[REVIEW/TEST] device liberation patches.

From: Poul-Henning Kamp <phk_at_phk.freebsd.dk>
Date: Sun, 27 Feb 2005 20:39:08 +0100
This patch decouples entirely the userland and kernel concept of
major+minor device number.

Userland will see a copy of the devfs inode number and the kernel
will see what it always saw.

After this patch goes into -current in the middle of march, we can
do away with the notion of major device numbers, and remove the 256
limit on number of device drivers and get rid of the stupid hole
in the minor number field and finally stand a chance to get the
locking of devices (struct cdev) hammered into a sensible format.

If anything breaks when running with this patch, a device major/minor
is passed through some covert channel between userland to the kernel
where it shouldn't be.

Such channels very likely implement security risks in relation to
jails/chroot, so they should be fixed properly and not just worked
around.

Poul-Henning

Index: fs/devfs/devfs_devs.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/devfs/devfs_devs.c,v
retrieving revision 1.33
diff -u -r1.33 devfs_devs.c
--- fs/devfs/devfs_devs.c	10 Feb 2005 12:22:17 -0000	1.33
+++ fs/devfs/devfs_devs.c	27 Feb 2005 19:16:35 -0000
_at__at_ -424,3 +424,32 _at__at_
 	if (ino < devfs_nextino)
 		devfs_nextino = ino;
 }
+
+/*
+ * Helper sysctl for devname(3).  We're given a struct cdev * and return
+ * the name, if any, registered by the device driver.
+ */
+static int
+sysctl_devname(SYSCTL_HANDLER_ARGS)
+{
+	int error;
+	dev_t ud;
+	struct cdev *dev, **dp;
+
+	error = SYSCTL_IN(req, &ud, sizeof (ud));
+	if (error)
+		return (error);
+	if (ud == NODEV)
+		return(EINVAL);
+	dp = devfs_itod(ud);
+	if (dp == NULL)
+		return(ENOENT);
+	dev = *dp;
+	if (dev == NULL)
+		return(ENOENT);
+	return(SYSCTL_OUT(req, dev->si_name, strlen(dev->si_name) + 1));
+	return (error);
+}
+
+SYSCTL_PROC(_kern, OID_AUTO, devname, CTLTYPE_OPAQUE|CTLFLAG_RW|CTLFLAG_ANYBODY,
+	NULL, 0, sysctl_devname, "", "devname(3) handler");
Index: fs/devfs/devfs_vnops.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/devfs/devfs_vnops.c,v
retrieving revision 1.105
diff -u -r1.105 devfs_vnops.c
--- fs/devfs/devfs_vnops.c	22 Feb 2005 18:17:31 -0000	1.105
+++ fs/devfs/devfs_vnops.c	27 Feb 2005 19:16:35 -0000
_at__at_ -441,7 +441,7 _at__at_
 		vap->va_mtime = dev->si_mtime;
 		fix(dev->si_ctime);
 		vap->va_ctime = dev->si_ctime;
-		vap->va_rdev = dev->si_udev;
+		vap->va_rdev = de->de_inode;
 	}
 	vap->va_gen = 0;
 	vap->va_flags = 0;
Index: kern/kern_conf.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_conf.c,v
retrieving revision 1.172
diff -u -r1.172 kern_conf.c
--- kern/kern_conf.c	22 Feb 2005 15:51:07 -0000	1.172
+++ kern/kern_conf.c	27 Feb 2005 19:16:35 -0000
_at__at_ -800,30 +800,3 _at__at_
 	free(cd, M_DEVBUF);
 	*cdp = NULL;
 }
-
-/*
- * Helper sysctl for devname(3).  We're given a struct cdev * and return
- * the name, if any, registered by the device driver.
- */
-static int
-sysctl_devname(SYSCTL_HANDLER_ARGS)
-{
-	int error;
-	dev_t ud;
-	struct cdev *dev;
-
-	error = SYSCTL_IN(req, &ud, sizeof (ud));
-	if (error)
-		return (error);
-	if (ud == NODEV)
-		return(EINVAL);
-	dev = findcdev(ud);
-	if (dev == NULL)
-		error = ENOENT;
-	else
-		error = SYSCTL_OUT(req, dev->si_name, strlen(dev->si_name) + 1);
-	return (error);
-}
-
-SYSCTL_PROC(_kern, OID_AUTO, devname, CTLTYPE_OPAQUE|CTLFLAG_RW|CTLFLAG_ANYBODY,
-	NULL, 0, sysctl_devname, "", "devname(3) handler");
-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk_at_FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
Received on Sun Feb 27 2005 - 18:39:10 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:29 UTC