On Mon, Jan 18, 2016 at 12:55:30PM +0100, Alexandre Ratchov wrote: > > Unfortunately, if pledge is used, pledge_ioctl() checks if the > vnode type is VCHR and the process ends up killed. > > The diff below fixes this by accepting the audio ioctls if the > vnode type is VBAD. >
I am unsure about returning 0 for something we know is wrong to do. Isn't possible to return an error ? As example, calling ioctl(TIOCGWINSZ) on no-tty device return ENOTTY. There is a difference between: - return 0 /* let deeper processing happen */ - return Exxx /* early return an error */ - return pledge_fail() /* kill the process */ I think the good approch would be to return an error. > Index: kern_pledge.c > =================================================================== > RCS file: /cvs/src/sys/kern/kern_pledge.c,v > retrieving revision 1.146 > diff -u -p -u -p -r1.146 kern_pledge.c > --- kern_pledge.c 9 Jan 2016 06:13:43 -0000 1.146 > +++ kern_pledge.c 17 Jan 2016 13:43:37 -0000 > @@ -1205,9 +1205,12 @@ pledge_ioctl(struct proc *p, long com, s > case AUDIO_GETENC: > case AUDIO_SETFD: > case AUDIO_GETPROPS: > - if (fp->f_type == DTYPE_VNODE && > - vp->v_type == VCHR && > + if (fp->f_type != DTYPE_VNODE) > + break; > + if (vp->v_type == VCHR && > cdevsw[major(vp->v_rdev)].d_open == audioopen) > + return (0); > + if (vp->v_type == VBAD) > return (0); > } > #endif /* NAUDIO > 0 */ > > -- Sebastien Marie
