From 1bef2b773d616a2ffeac1f9e7c51cb3de9db0203 Mon Sep 17 00:00:00 2001 From: claudio Date: Wed, 23 Jun 2021 14:09:01 +0000 Subject: [PATCH] In unveil_add_vnode() refactor code around the indexes i and j. In one place the wrong index is used resulting in re-evaluating all unveil nodes. Also loop over over all but the last (just added vnode) -- again there is no need to re-evaluate the cover of the just added unveil. OK anton@ semarie@ --- sys/kern/kern_unveil.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/sys/kern/kern_unveil.c b/sys/kern/kern_unveil.c index 90b078b3bb4..782749a22a9 100644 --- a/sys/kern/kern_unveil.c +++ b/sys/kern/kern_unveil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_unveil.c,v 1.42 2021/06/15 18:42:23 claudio Exp $ */ +/* $OpenBSD: kern_unveil.c,v 1.43 2021/06/23 14:09:01 claudio Exp $ */ /* * Copyright (c) 2017-2019 Bob Beck @@ -420,12 +420,11 @@ unveil_add_vnode(struct proc *p, struct vnode *vp) { struct process *pr = p->p_p; struct unveil *uv = NULL; - ssize_t i, j; + ssize_t i; KASSERT(pr->ps_uvvcount < UNVEIL_MAX_VNODES); - i = pr->ps_uvvcount; - uv = &pr->ps_uvpaths[i]; + uv = &pr->ps_uvpaths[pr->ps_uvvcount++]; rw_init(&uv->uv_lock, "unveil"); RBT_INIT(unvname_rbt, &uv->uv_names); uv->uv_vp = vp; @@ -438,7 +437,6 @@ unveil_add_vnode(struct proc *p, struct vnode *vp) * work. */ uv->uv_flags = UNVEIL_INSPECT; - pr->ps_uvvcount++; /* find out what we are covered by */ uv->uv_cover = unveil_find_cover(vp, p); @@ -448,10 +446,10 @@ unveil_add_vnode(struct proc *p, struct vnode *vp) * and re-check what covers them (we could have * interposed a cover) */ - for (j = 0; j < pr->ps_uvvcount; j++) { + for (i = 0; i < pr->ps_uvvcount - 1; i++) { if (pr->ps_uvpaths[i].uv_cover == uv->uv_cover) - pr->ps_uvpaths[j].uv_cover = - unveil_find_cover(pr->ps_uvpaths[j].uv_vp, p); + pr->ps_uvpaths[i].uv_cover = + unveil_find_cover(pr->ps_uvpaths[i].uv_vp, p); } return (uv); -- 2.20.1