git: 5319cb21610a - main - file: Qualify pointers to capsicum rights as const
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 20 May 2025 20:25:52 UTC
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=5319cb21610ad947c56fd0cd4f18ef5b58bc8db7
commit 5319cb21610ad947c56fd0cd4f18ef5b58bc8db7
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-05-20 20:19:30 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-05-20 20:19:30 +0000
file: Qualify pointers to capsicum rights as const
File descriptor lookup routines typically take a set of capsicum rights
as input to the lookup, so that the fd's rights can be atomically
checked. This set should be qualified with const.
No functional change intended.
Reviewed by: olce, oshogbo, brooks, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50419
---
sys/kern/kern_descrip.c | 52 +++++++++++++++++++++++++++---------------------
sys/kern/sys_procdesc.c | 5 +++--
sys/kern/uipc_mqueue.c | 5 +++--
sys/kern/uipc_sem.c | 6 +++---
sys/kern/uipc_syscalls.c | 7 ++++---
sys/kern/vfs_syscalls.c | 5 +++--
sys/sys/file.h | 21 +++++++++----------
sys/sys/filedesc.h | 19 +++++++++---------
sys/sys/namei.h | 4 ++--
sys/sys/procdesc.h | 6 ++++--
sys/sys/socketvar.h | 4 ++--
11 files changed, 74 insertions(+), 60 deletions(-)
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index cbffe592554d..e70f2d248365 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -109,7 +109,8 @@ static void fdgrowtable_exp(struct filedesc *fdp, int nfd);
static void fdunused(struct filedesc *fdp, int fd);
static void fdused(struct filedesc *fdp, int fd);
static int fget_unlocked_seq(struct thread *td, int fd,
- cap_rights_t *needrightsp, struct file **fpp, seqc_t *seqp);
+ const cap_rights_t *needrightsp, struct file **fpp,
+ seqc_t *seqp);
static int getmaxfd(struct thread *td);
static u_long *filecaps_copy_prep(const struct filecaps *src);
static void filecaps_copy_finish(const struct filecaps *src,
@@ -2877,7 +2878,7 @@ finit_vnode(struct file *fp, u_int flag, void *data, const struct fileops *ops)
}
int
-fget_cap_noref(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
+fget_cap_noref(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
struct file **fpp, struct filecaps *havecapsp)
{
struct filedescent *fde;
@@ -2910,7 +2911,7 @@ out:
#ifdef CAPABILITIES
int
-fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
+fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,
struct file **fpp, struct filecaps *havecapsp)
{
struct filedesc *fdp = td->td_proc->p_fd;
@@ -2950,7 +2951,7 @@ get_locked:
}
#else
int
-fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
+fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,
struct file **fpp, struct filecaps *havecapsp)
{
int error;
@@ -3221,7 +3222,7 @@ out_free:
*/
#ifdef CAPABILITIES
static int
-fget_unlocked_seq(struct thread *td, int fd, cap_rights_t *needrightsp,
+fget_unlocked_seq(struct thread *td, int fd, const cap_rights_t *needrightsp,
struct file **fpp, seqc_t *seqp)
{
struct filedesc *fdp;
@@ -3277,7 +3278,7 @@ fget_unlocked_seq(struct thread *td, int fd, cap_rights_t *needrightsp,
}
#else
static int
-fget_unlocked_seq(struct thread *td, int fd, cap_rights_t *needrightsp,
+fget_unlocked_seq(struct thread *td, int fd, const cap_rights_t *needrightsp,
struct file **fpp, seqc_t *seqp __unused)
{
struct filedesc *fdp;
@@ -3320,7 +3321,7 @@ fget_unlocked_seq(struct thread *td, int fd, cap_rights_t *needrightsp,
* racing with itself.
