From owner-svn-src-all@freebsd.org Wed Sep 28 09:28:28 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDDCBC00B90; Wed, 28 Sep 2016 09:28:28 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9DDDE1D5; Wed, 28 Sep 2016 09:28:28 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u8S9SRbx073352; Wed, 28 Sep 2016 09:28:27 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u8S9SRg5073343; Wed, 28 Sep 2016 09:28:27 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201609280928.u8S9SRg5073343@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Wed, 28 Sep 2016 09:28:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r306398 - in stable/11/sys: compat/freebsd32 kern sys X-SVN-Group: stable-11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2016 09:28:28 -0000 Author: kib Date: Wed Sep 28 09:28:26 2016 New Revision: 306398 URL: https://svnweb.freebsd.org/changeset/base/306398 Log: MFC r306081: Add PROC_TRAPCAP procctl(2) controls and global sysctl kern.trap_enocap. Modified: stable/11/sys/compat/freebsd32/freebsd32_misc.c stable/11/sys/kern/kern_fork.c stable/11/sys/kern/kern_procctl.c stable/11/sys/kern/subr_syscall.c stable/11/sys/kern/sys_capability.c stable/11/sys/sys/capsicum.h stable/11/sys/sys/proc.h stable/11/sys/sys/procctl.h stable/11/sys/sys/signal.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/compat/freebsd32/freebsd32_misc.c ============================================================================== --- stable/11/sys/compat/freebsd32/freebsd32_misc.c Wed Sep 28 08:45:42 2016 (r306397) +++ stable/11/sys/compat/freebsd32/freebsd32_misc.c Wed Sep 28 09:28:26 2016 (r306398) @@ -3048,6 +3048,7 @@ freebsd32_procctl(struct thread *td, str switch (uap->com) { case PROC_SPROTECT: case PROC_TRACE_CTL: + case PROC_TRAPCAP_CTL: error = copyin(PTRIN(uap->data), &flags, sizeof(flags)); if (error != 0) return (error); @@ -3077,6 +3078,7 @@ freebsd32_procctl(struct thread *td, str data = &x.rk; break; case PROC_TRACE_STATUS: + case PROC_TRAPCAP_STATUS: data = &flags; break; default: @@ -3095,6 +3097,7 @@ freebsd32_procctl(struct thread *td, str error = error1; break; case PROC_TRACE_STATUS: + case PROC_TRAPCAP_STATUS: if (error == 0) error = copyout(&flags, uap->data, sizeof(flags)); break; Modified: stable/11/sys/kern/kern_fork.c ============================================================================== --- stable/11/sys/kern/kern_fork.c Wed Sep 28 08:45:42 2016 (r306397) +++ stable/11/sys/kern/kern_fork.c Wed Sep 28 09:28:26 2016 (r306398) @@ -499,7 +499,7 @@ do_fork(struct thread *td, struct fork_r * Increase reference counts on shared objects. */ p2->p_flag = P_INMEM; - p2->p_flag2 = p1->p_flag2 & (P2_NOTRACE | P2_NOTRACE_EXEC); + p2->p_flag2 = p1->p_flag2 & (P2_NOTRACE | P2_NOTRACE_EXEC | P2_TRAPCAP); p2->p_swtick = ticks; if (p1->p_flag & P_PROFIL) startprofclock(p2); Modified: stable/11/sys/kern/kern_procctl.c ============================================================================== --- stable/11/sys/kern/kern_procctl.c Wed Sep 28 08:45:42 2016 (r306397) +++ stable/11/sys/kern/kern_procctl.c Wed Sep 28 09:28:26 2016 (r306398) @@ -336,6 +336,34 @@ trace_status(struct