From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, NICE_REPLY_A,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 14261 invoked from network); 27 May 2022 00:35:15 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 27 May 2022 00:35:15 -0000 Received: from mail.posixcafe.org ([45.76.19.58]) by 9front; Thu May 26 20:33:46 -0400 2022 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=posixcafe.org; s=20200506; t=1653611622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ME5DcGwxB/Vgzr/ScyU6R3FaY63MNRP7zN8bp+ySIAA=; b=HwcIRnG0kwgvz1tSoaLgJtmsQ24Os6nHM3+vzmsfrBIKJ/hfMKFBal6WTmfI+FSxppb9xZ zCdglzCth3RmeFXt6VJWfRF4GP0TiPq3bXPNSpiJE0Y3PuVaq9STqTZzIPzRCyejoHoqE+ QRBu2Xz5tdSROWqXWv8i4mMXSD2KMwE= Received: from [192.168.168.200] (161-97-228-135.lpcnextlight.net [161.97.228.135]) by mail.posixcafe.org (OpenSMTPD) with ESMTPSA id 872bcbff (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <9front@9front.org>; Thu, 26 May 2022 19:33:42 -0500 (CDT) Message-ID: <3dd76207-af5a-eb0d-c56a-747ebe9965ad@posixcafe.org> Date: Thu, 26 May 2022 18:33:25 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Content-Language: en-US To: 9front@9front.org References: From: Jacob Moody In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: content-addressed injection-oriented lifecycle service pipelining component-aware CMS-oriented solution Subject: Re: [9front] [PATCH] Unmount to remove sharp devices. Reply-To: 9front@9front.org Precedence: bulk On 5/26/22 17:36, unobe@cpan.org wrote: > Great work on this moody. I have some (hopefully helpful) questions > below. > > > Quoth Jacob Moody : >> Another iteration. >> To state all of what this does: >> >> A process can remove access to a driver through writing >> >> chdev [ 0! ] devmask >> >> to /dev/drivers. This is tied to the processes namegroup, >> and is inherited on both RFCNAMEG and RFNAMEG. In order to provide >> all the knobs RFNOMNT does, blocking 'M' is interpreted to block all mounting. >> >> Support for this new operation has been added to namespace files, >> along with a matching chdev(1). /lib/namespace.ftp has been updated >> to use chdev. >> ... >> --- /tmp/diff100000711164 >> +++ b/rc/bin/chdev >> @@ -1,0 +1,3 @@ >> +#!/bin/rc >> + >> +echo chdev $* >> '#c/drivers' >> ... >> --- /tmp/diff100000711170 >> +++ b/sys/man/1/chdev >> @@ -1,0 +1,93 @@ >> +.TH CHDEV 1 >> +.SH NAME >> +chdev \- change kernel driver access >> +.SH SYNOPSIS >> +.B chdev >> +[ 0! ] \f2devmask\fP... > >> --- a/sys/src/9/port/dev.c >> +++ b/sys/src/9/port/dev.c >> @@ -31,6 +31,74 @@ >> } >> >> void >> +devmask(Pgrp *pgrp, char *devs) >> +{ >> + int i, t, w; >> + int invert; >> + char *p; >> + Rune r; >> + u64int mask[nelem(pgrp->notallowed)]; >> + >> + >> + invert = 1; >> + switch(*devs){ >> + case '!': >> + memset(mask, 0, sizeof mask); >> + devs++; >> + invert--; >> + break; >> + case '0': >> + devs = ""; >> + default: >> + memset(mask, 0xFF, sizeof mask); >> + break; >> + } >> + >> + w = sizeof mask[0] * 8; >> + for(p = devs; *p != '\0';){ >> + p += chartorune(&r, p); >> + t = devno(r, 1); >> + if(t == -1) >> + continue; >> + if(invert) >> + mask[t/w] &= ~(1<> + else >> + mask[t/w] |= 1<> + } > > What happens if '!!!' is the prefix? Should the '!' set invert = 0 > explicitly instead of invert--? Does '!0' allow access to all > drivers? > That switch case is not looped over. We only check the very first character for the prefix. The rest of the string is interpreted to be the driver string. In both of your cases the prefix is '!' and the driver string only contains '0' or '!', neither are real drivers so you block nothing.