = p->p_cwdi;
rw_enter(&cwdi->cwdi_lock, RW_WRITER);
vrele(cwdi->cwdi_cdir);
- cwdi->cwdi_cdir = nd.ni_vp;
+ cwdi->cwdi_cdir = vp;
rw_exit(&cwdi->cwdi_lock);
return (0);
}
@@ -1213,24 +1190,31 @@
syscallarg(const char *) path;
} */
struct proc *p = l->l_proc;
- struct cwdinfo *cwdi;
- struct vnode *vp;
int error;
- struct nameidata nd;
+ struct vnode *vp;
if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHROOT,
KAUTH_REQ_SYSTEM_CHROOT_CHROOT, NULL, NULL, NULL)) != 0)
return (error);
- NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
- SCARG(uap, path));
- if ((error = change_dir(&nd, l)) != 0)
+ if ((error = chdir_lookup(SCARG(uap, path), UIO_USERSPACE,
+ &vp, l)) != 0)
return (error);
- cwdi = p->p_cwdi;
+ change_root(p->p_cwdi, vp, l);
+
+ return (0);
+}
+
+/*
+ * Common routine for chroot and fchroot.
+ */
+void
+change_root(struct cwdinfo *cwdi, struct vnode *vp, struct lwp *l)
+{
+
rw_enter(&cwdi->cwdi_lock, RW_WRITER);
if (cwdi->cwdi_rdir != NULL)
vrele(cwdi->cwdi_rdir);
- vp = nd.ni_vp;
cwdi->cwdi_rdir = vp;
/*
@@ -1248,31 +1232,31 @@
cwdi->cwdi_cdir = vp;
}
rw_exit(&cwdi->cwdi_lock);
-
- return (0);
}
/*
* Common routine for chroot and chdir.
*/
-static int
-change_dir(struct nameidata *ndp, struct lwp *l)
+int
+chdir_lookup(const char *path, int where, struct vnode **vpp, struct lwp *l)
{
- struct vnode *vp;
+ struct nameidata nd;
int error;
- if ((error = namei(ndp)) != 0)
+ NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, where,
+ path);
+ if ((error = namei(&nd)) != 0)
return (error);
- vp = ndp->ni_vp;
- if (vp->v_type != VDIR)
+ *vpp = nd.ni_vp;
+ if ((*vpp)->v_type != VDIR)
error = ENOTDIR;
else
- error = VOP_ACCESS(vp, VEXEC, l->l_cred);
+ error = VOP_ACCESS(*vpp, VEXEC, l->l_cred);
if (error)
- vput(vp);
+ vput(*vpp);
else
- VOP_UNLOCK(vp, 0);
+ VOP_UNLOCK(*vpp, 0);
return (error);
}
Index: sys/vfs_syscalls.h
===================================================================
RCS file: /cvsroot/src/sys/sys/vfs_syscalls.h,v
retrieving revision 1.11
diff -u -r1.11 vfs_syscalls.h
--- sys/vfs_syscalls.h 2 Jul 2009 12:56:40 -0000 1.11
+++ sys/vfs_syscalls.h 1 Aug 2009 11:58:04 -0000
@@ -65,4 +65,7 @@
int do_sys_mknod(struct lwp *l, const char *, mode_t, dev_t, register_t *);
int do_sys_mkdir(const char *, mode_t);
+int chdir_lookup(const char *, int, struct vnode **, struct lwp *);
+void change_root(struct cwdinfo *, struct vnode *, struct lwp *);
+
#endif /* _SYS_VFS_SYSCALLS_H_ */
--chris
Home |
Main Index |
Thread Index |
Old Index