*/
int
-fget_unlocked(struct thread *td, int fd, cap_rights_t *needrightsp,
+fget_unlocked(struct thread *td, int fd, const cap_rights_t *needrightsp,
struct file **fpp)
{
struct filedesc *fdp;
@@ -3389,7 +3390,7 @@ out_fallback:
*/
#ifdef CAPABILITIES
int
-fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
+fget_only_user(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
struct file **fpp)
{
const struct filedescent *fde;
@@ -3419,7 +3420,7 @@ fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
}
#else
int
-fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
+fget_only_user(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
struct file **fpp)
{
struct file *fp;
@@ -3455,7 +3456,7 @@ fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
*/
static __inline int
_fget(struct thread *td, int fd, struct file **fpp, int flags,
- cap_rights_t *needrightsp)
+ const cap_rights_t *needrightsp)
{
struct file *fp;
int error;
@@ -3501,15 +3502,15 @@ _fget(struct thread *td, int fd, struct file **fpp, int flags,
}
int
-fget(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
+fget(struct thread *td, int fd, const cap_rights_t *rightsp, struct file **fpp)
{
return (_fget(td, fd, fpp, 0, rightsp));
}
int
-fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp, vm_prot_t *maxprotp,
- struct file **fpp)
+fget_mmap(struct thread *td, int fd, const cap_rights_t *rightsp,
+ vm_prot_t *maxprotp, struct file **fpp)
{
int error;
#ifndef CAPABILITIES
@@ -3552,22 +3553,24 @@ fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp, vm_prot_t *maxprotp,
}
int
-fget_read(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
+fget_read(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp)
{
return (_fget(td, fd, fpp, FREAD, rightsp));
}
int
-fget_write(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
+fget_write(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp)
{
return (_fget(td, fd, fpp, FWRITE, rightsp));
}
int
-fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp, int needfcntl,
- struct file **fpp)
+fget_fcntl(struct thread *td, int fd, const cap_rights_t *rightsp,
+ int needfcntl, struct file **fpp)
{
#ifndef CAPABILITIES
return (fget_unlocked(td, fd, rightsp, fpp));
@@ -3605,7 +3608,7 @@ fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp, int needfcntl,
* XXX: what about the unused flags ?
*/
static __inline int
-_fgetvp(struct thread *td, int fd, int flags, cap_rights_t *needrightsp,
+_fgetvp(struct thread *td, int fd, int flags, const cap_rights_t *needrightsp,
struct vnode **vpp)
{
struct file *fp;
@@ -3627,14 +3630,15 @@ _fgetvp(struct thread *td, int fd, int flags, cap_rights_t *needrightsp,
}
int
-fgetvp(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
+fgetvp(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp)
{
return (_fgetvp(td, fd, 0, rightsp, vpp));
}
int
-fgetvp_rights(struct thread *td, int fd, cap_rights_t *needrightsp,
+fgetvp_rights(struct thread *td, int fd, const cap_rights_t *needrightsp,
struct filecaps *havecaps, struct vnode **vpp)
{
struct filecaps caps;
@@ -3666,14 +3670,16 @@ out:
}
int
-fgetvp_read(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
+fgetvp_read(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp)
{
return (_fgetvp(td, fd, FREAD, rightsp, vpp));
}
int
-fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
+fgetvp_exec(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp)
{
return (_fgetvp(td, fd, FEXEC, rightsp, vpp));
@@ -3681,7 +3687,7 @@ fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp
#ifdef notyet
int
-fgetvp_write(struct thread *td, int fd, cap_rights_t *rightsp,
+fgetvp_write(struct thread *td, int fd, const cap_rights_t *rightsp,
struct vnode **vpp)
{
diff --git a/sys/kern/sys_procdesc.c b/sys/kern/sys_procdesc.c
index 6acaef9d394d..11bd1b6f30e1 100644
--- a/sys/kern/sys_procdesc.c
+++ b/sys/kern/sys_procdesc.c
@@ -118,7 +118,7 @@ static const struct fileops procdesc_ops = {
* died.
