git: 57fefbee1f95 - main - rights(4): fix our representation of the unused bits

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Sat, 20 Jun 2026 13:58:04 UTC
The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=57fefbee1f959d0c65376dbdad309d01c182d710

commit 57fefbee1f959d0c65376dbdad309d01c182d710
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2026-06-20 13:55:26 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2026-06-20 13:56:04 +0000

    rights(4): fix our representation of the unused bits
    
    The current format seems to be a little confusing, and the version of it
    for index 0 was broken by the below-referenced commit.  Break our
    UNUSED macros out into one per unused bit to enumerate the entirety of
    the space and make it easier to claim an unused one.
    
    Fixes:  b165e9e3ea4e327fc ("Add fchroot(2)")
    Reviewed by:    oshogbo (previous version), kib, markj
    Differential Revision:  https://reviews.freebsd.org/D57505
---
 sys/sys/capsicum.h | 64 +++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 56 insertions(+), 8 deletions(-)

diff --git a/sys/sys/capsicum.h b/sys/sys/capsicum.h
index 3847c4c73e75..9ef2f0d48d38 100644
--- a/sys/sys/capsicum.h
+++ b/sys/sys/capsicum.h
@@ -51,6 +51,13 @@
 
 #define	CAPRIGHT(idx, bit)	((1ULL << (57 + (idx))) | (bit))
 
+/*
+ * The top 7 bits are reserved in all indices.
+ *   Index 0 - 2 bit array size + 5 bit array element
+ *   Index N - 2 bits of 0 + 5 bit array element
+ */
+#define	CAP_RESERVED		0xFE00000000000000ULL
+
 /*
  * Possible rights on capabilities.
  *
@@ -212,12 +219,23 @@
 	 CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \
 	 CAP_SETSOCKOPT | CAP_SHUTDOWN)
 
+#define	CAP_UNUSED0_45		CAPRIGHT(0, 0x0000100000000000ULL)
+#define	CAP_UNUSED0_46		CAPRIGHT(0, 0x0000200000000000ULL)
+#define	CAP_UNUSED0_47		CAPRIGHT(0, 0x0000400000000000ULL)
+#define	CAP_UNUSED0_48		CAPRIGHT(0, 0x0000800000000000ULL)
+#define	CAP_UNUSED0_49		CAPRIGHT(0, 0x0001000000000000ULL)
+#define	CAP_UNUSED0_50		CAPRIGHT(0, 0x0002000000000000ULL)
+#define	CAP_UNUSED0_51		CAPRIGHT(0, 0x0004000000000000ULL)
+#define	CAP_UNUSED0_52		CAPRIGHT(0, 0x0008000000000000ULL)
+#define	CAP_UNUSED0_53		CAPRIGHT(0, 0x0010000000000000ULL)
+#define	CAP_UNUSED0_54		CAPRIGHT(0, 0x0020000000000000ULL)
+#define	CAP_UNUSED0_55		CAPRIGHT(0, 0x0040000000000000ULL)
+#define	CAP_UNUSED0_56		CAPRIGHT(0, 0x0080000000000000ULL)
+#define	CAP_UNUSED0_57		CAPRIGHT(0, 0x0100000000000000ULL)
+
 /* All used bits for index 0. */
 #define	CAP_ALL0		CAPRIGHT(0, 0x00000FFFFFFFFFFFULL)
 
-/* Available bits for index 0. */
-#define	CAP_UNUSED0_57		CAPRIGHT(0, 0x0100000000000000ULL)
-
 /* INDEX 1 */
 
 /* Mandatory Access Control. */
@@ -283,14 +301,44 @@
 #define	CAP_INOTIFY_ADD		CAPRIGHT(1, 0x0000000000200000ULL)
 #define	CAP_INOTIFY_RM		CAPRIGHT(1, 0x0000000000400000ULL)
 