thread *td, struct p return (0); } +static int +trapcap_ctl(struct thread *td, struct proc *p, int state) +{ + + PROC_LOCK_ASSERT(p, MA_OWNED); + + switch (state) { + case PROC_TRAPCAP_CTL_ENABLE: + p->p_flag2 |= P2_TRAPCAP; + break; + case PROC_TRAPCAP_CTL_DISABLE: + p->p_flag2 &= ~P2_TRAPCAP; + break; + default: + return (EINVAL); + } + return (0); +} + +static int +trapcap_status(struct thread *td, struct proc *p, int *data) +{ + + *data = (p->p_flag2 & P2_TRAPCAP) != 0 ? PROC_TRAPCAP_CTL_ENABLE : + PROC_TRAPCAP_CTL_DISABLE; + return (0); +} + #ifndef _SYS_SYSPROTO_H_ struct procctl_args { idtype_t idtype; @@ -359,6 +387,7 @@ sys_procctl(struct thread *td, struct pr switch (uap->com) { case PROC_SPROTECT: case PROC_TRACE_CTL: + case PROC_TRAPCAP_CTL: error = copyin(uap->data, &flags, sizeof(flags)); if (error != 0) return (error); @@ -386,6 +415,7 @@ sys_procctl(struct thread *td, struct pr data = &x.rk; break; case PROC_TRACE_STATUS: + case PROC_TRAPCAP_STATUS: data = &flags; break; default: @@ -403,6 +433,7 @@ sys_procctl(struct thread *td, struct pr error = error1; break; case PROC_TRACE_STATUS: + case PROC_TRAPCAP_STATUS: if (error == 0) error = copyout(&flags, uap->data, sizeof(flags)); break; @@ -432,6 +463,10 @@ kern_procctl_single(struct thread *td, s return (trace_ctl(td, p, *(int *)data)); case PROC_TRACE_STATUS: return (trace_status(td, p, data)); + case PROC_TRAPCAP_CTL: + return (trapcap_ctl(td, p, *(int *)data)); + case PROC_TRAPCAP_STATUS: + return (trapcap_status(td, p, data)); default: return (EINVAL); } @@ -452,6 +487,7 @@ kern_procctl(struct thread *td, idtype_t case PROC_REAP_GETPIDS: case PROC_REAP_KILL: case PROC_TRACE_STATUS: + case PROC_TRAPCAP_STATUS: if (idtype != P_PID) return (EINVAL); } @@ -462,6 +498,7 @@ kern_procctl(struct thread *td, idtype_t case PROC_REAP_GETPIDS: case PROC_REAP_KILL: case PROC_TRACE_CTL: + case PROC_TRAPCAP_CTL: sx_slock(&proctree_lock); tree_locked = true; break; @@ -471,6 +508,7 @@ kern_procctl(struct thread *td, idtype_t tree_locked = true; break; case PROC_TRACE_STATUS: + case PROC_TRAPCAP_STATUS: tree_locked = false; break; default: Modified: stable/11/sys/kern/subr_syscall.c ============================================================================== --- stable/11/sys/kern/subr_syscall.c Wed Sep 28 08:45:42 2016 (r306397) +++ stable/11/sys/kern/subr_syscall.c Wed Sep 28 09:28:26 2016 (r306398) @@ -165,12 +165,25 @@ static inline void syscallret(struct thread *td, int error, struct syscall_args *sa) { struct proc *p, *p2; - int traced; + ksiginfo_t ksi; + int traced, error1; KASSERT((td->td_pflags & TDP_FORKING) == 0, ("fork() did not clear TDP_FORKING upon completion")); p = td->td_proc; + if ((trap_enotcap || (p->p_flag2 & P2_TRAPCAP) != 0) && + IN_CAPABILITY_MODE(td)) { + error1 = (td->td_pflags & TDP_NERRNO) == 0 ? error : + td->td_errno; + if (error1 == ENOTCAPABLE || error1 == ECAPMODE) { + ksiginfo_init_trap(&ksi); + ksi.ksi_signo = SIGTRAP; + ksi.ksi_errno = error1; + ksi.ksi_code = TRAP_CAP; + trapsignal(td, &ksi); + } + } /* * Handle reschedule and other end-of-syscall issues Modified: stable/11/sys/kern/sys_capability.c ============================================================================== --- stable/11/sys/kern/sys_capability.c Wed Sep 28 08:45:42 2016 (r306397) +++ stable/11/sys/kern/sys_capability.c Wed Sep 28 09:28:26 2016 (r306398) @@ -83,6 +83,10 @@ __FBSDID("$FreeBSD$"); #include #include +int trap_enotcap; +SYSCTL_INT(_kern, OID_AUTO, trap_enotcap, CTLFLAG_RW, &trap_enotcap, 0, + "Deliver SIGTRAP on ENOTCAPABLE"); + #ifdef CAPABILITY_MODE FEATURE(security_capability_mode, "Capsicum Capability Mode"); Modified: stable/11/sys/sys/capsicum.h ============================================================================== --- stable/11/sys/sys/capsicum.h Wed Sep 28 08:45:42 2016 (r306397) +++ stable/11/sys/sys/capsicum.h Wed Sep 28 09:28:26 2016 (r306398) @@ -368,6 +368,8 @@ int cap_ioctl_check(struct filedesc *fdp int cap_fcntl_check_fde(struct filedescent *fde, int cmd); int cap_fcntl_check(struct filedesc *fdp, int fd, int cmd); +extern int trap_enotcap; + #else /* !_KERNEL */ __BEGIN_DECLS Modified: stable/11/sys/sys/proc.h ============================================================================== --- stable/11/sys/sys/proc.h Wed Sep 28 08:45:42 2016 (r306397) +++ stable/11/sys/sys/proc.h Wed Sep 28 09:28:26 2016 (r306398) @@ -716,6 +716,7 @@ struct proc { #define P2_NOTRACE_EXEC 0x00000004 /* Keep P2_NOPTRACE on exec(2). */ #define P2_AST_SU 0x00000008 /* Handles SU ast for kthreads. */ #define P2_PTRACE_FSTP 0x00000010 /* SIGSTOP from PT_ATTACH not yet handled. */ +#define P2_TRAPCAP 0x00000020 /* SIGTRAP on ENOTCAPABLE */ /* Flags protected by proctree_lock, kept in p_treeflags. */ #define P_TREE_ORPHANED 0x00000001 /* Reparented, on orphan list */ Modified: stable/11/sys/sys/procctl.h ============================================================================== --- stable/11/sys/sys/procctl.h Wed Sep 28 08:45:42 2016 (r306397) +++ stable/11/sys/sys/procctl.h Wed Sep 28 09:28:26 2016 (r306398) @@ -43,6 +43,8 @@ #define PROC_REAP_KILL 6 /* kill descendants */ #define PROC_TRACE_CTL 7 /* en/dis ptrace and coredumps */ #define PROC_TRACE_STATUS 8 /* query tracing status */ +#define PROC_TRAPCAP_CTL 9 /* trap capability errors */ +#define PROC_TRAPCAP_STATUS 10 /* query trap capability status */ /* Operations for PROC_SPROTECT (passed in integer arg). */ #define PPROT_OP(x) ((x) & 0xf) @@ -102,6 +104,9 @@ struct procctl_reaper_kill { #define PROC_TRACE_CTL_DISABLE 2 #define PROC_TRACE_CTL_DISABLE_EXEC 3 +#define PROC_TRAPCAP_CTL_ENABLE 1 +#define PROC_TRAPCAP_CTL_DISABLE 2 + #ifndef _KERNEL __BEGIN_DECLS int procctl(idtype_t, id_t, int, void *); Modified: stable/11/sys/sys/signal.h ============================================================================== --- stable/11/sys/sys/signal.h Wed Sep 28 08:45:42 2016 (r306397) +++ stable/11/sys/sys/signal.h Wed Sep 28 09:28:26 2016 (r306398) @@ -291,6 +291,7 @@ typedef struct __siginfo { #define TRAP_BRKPT 1 /* Process breakpoint. */ #define TRAP_TRACE 2 /* Process trace trap. */ #define TRAP_DTRACE 3 /* DTrace induced trap. */ +#define TRAP_CAP 4 /* Capabilities protective trap. */ /* codes for SIGCHLD */ #define CLD_EXITED 1 /* Child has exited */