*/
int
-procdesc_find(struct thread *td, int fd, cap_rights_t *rightsp,
+procdesc_find(struct thread *td, int fd, const cap_rights_t *rightsp,
struct proc **p)
{
struct procdesc *pd;
@@ -165,7 +165,8 @@ procdesc_pid(struct file *fp_procdesc)
* Retrieve the PID associated with a process descriptor.
*/
int
-kern_pdgetpid(struct thread *td, int fd, cap_rights_t *rightsp, pid_t *pidp)
+kern_pdgetpid(struct thread *td, int fd, const cap_rights_t *rightsp,
+ pid_t *pidp)
{
struct file *fp;
int error;
diff --git a/sys/kern/uipc_mqueue.c b/sys/kern/uipc_mqueue.c
index 54a9eda5a7a7..d647c7b991f4 100644
--- a/sys/kern/uipc_mqueue.c
+++ b/sys/kern/uipc_mqueue.c
@@ -2169,13 +2169,14 @@ sys_kmq_unlink(struct thread *td, struct kmq_unlink_args *uap)
return (error);
}
-typedef int (*_fgetf)(struct thread *, int, cap_rights_t *, struct file **);
+typedef int (*_fgetf)(struct thread *, int, const cap_rights_t *,
+ struct file **);
/*
* Get message queue by giving file slot
*/
static int
-_getmq(struct thread *td, int fd, cap_rights_t *rightsp, _fgetf func,
+_getmq(struct thread *td, int fd, const cap_rights_t *rightsp, _fgetf func,
struct file **fpp, struct mqfs_node **ppn, struct mqueue **pmq)
{
struct mqfs_node *pn;
diff --git a/sys/kern/uipc_sem.c b/sys/kern/uipc_sem.c
index 35ca9a9fb06e..2fc4d3e9cfb3 100644
--- a/sys/kern/uipc_sem.c
+++ b/sys/kern/uipc_sem.c
@@ -123,8 +123,8 @@ static int ksem_create(struct thread *td, const char *path,
semid_t *semidp, mode_t mode, unsigned int value,
int flags, int compat32);
static void ksem_drop(struct ksem *ks);
-static int ksem_get(struct thread *td, semid_t id, cap_rights_t *rightsp,
- struct file **fpp);
+static int ksem_get(struct thread *td, semid_t id,
+ const cap_rights_t *rightsp, struct file **fpp);
static struct ksem *ksem_hold(struct ksem *ks);
static void ksem_insert(char *path, Fnv32_t fnv, struct ksem *ks);
static struct ksem *ksem_lookup(char *path, Fnv32_t fnv);
@@ -587,7 +587,7 @@ ksem_create(struct thread *td, const char *name, semid_t *semidp, mode_t mode,
}
static int
-ksem_get(struct thread *td, semid_t id, cap_rights_t *rightsp,
+ksem_get(struct thread *td, semid_t id, const cap_rights_t *rightsp,
struct file **fpp)
{
struct ksem *ks;
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 91fcdf9a7a9d..0bbf13936bf9 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -85,7 +85,7 @@ static int sockargs(struct mbuf **, char *, socklen_t, int);
* A reference on the file entry is held upon returning.
*/
int
-getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,
+getsock_cap(struct thread *td, int fd, const cap_rights_t *rightsp,
struct file **fpp, struct filecaps *havecapsp)
{
struct file *fp;
@@ -105,7 +105,8 @@ getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,
}
int
-getsock(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
+getsock(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp)
{
struct file *fp;
int error;
@@ -718,7 +719,7 @@ kern_sendit(struct thread *td, int s, struct msghdr *mp, int flags,
struct uio auio;
struct iovec *iov;
struct socket *so;
- cap_rights_t *rights;
+ const cap_rights_t *rights;
#ifdef KTRACE
struct uio *ktruio = NULL;
#endif
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index f992eccf567f..ac906c6286f4 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -4409,7 +4409,7 @@ out:
* semantics.