+#define	CAP_UNUSED1_24		CAPRIGHT(1, 0x0000000000800000ULL)
+#define	CAP_UNUSED1_25		CAPRIGHT(1, 0x0000000001000000ULL)
+#define	CAP_UNUSED1_26		CAPRIGHT(1, 0x0000000002000000ULL)
+#define	CAP_UNUSED1_27		CAPRIGHT(1, 0x0000000004000000ULL)
+#define	CAP_UNUSED1_28		CAPRIGHT(1, 0x0000000008000000ULL)
+#define	CAP_UNUSED1_29		CAPRIGHT(1, 0x0000000010000000ULL)
+#define	CAP_UNUSED1_30		CAPRIGHT(1, 0x0000000020000000ULL)
+#define	CAP_UNUSED1_31		CAPRIGHT(1, 0x0000000040000000ULL)
+#define	CAP_UNUSED1_32		CAPRIGHT(1, 0x0000000080000000ULL)
+#define	CAP_UNUSED1_33		CAPRIGHT(1, 0x0000000100000000ULL)
+#define	CAP_UNUSED1_34		CAPRIGHT(1, 0x0000000200000000ULL)
+#define	CAP_UNUSED1_35		CAPRIGHT(1, 0x0000000400000000ULL)
+#define	CAP_UNUSED1_36		CAPRIGHT(1, 0x0000000800000000ULL)
+#define	CAP_UNUSED1_37		CAPRIGHT(1, 0x0000001000000000ULL)
+#define	CAP_UNUSED1_38		CAPRIGHT(1, 0x0000002000000000ULL)
+#define	CAP_UNUSED1_39		CAPRIGHT(1, 0x0000004000000000ULL)
+#define	CAP_UNUSED1_40		CAPRIGHT(1, 0x0000008000000000ULL)
+#define	CAP_UNUSED1_41		CAPRIGHT(1, 0x0000010000000000ULL)
+#define	CAP_UNUSED1_42		CAPRIGHT(1, 0x0000020000000000ULL)
+#define	CAP_UNUSED1_43		CAPRIGHT(1, 0x0000040000000000ULL)
+#define	CAP_UNUSED1_44		CAPRIGHT(1, 0x0000080000000000ULL)
+#define	CAP_UNUSED1_45		CAPRIGHT(1, 0x0000100000000000ULL)
+#define	CAP_UNUSED1_46		CAPRIGHT(1, 0x0000200000000000ULL)
+#define	CAP_UNUSED1_47		CAPRIGHT(1, 0x0000400000000000ULL)
+#define	CAP_UNUSED1_48		CAPRIGHT(1, 0x0000800000000000ULL)
+#define	CAP_UNUSED1_49		CAPRIGHT(1, 0x0001000000000000ULL)
+#define	CAP_UNUSED1_50		CAPRIGHT(1, 0x0002000000000000ULL)
+#define	CAP_UNUSED1_51		CAPRIGHT(1, 0x0004000000000000ULL)
+#define	CAP_UNUSED1_52		CAPRIGHT(1, 0x0008000000000000ULL)
+#define	CAP_UNUSED1_53		CAPRIGHT(1, 0x0010000000000000ULL)
+#define	CAP_UNUSED1_54		CAPRIGHT(1, 0x0020000000000000ULL)
+#define	CAP_UNUSED1_55		CAPRIGHT(1, 0x0040000000000000ULL)
+#define	CAP_UNUSED1_56		CAPRIGHT(1, 0x0080000000000000ULL)
+#define	CAP_UNUSED1_57		CAPRIGHT(1, 0x0100000000000000ULL)
+
 /* All used bits for index 1. */
 #define	CAP_ALL1		CAPRIGHT(1, 0x00000000007FFFFFULL)
 
-/* Available bits for index 1. */
-#define	CAP_UNUSED1_22		CAPRIGHT(1, 0x0000000000800000ULL)
-/* ... */
-#define	CAP_UNUSED1_57		CAPRIGHT(1, 0x0100000000000000ULL)
-
 /* Backward compatibility. */
 #define	CAP_POLL_EVENT		CAP_EVENT