diff options
| author | John Levon <john.levon@joyent.com> | 2020-05-26 13:57:13 +0000 |
|---|---|---|
| committer | John Levon <john.levon@joyent.com> | 2020-05-26 13:57:13 +0000 |
| commit | 5b2acc0949194447bba6e45a0fa44d0b5f42f208 (patch) | |
| tree | 7ea9eb87bc68fee386dd39035ce715e87a0e673c /usr/src/uts/common/brand | |
| parent | 8ca018083101bf1cb175869679bc123187fb1bab (diff) | |
| parent | 2a1277d3064386cd5c4e372301007aa330bf1d5e (diff) | |
| download | illumos-joyent-gcc9.tar.gz | |
mergegcc9
Diffstat (limited to 'usr/src/uts/common/brand')
| -rw-r--r-- | usr/src/uts/common/brand/lx/os/lx_brand.c | 13 | ||||
| -rw-r--r-- | usr/src/uts/common/brand/lx/os/lx_lockd.c | 13 | ||||
| -rw-r--r-- | usr/src/uts/common/brand/lx/sys/lx_brand.h | 1 |
3 files changed, 24 insertions, 3 deletions
diff --git a/usr/src/uts/common/brand/lx/os/lx_brand.c b/usr/src/uts/common/brand/lx/os/lx_brand.c index fed6be37cf..c7e5351778 100644 --- a/usr/src/uts/common/brand/lx/os/lx_brand.c +++ b/usr/src/uts/common/brand/lx/os/lx_brand.c @@ -25,7 +25,7 @@ */ /* - * Copyright 2019 Joyent, Inc. + * Copyright 2020 Joyent, Inc. */ /* @@ -1402,8 +1402,15 @@ lx_brandsys(int cmd, int64_t *rval, uintptr_t arg1, uintptr_t arg2, if (p->p_brand == NULL) return (ENOSYS); - VERIFY(p->p_brand == &lx_brand); - VERIFY(p->p_brand_data != NULL); + /* + * Certain native applications may wish to start the lx_lockd process. + * Every other process that's not branded should be denied. + */ + if (p->p_brand != &lx_brand && cmd != B_START_NFS_LOCKD) + return (ENOSYS); + + if (cmd != B_START_NFS_LOCKD) + VERIFY(p->p_brand_data != NULL); switch (cmd) { case B_REGISTER: diff --git a/usr/src/uts/common/brand/lx/os/lx_lockd.c b/usr/src/uts/common/brand/lx/os/lx_lockd.c index d6d965398a..37b744b0e8 100644 --- a/usr/src/uts/common/brand/lx/os/lx_lockd.c +++ b/usr/src/uts/common/brand/lx/os/lx_lockd.c @@ -297,6 +297,18 @@ lx_upcall_statd(int op, struct nlm_globals *g, struct nlm_host *host) * as we pass to monitor, so that is also handled here by this same * brand hook. */ + + /* + * If the NLM was set up to be "v4 only" (i.e. no RPC call handlers + * to localhost at configure time), the semaphore is uninitialized, + * and will indefinitely hang. FURTHERMORE if just the semaphore + * was initialized, we'd still panic with a NULL nsm->ns_handle. + */ + if (g->nlm_v4_only) { + stat = RPC_SYSTEMERROR; + goto bail; + } + nlm_netbuf_to_netobj(&host->nh_addr, &family, &obj); nsm = &g->nlm_nsm; @@ -327,6 +339,7 @@ lx_upcall_statd(int op, struct nlm_globals *g, struct nlm_host *host) } sema_v(&nsm->ns_sem); +bail: if (stat != RPC_SUCCESS) { NLM_WARN("Failed to contact local statd, stat=%d", stat); if (op == SM_MON) { diff --git a/usr/src/uts/common/brand/lx/sys/lx_brand.h b/usr/src/uts/common/brand/lx/sys/lx_brand.h index 90d87d78a8..85aa5e34bd 100644 --- a/usr/src/uts/common/brand/lx/sys/lx_brand.h +++ b/usr/src/uts/common/brand/lx/sys/lx_brand.h @@ -94,6 +94,7 @@ extern "C" { #define B_LPID_TO_SPAIR 128 #define B_GET_CURRENT_CONTEXT 129 #define B_EMULATION_DONE 130 +/* Some native programs use B_START_NFS_LOCKD, so don't change this. */ #define B_START_NFS_LOCKD 131 #define B_BLOCK_ALL_SIGS 132 #define B_UNBLOCK_ALL_SIGS 133 |