*/
int
-getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
+getvnode_path(struct thread *td, int fd, const cap_rights_t *rightsp,
struct file **fpp)
{
struct file *fp;
@@ -4447,7 +4447,8 @@ getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
* A reference on the file entry is held upon returning.
*/
int
-getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
+getvnode(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp)
{
int error;
diff --git a/sys/sys/file.h b/sys/sys/file.h
index 0c025fde475c..c79759a3f966 100644
--- a/sys/sys/file.h
+++ b/sys/sys/file.h
@@ -258,14 +258,15 @@ extern const struct fileops socketops;
extern int maxfiles; /* kernel limit on number of open files */
extern int maxfilesperproc; /* per process limit on number of open files */
-int fget(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp);
-int fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp,
+int fget(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp);
+int fget_mmap(struct thread *td, int fd, const cap_rights_t *rightsp,
vm_prot_t *maxprotp, struct file **fpp);
-int fget_read(struct thread *td, int fd, cap_rights_t *rightsp,
+int fget_read(struct thread *td, int fd, const cap_rights_t *rightsp,
struct file **fpp);
-int fget_write(struct thread *td, int fd, cap_rights_t *rightsp,
+int fget_write(struct thread *td, int fd, const cap_rights_t *rightsp,
struct file **fpp);
-int fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp,
+int fget_fcntl(struct thread *td, int fd, const cap_rights_t *rightsp,
int needfcntl, struct file **fpp);
int _fdrop(struct file *fp, struct thread *td);
int fget_remote(struct thread *td, struct proc *p, int fd, struct file **fpp);
@@ -290,15 +291,15 @@ int file_kcmp_generic(struct file *fp1, struct file *fp2, struct thread *td);
void finit(struct file *, u_int, short, void *, const struct fileops *);
void finit_vnode(struct file *, u_int, void *, const struct fileops *);
-int fgetvp(struct thread *td, int fd, cap_rights_t *rightsp,
+int fgetvp(struct thread *td, int fd, const cap_rights_t *rightsp,
struct vnode **vpp);
-int fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp,
+int fgetvp_exec(struct thread *td, int fd, const cap_rights_t *rightsp,
struct vnode **vpp);
-int fgetvp_rights(struct thread *td, int fd, cap_rights_t *needrightsp,
+int fgetvp_rights(struct thread *td, int fd, const cap_rights_t *needrightsp,
struct filecaps *havecaps, struct vnode **vpp);
-int fgetvp_read(struct thread *td, int fd, cap_rights_t *rightsp,
+int fgetvp_read(struct thread *td, int fd, const cap_rights_t *rightsp,
struct vnode **vpp);
-int fgetvp_write(struct thread *td, int fd, cap_rights_t *rightsp,
+int fgetvp_write(struct thread *td, int fd, const cap_rights_t *rightsp,
struct vnode **vpp);
int fgetvp_lookup_smr(struct nameidata *ndp, struct vnode **vpp, bool *fsearch);
int fgetvp_lookup(struct nameidata *ndp, struct vnode **vpp);
diff --git a/sys/sys/filedesc.h b/sys/sys/filedesc.h
index 242f5b8831fd..602d236ff853 100644
--- a/sys/sys/filedesc.h
+++ b/sys/sys/filedesc.h
@@ -275,22 +275,23 @@ struct filedesc_to_leader *
struct filedesc_to_leader *
filedesc_to_leader_share(struct filedesc_to_leader *fdtol,
struct filedesc *fdp);
-int getvnode(struct thread *td, int fd, cap_rights_t *rightsp,
+int getvnode(struct thread *td, int fd, const cap_rights_t *rightsp,
struct file **fpp);
-int getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
