[src/trunk]: src Revert defective O_SEARCH implementation committed by manu@ ...

[dholland <dholland%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/85c82b0cb137
branches:  trunk
changeset: 783948:85c82b0cb137
user:      dholland <dholland%NetBSD.org@localhost>
date:      Sun Jan 13 08:15:02 2013 +0000

description:
Revert defective O_SEARCH implementation committed by manu@ along with
the *at system calls on November 18th of last year. Reasons to revert
it include:
   - it is incorrect in a whole variety of ways (but fortunately, one
     of them is that the missing and improper permission checks have
     no net effect);
   - it was committed without review or discussion;
   - core ruled that all the new O_* flags pertaining to the *at calls
     needed to wait until their semantics could be clarified.

manu was asked to revert it on these grounds but has ignored the request.

I have left O_SEARCH defined and visible and made open() explicitly
ignore it. This way, most code that tries to use it will continue to
build and run. I've also arranged lib/libc/c063/t_o_search.c so that
the tests that make use of the O_SEARCH semantics will disappear until
O_SEARCH comes back, and fixed some mistakes and/or incorrect hacks
that were causing some of these to succeed despite the broken O_SEARCH
implementation.

diffstat:

 lib/libc/sys/access.2            |  27 +++++++++++++---
 lib/libc/sys/chmod.2             |  15 ++++++++-
 lib/libc/sys/chown.2             |  19 ++++++++---
 lib/libc/sys/link.2              |  27 +++++++++++++---
 lib/libc/sys/mkdir.2             |  19 ++++++++---
 lib/libc/sys/mkfifo.2            |  19 ++++++++---
 lib/libc/sys/mknod.2             |  19 ++++++++---
 lib/libc/sys/open.2              |  61 ++++++++++++++++++++++-----------------
 lib/libc/sys/readlink.2          |  19 ++++++++---
 lib/libc/sys/rename.2            |  27 +++++++++++++---
 lib/libc/sys/stat.2              |  19 ++++++++---
 lib/libc/sys/symlink.2           |  19 ++++++++---
 lib/libc/sys/unlink.2            |  19 ++++++++---
 lib/libc/sys/utimes.2            |  19 ++++++++---
 sys/kern/vfs_syscalls.c          |  40 ++++++-------------------
 sys/sys/fcntl.h                  |   7 +--
 tests/lib/libc/c063/t_o_search.c |  48 ++++++++++++++++++++++++------
 17 files changed, 279 insertions(+), 144 deletions(-)

diffs (truncated from 844 to 300 lines):

