From owner-freebsd-fs Mon Aug 28 10: 8:56 2000 Delivered-To: freebsd-fs@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 08B9E37B422 for ; Mon, 28 Aug 2000 10:08:51 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id NAA85978; Mon, 28 Aug 2000 13:06:17 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 28 Aug 2000 13:06:17 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Poul-Henning Kamp Cc: freebsd-fs@FreeBSD.ORG Subject: Re: procfs_lookup() and jail interaction In-Reply-To: <11697.967482003@critter> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-fs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 28 Aug 2000, Poul-Henning Kamp wrote: > In message , Robe > rt Watson writes: > > > >So I've largely resolved these concerns -- as a synthetic in-memory file > >system, procfs is not using the name cache -- the issue I'm running into > >now in procfs is with the open() syscall. Following the p_stuff patches, > >procfs_getattrt() and so on all return ENOENT. However, an attempt to > >call open(/proc/1, O_CREAT) results in an EISDIR error, instead of EROFS. > >I believe this may be a result of that type check happening in vn_open, > >above the VFS layer, resulting in procfs_* never seeing the request, and > >thereby revealing the presence of the directory. > > Uhm, isn't a VOP_GETATTR() done to find out what we're fiddling ? > > How else would it know that it is a directory ? So perhaps I need to do some more tracing to track this down further, but my believe is that procfs_getattr() should not be returning information to the calling process: switch (pfs->pfs_type) { case Proot: case Pcurproc: procp = 0; break; default: procp = PFIND(pfs->pfs_pid); if (procp == 0 || procp->p_cred == NULL || procp->p_ucred == NULL) return (ENOENT); if (p_cansee(ap->a_p, procp, NULL)) return (ENOENT); } However: alsvid:/data/fbsd-commit/src/sys/miscfs/procfs> touch /proc/1 alsvid:/data/fbsd-commit/src/sys/miscfs/procfs> su Password: alsvid# sysctl -w kern.ps_showallprocs=0 kern.ps_showallprocs: 1 -> 0 alsvid# exit alsvid:/data/fbsd-commit/src/sys/miscfs/procfs> touch /proc/1 touch: /proc/1: Is a directory alsvid:/data/fbsd-commit/src/sys/miscfs/procfs> But: alsvid:/data/fbsd-commit/src/sys/miscfs/procfs> ktrace touch /proc/1 touch: /proc/1: Is a directory alsvid:/data/fbsd-commit/src/sys/miscfs/procfs> kdump ... 260 touch CALL stat(0xbfbffc42,0xbfbffaa0) 260 touch NAMI "/proc/1" 260 touch RET stat -1 errno 2 No such file or directory 260 touch CALL open(0xbfbffc42,0x201,0x1b6) 260 touch NAMI "/proc/1" 260 touch RET open -1 errno 21 Is a directory So open() is returning EISDIR. It looks like vn_open looks directory at vp->v_type to determine if it's a directory, not relying on the results of VOP_GETATTR: if ((fmode & O_CREAT) == 0) { mode = 0; if (fmode & (FWRITE | O_TRUNC)) { if (vp->v_type == VDIR) { error = EISDIR; goto bad; } So the check is still happening above the VFS layer. I'll look at the code further this evening. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message