+int getvnode_path(struct thread *td, int fd, const cap_rights_t *rightsp,
struct file **fpp);
void mountcheckdirs(struct vnode *olddp, struct vnode *newdp);
-int fget_cap_noref(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
- struct file **fpp, struct filecaps *havecapsp);
-int fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
+int fget_cap_noref(struct filedesc *fdp, int fd,
+ const cap_rights_t *needrightsp, struct file **fpp,
+ struct filecaps *havecapsp);
+int fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,
struct file **fpp, struct filecaps *havecapsp);
/* Return a referenced file from an unlocked descriptor. */
-int fget_unlocked(struct thread *td, int fd, cap_rights_t *needrightsp,
- struct file **fpp);
+int fget_unlocked(struct thread *td, int fd,
+ const cap_rights_t *needrightsp, struct file **fpp);
/* Return a file pointer without a ref. FILEDESC_IS_ONLY_USER must be true. */
-int fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
- struct file **fpp);
+int fget_only_user(struct filedesc *fdp, int fd,
+ const cap_rights_t *needrightsp, struct file **fpp);
#define fput_only_user(fdp, fp) ({ \
MPASS(FILEDESC_IS_ONLY_USER(fdp)); \
MPASS(refcount_load(&fp->f_count) > 0); \
diff --git a/sys/sys/namei.h b/sys/sys/namei.h
index 20c4f4c34dc0..bbaa71f629e6 100644
--- a/sys/sys/namei.h
+++ b/sys/sys/namei.h
@@ -70,7 +70,7 @@ struct nameidata {
*/
const char *ni_dirp; /* pathname pointer */
enum uio_seg ni_segflg; /* location of pathname */
- cap_rights_t *ni_rightsneeded; /* rights required to look up vnode */
+ const cap_rights_t *ni_rightsneeded; /* rights needed to look up vnode */
/*
* Arguments to lookup.
*/
@@ -244,7 +244,7 @@ int cache_fplookup(struct nameidata *ndp, enum cache_fpl_status *status,
#define NDINIT_ALL(ndp, op, flags, segflg, namep, dirfd, startdir, rightsp) \
do { \
struct nameidata *_ndp = (ndp); \
- cap_rights_t *_rightsp = (rightsp); \
+ const cap_rights_t *_rightsp = (rightsp); \
MPASS(_rightsp != NULL); \
NDINIT_PREFILL(_ndp); \
NDINIT_DBG(_ndp); \
diff --git a/sys/sys/procdesc.h b/sys/sys/procdesc.h
index ca26d65d5417..4e8b06fb7377 100644
--- a/sys/sys/procdesc.h
+++ b/sys/sys/procdesc.h
@@ -94,8 +94,10 @@ struct procdesc {
* In-kernel interfaces to process descriptors.
*/
int procdesc_exit(struct proc *);
-int procdesc_find(struct thread *, int fd, cap_rights_t *, struct proc **);
-int kern_pdgetpid(struct thread *, int fd, cap_rights_t *, pid_t *pidp);
+int procdesc_find(struct thread *, int fd, const cap_rights_t *,
+ struct proc **);
+int kern_pdgetpid(struct thread *, int fd, const cap_rights_t *,
+ pid_t *pidp);
void procdesc_new(struct proc *, int);
void procdesc_finit(struct procdesc *, struct file *);
pid_t procdesc_pid(struct file *);
diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h
index 9e3a59433f2b..6512a2d69fd5 100644
--- a/sys/sys/socketvar.h
+++ b/sys/sys/socketvar.h
@@ -488,9 +488,9 @@ enum shutdown_how;
*/
int getsockaddr(struct sockaddr **namp, const struct sockaddr *uaddr,
size_t len);
-int getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,
+int getsock_cap(struct thread *td, int fd, const cap_rights_t *rightsp,
struct file **fpp, struct filecaps *havecaps);
-int getsock(struct thread *td, int fd, cap_rights_t *rightsp,
+int getsock(struct thread *td, int fd, const cap_rights_t *rightsp,
struct file **fpp);
void soabort(struct socket *so);
int soaccept(struct socket *so, struct sockaddr *sa);