diff -r 76305a02082e -r 85c82b0cb137 lib/libc/sys/access.2
--- a/lib/libc/sys/access.2     Sun Jan 13 08:05:30 2013 +0000
+++ b/lib/libc/sys/access.2     Sun Jan 13 08:15:02 2013 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: access.2,v 1.31 2013/01/12 19:21:48 dholland Exp $
+.\"    $NetBSD: access.2,v 1.32 2013/01/13 08:15:02 dholland Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -107,11 +107,26 @@
 The file descriptor
 .Fa fd
 must name a directory.
-Search permission is required on this directory except if
-.Fa fd
-was opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required on this directory.
+.\"    (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory, except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\"    - or -
+.\" The directory referred to by
+.\" .Fa fd
+.\" must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\"    - or -
+.\" The directory referred to by
+.\" .Fa fd
+.\" must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag or must be searchable by the current process at the time the
+.\" call is made.
 .Pp
 The
 .Fa flags
diff -r 76305a02082e -r 85c82b0cb137 lib/libc/sys/chmod.2
--- a/lib/libc/sys/chmod.2      Sun Jan 13 08:05:30 2013 +0000
+++ b/lib/libc/sys/chmod.2      Sun Jan 13 08:15:02 2013 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: chmod.2,v 1.44 2012/12/01 21:07:00 wiz Exp $
+.\"    $NetBSD: chmod.2,v 1.45 2013/01/13 08:15:02 dholland Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -90,7 +90,18 @@
 In that case, it is looked up from a directory whose file
 descriptor was passed as
 .Fa fd .
-Search permission is required on
+Search permission is required on this directory.
+.\"    (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\"    - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
 .Fa fd
 except if that file descriptor was opened with the
 .Dv O_SEARCH
diff -r 76305a02082e -r 85c82b0cb137 lib/libc/sys/chown.2
--- a/lib/libc/sys/chown.2      Sun Jan 13 08:05:30 2013 +0000
+++ b/lib/libc/sys/chown.2      Sun Jan 13 08:15:02 2013 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: chown.2,v 1.34 2012/12/01 20:53:10 wiz Exp $
+.\"    $NetBSD: chown.2,v 1.35 2013/01/13 08:15:02 dholland Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993, 1994
 .\"    The Regents of the University of California.  All rights reserved.
@@ -119,11 +119,18 @@
 In that case, it is looked up from a directory whose file
 descriptor was passed as
 .Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required on this directory.
+.\"    (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\"    - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
 .Fa fd
 can be set to
 .Dv AT_FDCWD
diff -r 76305a02082e -r 85c82b0cb137 lib/libc/sys/link.2
--- a/lib/libc/sys/link.2       Sun Jan 13 08:05:30 2013 +0000
+++ b/lib/libc/sys/link.2       Sun Jan 13 08:15:02 2013 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: link.2,v 1.29 2012/12/01 20:48:26 wiz Exp $
+.\"    $NetBSD: link.2,v 1.30 2013/01/13 08:15:02 dholland Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993, 2011
 .\"    The Regents of the University of California.  All rights reserved.
@@ -94,11 +94,26 @@
 .Fa fd1
 (resp.
 .Fa fd2 ) .
-Search permission is required on
-passed directory file descriptors
-except if they were opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required on the directories named by
+.Fa fd1
+and
+.Fa fd2.
+.\"    (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on the directories named by
+.\" .Fa fd1
+.\" and
+.\" .Fa fd2
+.\" unless they were opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\"    - or -
+.\" The directories named by
+.\" .Fa fd1
+.\" and
+.\" .Fa fd2
+.\" must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
 .Fa fd1
 or
 .Fa fd2
diff -r 76305a02082e -r 85c82b0cb137 lib/libc/sys/mkdir.2
--- a/lib/libc/sys/mkdir.2      Sun Jan 13 08:05:30 2013 +0000
+++ b/lib/libc/sys/mkdir.2      Sun Jan 13 08:15:02 2013 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: mkdir.2,v 1.26 2012/12/01 20:55:13 wiz Exp $
+.\"    $NetBSD: mkdir.2,v 1.27 2013/01/13 08:15:02 dholland Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -62,11 +62,18 @@
 In that case, it is looked up from a directory whose file
 descriptor was passed as
 .Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required this directory.
+.\"    (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\"    - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
 .Fa fd
 can be set to
 .Dv AT_FDCWD
diff -r 76305a02082e -r 85c82b0cb137 lib/libc/sys/mkfifo.2
--- a/lib/libc/sys/mkfifo.2     Sun Jan 13 08:05:30 2013 +0000
+++ b/lib/libc/sys/mkfifo.2     Sun Jan 13 08:15:02 2013 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: mkfifo.2,v 1.24 2012/12/01 21:07:00 wiz Exp $
+.\"    $NetBSD: mkfifo.2,v 1.25 2013/01/13 08:15:02 dholland Exp $
 .\"
 .\" Copyright (c) 1990, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -64,11 +64,18 @@
 In that case, it is looked up from a directory whose file
 descriptor was passed as
 .Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required on this directory.
+.\"    (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\"    - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
 .Fa fd
 can be set to
 .Dv AT_FDCWD
diff -r 76305a02082e -r 85c82b0cb137 lib/libc/sys/mknod.2
--- a/lib/libc/sys/mknod.2      Sun Jan 13 08:05:30 2013 +0000
+++ b/lib/libc/sys/mknod.2      Sun Jan 13 08:15:02 2013 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: mknod.2,v 1.25 2012/12/01 21:07:00 wiz Exp $
+.\"    $NetBSD: mknod.2,v 1.26 2013/01/13 08:15:02 dholland Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -67,11 +67,18 @@
 In that case, it is looked up from a directory whose file
 descriptor was passed as
 .Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-option.
+Search permission is required on this directory.
+.\"    (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\"    - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
 .Fa fd
 can be set to
 .Dv AT_FDCWD
diff -r 76305a02082e -r 85c82b0cb137 lib/libc/sys/open.2
--- a/lib/libc/sys/open.2       Sun Jan 13 08:05:30 2013 +0000
+++ b/lib/libc/sys/open.2       Sun Jan 13 08:15:02 2013 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: open.2,v 1.54 2012/12/01 21:07:00 wiz Exp $
+.\"    $NetBSD: open.2,v 1.55 2013/01/13 08:15:02 dholland Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -62,11 +62,18 @@
 In that case, it is looked up from a directory whose file
 descriptor was passed as
 .Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-option.
+Search permission is required on this directory.
+.\"    (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\"    - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
 .Fa fd
 can be set to
 .Dv AT_FDCWD
@@ -187,23 +194,24 @@
 signal to be sent to the process group
 when I/O is possible, e.g.,
 upon availability of data to be read.
-.It Dv O_SEARCH
-If opening a directory, search permission checks will not be performed on
-subsequent usage of the file descriptor for looking up relative paths by
-.Xr faccessat 2 ,
-.Xr fchmodat 2 ,
-.Xr fchownat 2 ,
-.Xr fstatat 2 ,
-.Xr linkat 2 ,
-.Xr mkdirat 2 ,
-.Xr mkfifoat 2 ,
-.Xr mknodat 2 ,
-.Xr openat 2 ,
-.Xr readlinkat 2 ,
-.Xr symlinkat 2 ,
-.Xr unlinkat 2 ,
-and
-.Xr utimensat 2 .
+.\"    (This block awaits a decision about the semantics of O_SEARCH)
+.\" .It Dv O_SEARCH
+.\" If opening a directory, search permission checks will not be performed on