compat/linux: return EBADF for O_PATH mmap() and xattr operations

ilovegrape · ilovegrape · commit 63c88bc8d97e · 2026-05-07T18:24:48.000+08:00
This fixes LTP open13, which expects O_PATH mmap() and fgetxattr()
to fail with EBADF, but FreeBSD returned EACCES for mmap() and
EOPNOTSUPP for fgetxattr().

Apply the same EBADF handling to fsetxattr(), fremovexattr(), and
flistxattr() so the xattr paths stay consistent.

Signed-off-by: YAO, Xin &lt;mr.yaoxin@outlook.com&gt;
diff --git a/sys/compat/linux/linux_mmap.c b/sys/compat/linux/linux_mmap.c
@@ -63,6 +63,10 @@ static int
 linux_mmap_check_fp(struct file *fp, int flags, int prot, int maxprot)
 {
 
+	/* Linux returns EBADF if mmap() is called on an O_PATH file descriptor */
+	if (fp->f_ops == &path_fileops)
+		return (EBADF);
+
 	/* Linux mmap() just fails for O_WRONLY files */
 	if ((fp->f_flag & FREAD) == 0)
 		return (EACCES);
diff --git a/sys/compat/linux/linux_xattr.c b/sys/compat/linux/linux_xattr.c
@@ -26,8 +26,10 @@
  */
 
 #include <sys/param.h>
+#include <sys/capsicum.h>
 #include <sys/extattr.h>
 #include <sys/fcntl.h>
+#include <sys/file.h>
 #include <sys/namei.h>
 #include <sys/proc.h>
 #include <sys/syscallsubr.h>
@@ -84,6 +86,19 @@ struct removexattr_args {
 	int		follow;
 };
 
+static int
+linux_xattr_check_fd(struct thread *td, int fd, cap_rights_t *rights)
+{
+	struct file *fp;
+	int error;
+
+	error = getvnode(td, fd, rights, &fp);
+	if (error != 0)
+		return (error);
+	fdrop(fp, td);
+	return (0);
+}
+
 static char *extattr_namespace_names[] = EXTATTR_NAMESPACE_NAMES;
 
 
@@ -132,12 +147,20 @@ listxattr(struct thread *td, struct listxattr_args *args)
 {
 	char attrname[LINUX_XATTR_NAME_MAX + 1];
 	char *data, *prefix, *key;
+	cap_rights_t rights;
 	struct uio auio;
 	struct iovec aiov;
 	unsigned char keylen;
 	size_t sz, cnt, rs, prefixlen, pairlen;
 	int attrnamespace, error;
 
+	if (args->path == NULL) {
+		error = linux_xattr_check_fd(td, args->fd,
+		    cap_rights_init_one(&rights, CAP_EXTATTR_LIST));
+		if (error != 0)
+			return (error);
+	}
+
 	if (args->size != 0)
 		sz = min(LINUX_XATTR_LIST_MAX, args->size);
 	else
@@ -253,8 +276,16 @@ static int
 removexattr(struct thread *td, struct removexattr_args *args)
 {
 	char attrname[LINUX_XATTR_NAME_MAX + 1];
+	cap_rights_t rights;
 	int attrnamespace, error;
 
+	if (args->path == NULL) {
+		error = linux_xattr_check_fd(td, args->fd,
+		    cap_rights_init_one(&rights, CAP_EXTATTR_DELETE));
+		if (error != 0)
+			return (error);
+	}
+
 	error = xattr_to_extattr(args->name, &attrnamespace, attrname);
 	if (error != 0)
 		return (error);
@@ -310,8 +341,16 @@ static int
 getxattr(struct thread *td, struct getxattr_args *args)
 {
 	char attrname[LINUX_XATTR_NAME_MAX + 1];
+	cap_rights_t rights;
 	int attrnamespace, error;
 
+	if (args->path == NULL) {
+		error = linux_xattr_check_fd(td, args->fd,
+		    cap_rights_init_one(&rights, CAP_EXTATTR_GET));
+		if (error != 0)
+			return (error);
+	}
+
 	error = xattr_to_extattr(args->name, &attrnamespace, attrname);
 	if (error != 0)
 		return (error);
@@ -373,8 +412,16 @@ static int
 setxattr(struct thread *td, struct setxattr_args *args)
 {
 	char attrname[LINUX_XATTR_NAME_MAX + 1];
+	cap_rights_t rights;
 	int attrnamespace, error;
 
+	if (args->path == NULL) {
+		error = linux_xattr_check_fd(td, args->fd,
+		    cap_rights_init_one(&rights, CAP_EXTATTR_SET));
+		if (error != 0)
+			return (error);
+	}
+
 	if ((args->flags & ~(LINUX_XATTR_FLAGS)) != 0 ||
 	    args->flags == (LINUX_XATTR_FLAGS))
 		return (EINVAL);
