bhyve: Use getaddrinfo(3) consistently for AF_UNIX.

yuichiro-naito · yuichiro-naito · commit 554971d26cbe · 2026-01-10T16:50:53.000+09:00
The FreeBSD getaddrinfo(3) function also supports the
AF_UNIX address family. Use it the same way as inet and
inet6 so that we can share the same code. However, the
getaddrinfo(3) accepts an absolute path only. The path
string that follows 'unix:' will be resolved by the
realpath(3) function.

The freeaddrinfo(3) function also supports a NULL argument,
as does free(3). No need to check a NULL pointer.

While I'm here, the UNIX domain socket should allow all
users to access it as if it were a TCP port. Changes umask
to 0 before bind(2), and restores the previous value after
the bind(2).

Signed-off-by: Yuichiro NAITO &lt;naito.yuichiro@gmail.com&gt;
diff --git a/usr.sbin/bhyve/pci_fbuf.c b/usr.sbin/bhyve/pci_fbuf.c
@@ -42,6 +42,7 @@
 
 #include <errno.h>
 #include <unistd.h>
+#include <libgen.h>
 
 #include "bhyvegc.h"
 #include "bhyverun.h"
@@ -240,6 +241,30 @@ pci_fbuf_baraddr(struct pci_devinst *pi, int baridx, int enabled,
 	}
 }
 
+static char *
+abspath(const char *origpath)
+{
+	char *ret, *dn, *cp;
+
+	if ((cp = strdup(origpath)) == NULL)
+		return (NULL);
+	if ((dn = realpath(dirname(cp), NULL)) == NULL) {
+		EPRINTLN("fbuf: Invalid path: \"%s\"", origpath);
+		goto error;
+	}
+	strcpy(cp, origpath);
+	if (asprintf(&ret, "%s/%s", dn, basename(cp)) < 0)
+		goto error_2;
+	free(dn);
+	free(cp);
+	return (ret);
+
+error_2:
+	free(dn);
+error:
+	free(cp);
+	return (NULL);
+}
 
 static int
 pci_fbuf_parse_config(struct pci_fbuf_softc *sc, nvlist_t *nvl)
@@ -295,7 +320,7 @@ pci_fbuf_parse_config(struct pci_fbuf_softc *sc, nvlist_t *nvl)
 				return (-1);
 			} else {
 				sc->rfb_family = AF_UNIX;
-				sc->rfb_host = strdup(value + 5);
+				sc->rfb_host = abspath(value + 5);
 			}
 		} else {
 			sc->rfb_family = AF_UNSPEC;
diff --git a/usr.sbin/bhyve/rfb.c b/usr.sbin/bhyve/rfb.c
@@ -34,8 +34,8 @@
 #include <sys/endian.h>
 #include <sys/socket.h>
 #include <sys/select.h>
+#include <sys/stat.h>
 #include <sys/time.h>
-#include <sys/un.h>
 #include <arpa/inet.h>
 #include <stdatomic.h>
 #include <machine/cpufunc.h>
@@ -1263,9 +1263,9 @@ rfb_init(sa_family_t family, const char *hostname, int port, int wait,
 	struct rfb_softc *rc;
 	struct addrinfo *ai = NULL;
 	struct addrinfo hints;
-	struct sockaddr_un sun;
 	int on = 1;
 	int cnt;
+	mode_t omask;
 #ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
 #endif
@@ -1304,28 +1304,19 @@ rfb_init(sa_family_t family, const char *hostname, int port, int wait,
 		hostname = "[::1]";
 #endif
 
-	if (family == AF_UNIX) {
-		memset(&sun, 0, sizeof(sun));
-		sun.sun_family = AF_UNIX;
-		if (strlcpy(sun.sun_path, hostname, sizeof(sun.sun_path)) >=
-		    sizeof(sun.sun_path)) {
-			EPRINTLN("rfb: socket path too long");
-			goto error;
-		}
-		rc->sfd = socket(AF_UNIX, SOCK_STREAM, 0);
-	} else {
-		memset(&hints, 0, sizeof(hints));
-		hints.ai_socktype = SOCK_STREAM;
-		hints.ai_family = family;
-		hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV | AI_PASSIVE;
-
-		if ((e = getaddrinfo(hostname, servname, &hints, &ai)) != 0) {
-			EPRINTLN("getaddrinfo: %s", gai_strerror(e));
-			goto error;
-		}
-		rc->sfd = socket(ai->ai_family, ai->ai_socktype, 0);
-	}
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = family;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_flags = AI_PASSIVE;
+	if (family != AF_UNIX)
+		hints.ai_flags |= AI_NUMERICHOST | AI_NUMERICSERV;
 
+	if ((e = getaddrinfo(hostname, family == AF_UNIX ? NULL : servname,
+		    &hints, &ai)) != 0) {
+		EPRINTLN("getaddrinfo: %s", gai_strerror(e));
+		goto error;
+	}
+	rc->sfd = socket(ai->ai_family, ai->ai_socktype, 0);
 	if (rc->sfd < 0) {
 		perror("socket");
 		goto error;
@@ -1334,15 +1325,15 @@ rfb_init(sa_family_t family, const char *hostname, int port, int wait,
 	/* No effect for UNIX domain sockets. */
 	setsockopt(rc->sfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
 
-	if (family == AF_UNIX) {
+	if (family == AF_UNIX)
 		unlink(hostname);
-		e = bind(rc->sfd, (struct sockaddr *)&sun, SUN_LEN(&sun));
-	} else
-		e = bind(rc->sfd, ai->ai_addr, ai->ai_addrlen);
-	if (e < 0) {
+	omask = umask(0);
+	if (bind(rc->sfd, ai->ai_addr, ai->ai_addrlen) < 0) {
 		perror("bind");
+		umask(omask);
 		goto error;
 	}
+	umask(omask);
 
 	if (listen(rc->sfd, 1) < 0) {
 		perror("listen");
@@ -1375,17 +1366,13 @@ rfb_init(sa_family_t family, const char *hostname, int port, int wait,
 		DPRINTF(("rfb client connected"));
 	}
 
-	if (family != AF_UNIX)
-		freeaddrinfo(ai);
+	freeaddrinfo(ai);
 	return (0);
 
  error:
 	if (rc->pixfmt_mtx)
 		pthread_mutex_destroy(&rc->pixfmt_mtx);
-	if (ai != NULL) {
-		assert(family != AF_UNIX);
-		freeaddrinfo(ai);
-	}
+	freeaddrinfo(ai);
 	if (rc->sfd != -1)
 		close(rc->sfd);
 	free(rc->crc);
