On Mon, Jan 21, 2019 at 11:06:58AM +0100, Dariusz Sendkowski wrote:
> I applied this patch, as is, to the stable sources and it works now.
> Thanks.
>
>
I've tested this patch too on 6.4 on amd64 and it seems fixed now.
Thanks Ted for the patch :)
A quick little program to reproduce the issue:
#include <stdio.h>
#include <unistd.h>
int
main(void)
{
int i;
for (i = 0; i < 20000; ++i) {
printf("%d\n", i);
unveil("/nonexistant/ls", "x");
}
return 0;
}
>
> pon., 21 sty 2019 o 06:03 Ted Unangst <[email protected]> napisaĆ(a):
>
> > Ted Unangst wrote:
> > > Dariusz Sendkowski wrote:
> > > > Yes, it does.
> > > >
> > > > I extracted 'unveilcommands' function from doas.c and put it into a
> > > > standalone program to run it.
> > > > It turned out the result was the same as in doas command. When I
> > disable
> > > > unveil, then it works fine.
> > >
> > > This diff should fix the problem.
> >
> > Actually, miscalculation. This is a better diff. Sorry for the trouble.
> > Against current, but should be adaptable to stable.
> >
> > Index: vfs_syscalls.c
> > ===================================================================
> > RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v
> > retrieving revision 1.310
> > diff -u -p -r1.310 vfs_syscalls.c
> > --- vfs_syscalls.c 3 Jan 2019 21:52:31 -0000 1.310
> > +++ vfs_syscalls.c 21 Jan 2019 04:57:17 -0000
> > @@ -92,6 +92,7 @@ int dofutimens(struct proc *, int, struc
> > int dounmount_leaf(struct mount *, int, struct proc *);
> > int unveil_add(struct proc *, struct nameidata *, const char *);
> > void unveil_removevnode(struct vnode *vp);
> > +void unveil_free_traversed_vnodes(struct nameidata *);
> > ssize_t unveil_find_cover(struct vnode *, struct proc *);
> > struct unveil *unveil_lookup(struct vnode *, struct proc *, ssize_t *);
> >
> > @@ -911,7 +912,7 @@ sys_unveil(struct proc *p, void *v, regi
> >
> > nd.ni_pledge = PLEDGE_UNVEIL;
> > if ((error = namei(&nd)) != 0)
> > - return (error);
> > + goto end;
> >
> > /*
> > * XXX Any access to the file or directory will allow us to
> > @@ -948,6 +949,10 @@ sys_unveil(struct proc *p, void *v, regi
> > vrele(nd.ni_vp);
> > if (nd.ni_dvp && nd.ni_dvp != nd.ni_vp)
> > vrele(nd.ni_dvp);
> > +
> > + pool_put(&namei_pool, nd.ni_cnd.cn_pnbuf);
> > +end:
> > + unveil_free_traversed_vnodes(&nd);
> >
> > return (error);
> > }
> > Index: kern_unveil.c
> > ===================================================================
> > RCS file: /cvs/src/sys/kern/kern_unveil.c,v
> > retrieving revision 1.22
> > diff -u -p -r1.22 kern_unveil.c
> > --- kern_unveil.c 17 Jan 2019 03:26:19 -0000 1.22
> > +++ kern_unveil.c 21 Jan 2019 05:01:26 -0000
> > @@ -630,8 +630,6 @@ unveil_add(struct proc *p, struct nameid
> > done:
> > if (ret == 0)
> > unveil_add_traversed_vnodes(p, ndp);
> > - unveil_free_traversed_vnodes(ndp);
> > - pool_put(&namei_pool, ndp->ni_cnd.cn_pnbuf);
> > return ret;
> > }
> >
> >
--
Kind regards,
Hiltjo
