Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Aug 2011 15:29:30 +0300
From:      Jaakko Heinonen <jh@FreeBSD.org>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, jonathan@FreeBSD.org
Subject:   Re: svn commit: r224778 - in head: sys/amd64/linux32 sys/cddl/compat/opensolaris/sys sys/compat/freebsd32 sys/compat/linux sys/compat/svr4 sys/dev/aac sys/dev/amr sys/dev/hwpmc sys/dev/ipmi sys/dev/isc...
Message-ID:  <20110816122930.GA44017@jh>
In-Reply-To: <201108111230.p7BCUNnS092831@svn.freebsd.org>
References:  <201108111230.p7BCUNnS092831@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi,

On 2011-08-11, Robert Watson wrote:
>   Second-to-last commit implementing Capsicum capabilities in the FreeBSD
>   kernel for FreeBSD 9.0:

This commit seems to have broken nfsd for me.

> Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
> ==============================================================================
> --- head/sys/fs/nfsserver/nfs_nfsdport.c	Thu Aug 11 11:30:21 2011	(r224777)
> +++ head/sys/fs/nfsserver/nfs_nfsdport.c	Thu Aug 11 12:30:23 2011	(r224778)
> @@ -3027,8 +3029,14 @@ nfssvc_nfsd(struct thread *td, struct nf
>  		error = copyin(uap->argp, (caddr_t)&sockarg, sizeof (sockarg));
>  		if (error)
>  			goto out;
> -		if ((error = fget(td, sockarg.sock, &fp)) != 0)
> +		/*
> +		 * Since we don't know what rights might be required,
> +		 * pretend that we need them all. It is better to be too
> +		 * careful than too reckless.
> +		 */
> +		if ((error = fget(td, sockarg.sock, CAP_SOCK_ALL, &fp)) != 0)
>  			goto out;
> +			return (error);

This for sure can't be correct. With the patch below nfsd seems to work
again for me.

%%%
Index: sys/fs/nfsserver/nfs_nfsdport.c
===================================================================
--- sys/fs/nfsserver/nfs_nfsdport.c	(revision 224908)
+++ sys/fs/nfsserver/nfs_nfsdport.c	(working copy)
@@ -3036,7 +3036,6 @@ nfssvc_nfsd(struct thread *td, struct nf
 		 */
 		if ((error = fget(td, sockarg.sock, CAP_SOCK_ALL, &fp)) != 0)
 			goto out;
-			return (error);
 		if (fp->f_type != DTYPE_SOCKET) {
 			fdrop(fp, td);
 			error = EPERM;
%%%

-- 
Jaakko

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110816122930.GA44017>