Page MenuHomeFreeBSD
Differential D40680

ktrace: Record namei violations with KTR_CAPFAIL
ClosedPublic
Actions

Authored by jfree on Jun 20 2023, 10:08 PM.
Tags
Referenced Files
Unknown Object (File)
Fri, Nov 15, 6:59 AM
Unknown Object (File)
Thu, Nov 14, 2:46 AM
Unknown Object (File)
Sat, Nov 9, 2:52 PM
Unknown Object (File)
Thu, Nov 7, 4:00 PM
Unknown Object (File)
Wed, Nov 6, 9:15 PM
Unknown Object (File)
Tue, Nov 5, 7:39 AM
Unknown Object (File)
Oct 18 2024, 7:51 AM
Unknown Object (File)
Oct 17 2024, 1:59 PM
View All 98 Files
Subscribers
glebius
imp
olce

Details

Reviewers
markj
Commits
rG6d2a673f7ec5: ktrace: Record namei violations with KTR_CAPFAIL
rG0cd9cde767c3: ktrace: Record namei violations with KTR_CAPFAIL
Summary
Report namei path lookups while Capsicum violation tracing with
CAPFAIL_NAMEI. vfs caching is also ignored when tracing to mimic
capability mode behavior.

Programs that are not yet Capsicumized may be traced to discover
potential capability failures. With `ktrace -t p` and kdump, you
are given a list of syscalls as a starting point for program
Capsicumization.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jfree created this revision.Jun 20 2023, 10:08 PM
Herald added a subscriber: imp. · View Herald TranscriptJun 20 2023, 10:08 PM
jfree requested review of this revision.Jun 20 2023, 10:08 PM
jfree updated this revision to Diff 123577.Jun 20 2023, 10:19 PM

Change NI_LCF_STRICTRELATIVE to NI_LCF_STRICTREL where applicable.

jfree added a parent revision: D40676: ktrace: Record detailed ECAPMODE violations.Jun 20 2023, 10:21 PM
markj added inline comments.Sep 28 2023, 4:42 PM
sys/kern/uipc_syscalls.c
477

Consider making it a bit clearer that this is symbolic by writing "<AT_FDCWD>" instead, same above.

sys/kern/vfs_lookup.c
243

Are you sure that this string is nul-terminated?

jfree marked an inline comment as done.Jan 9 2024, 4:14 AM
jfree added inline comments.
sys/kern/vfs_lookup.c
243

Are you sure that this string is nul-terminated?

It looks like cn_pnbuf is copied in using copyinstr(9) inside of namei_getpath(). A quick look at some copyinstr(9) assembly indicates that its return buffer will be nul-terminated upon success.

namei_getpath() is called at the beginning of the namei() routine, so I'm pretty certain that cn_pnbuf should always be nul-terminated.

jfree added inline comments.Jan 9 2024, 4:22 AM
sys/kern/vfs_lookup.c
243

I should also note that it doesn't look like cn_pnbuf is modified anywhere, so its nul-terminator should never be overwritten.

jfree updated this revision to Diff 132477.Jan 9 2024, 4:28 AM

Replace all instances of "AT_FDCWD" with "<AT_FDCWD>" when reporting a violation via ktrcapfail().

markj accepted this revision.Jan 18 2024, 3:46 PM
This revision is now accepted and ready to land.Jan 18 2024, 3:46 PM
jfree retitled this revision from ktrace: Record vfs violations with KTR_CAPFAIL to ktrace: Record namei violations with KTR_CAPFAIL.Mar 10 2024, 4:23 AM
jfree edited the summary of this revision. (Show Details)
Herald added a subscriber: olce. · View Herald TranscriptMar 10 2024, 4:23 AM
jfree updated this revision to Diff 135580.Mar 10 2024, 4:24 AM
  • Record *namei* violations instead of vfs. Slight wording change for clarity.
  • Rebase on main after several months
This revision now requires review to proceed.Mar 10 2024, 4:24 AM
Harbormaster completed remote builds in B56529: Diff 135580.Mar 10 2024, 4:25 AM
markj accepted this revision.Mar 29 2024, 3:34 PM
This revision is now accepted and ready to land.Mar 29 2024, 3:34 PM
Herald added a subscriber: glebius. · View Herald TranscriptMar 29 2024, 3:34 PM
Closed by commit rG0cd9cde767c3: ktrace: Record namei violations with KTR_CAPFAIL (authored by jfree). · Explain WhyApr 7 2024, 11:58 PM
This revision was automatically updated to reflect the committed changes.
jfree added a commit: rG0cd9cde767c3: ktrace: Record namei violations with KTR_CAPFAIL.
jfree added a commit: rG6d2a673f7ec5: ktrace: Record namei violations with KTR_CAPFAIL.May 12 2024, 12:08 AM

Revision Contents
Changeset List

PathSize
sys/
kern/
4 lines
2 lines
8 lines
16 lines
2 lines
90 lines
sys/
11 lines

Diff 136663

View Options

sys/kern/kern_descrip.c

Loading...
View Options

sys/kern/kern_exec.c

Loading...
View Options

sys/kern/uipc_shm.c

Loading...
View Options

sys/kern/uipc_syscalls.c

Loading...
View Options

sys/kern/vfs_cache.c

Loading...
View Options

sys/kern/vfs_lookup.c

Loading...
View Options

sys/sys/namei.h

Loading...