Date: Sat, 19 May 2018 00:16:00 -0700 From: Matthew Macy <mmacy@freebsd.org> To: Mateusz Guzik <mjguzik@gmail.com> Cc: Ilya Bakulin <ilya@bakulin.de>, manu@freebsd.org, Warner Losh <imp@freebsd.org>, src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r333425 - in head/sys: cddl/compat/opensolaris/sys cddl/contrib/opensolaris/uts/common/fs/zfs compat/cloudabi compat/linux compat/linuxkpi/common/include/linux dev/filemon dev/hwpmc fs/... Message-ID: <CAPrugNoLW_soreUR1v9KOusDc70hmOooyXSAPFvnLfdDM__z_Q@mail.gmail.com> In-Reply-To: <CAGudoHEQnmChLYP1pBruLy4MyS=DCfSKyrtdzZMceSNAeajrdQ@mail.gmail.com> References: <201805091847.w49IlPPa014617@repo.freebsd.org> <CADzbx%2Brm7N4ZW8%2BzMtN6MdSBKjknQnEC1QRso9meBT5Qrfdk6Q@mail.gmail.com> <CAPrugNoYfqqPHrgK2KiDpu3jJn_hv=5LUOP3OQuP_G5HUmKJpw@mail.gmail.com> <CAGudoHEQnmChLYP1pBruLy4MyS=DCfSKyrtdzZMceSNAeajrdQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I can do that tomorrow. But point is that something else will push it over soon. On Sat, May 19, 2018 at 12:14 AM, Mateusz Guzik <mjguzik@gmail.com> wrote: > imo all these sysinits can and shoud be collapsed into one, which will have > a side effect of getting rid of the problem. > > On Sat, May 19, 2018 at 9:13 AM, Matthew Macy <mmacy@freebsd.org> wrote: >> >> I guess we'll need to allocate more pages at boot. We must have been >> on the edge already if that pushed us over. >> -M >> >> On Fri, May 18, 2018 at 12:03 PM, Ilya Bakulin <ilya@bakulin.de> wrote: >> > Hi Matt, >> > seems this commit has broken at least BeagleBone Black booting process. >> > On >> > all revisions after it the kernel panics with this message: >> > http://dl.bakulin.de/bbb_panic.txt >> > My suspicion is that there are quite a few new SYSINIT objects that are >> > created on startup, and as a result some kind of memory reservation gets >> > exhausted. I don't have immediate idea how to debug this further; just >> > can >> > confirm that patching out this change allows the board to boot again. >> > >> > >> > On Wed, May 9, 2018 at 8:47 PM Matt Macy <mmacy@freebsd.org> wrote: >> >> >> >> Author: mmacy >> >> Date: Wed May 9 18:47:24 2018 >> >> New Revision: 333425 >> >> URL: https://svnweb.freebsd.org/changeset/base/333425 >> >> >> >> Log: >> >> Eliminate the overhead of gratuitous repeated reinitialization of >> >> cap_rights >> >> >> >> - Add macros to allow preinitialization of cap_rights_t. >> >> >> >> - Convert most commonly used code paths to use preinitialized >> >> cap_rights_t. >> >> A 3.6% speedup in fstat was measured with this change. >> >> >> >> Reported by: mjg >> >> Reviewed by: oshogbo >> >> Approved by: sbruno >> >> MFC after: 1 month >> >> >> >> Modified: >> >> head/sys/cddl/compat/opensolaris/sys/file.h >> >> head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c >> >> head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_onexit.c >> >> head/sys/compat/cloudabi/cloudabi_file.c >> >> head/sys/compat/linux/linux_event.c >> >> head/sys/compat/linux/linux_file.c >> >> head/sys/compat/linux/linux_ioctl.c >> >> head/sys/compat/linux/linux_mmap.c >> >> head/sys/compat/linux/linux_socket.c >> >> head/sys/compat/linux/linux_stats.c >> >> head/sys/compat/linuxkpi/common/include/linux/file.h >> >> head/sys/dev/filemon/filemon.c >> >> head/sys/dev/hwpmc/hwpmc_logging.c >> >> head/sys/fs/fdescfs/fdesc_vnops.c >> >> head/sys/fs/fuse/fuse_vfsops.c >> >> head/sys/kern/kern_descrip.c >> >> head/sys/kern/kern_event.c >> >> head/sys/kern/kern_exec.c >> >> head/sys/kern/kern_sendfile.c >> >> head/sys/kern/kern_sig.c >> >> head/sys/kern/subr_capability.c >> >> head/sys/kern/sys_generic.c >> >> head/sys/kern/sys_procdesc.c >> >> head/sys/kern/uipc_mqueue.c >> >> head/sys/kern/uipc_sem.c >> >> head/sys/kern/uipc_syscalls.c >> >> head/sys/kern/vfs_aio.c >> >> head/sys/kern/vfs_syscalls.c >> >> head/sys/netsmb/smb_dev.c >> >> head/sys/sys/capsicum.h >> >> >> >> Modified: head/sys/cddl/compat/opensolaris/sys/file.h >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/cddl/compat/opensolaris/sys/file.h Wed May 9 18:41:04 >> >> 2018 >> >> (r333424) >> >> +++ head/sys/cddl/compat/opensolaris/sys/file.h Wed May 9 18:47:24 >> >> 2018 >> >> (r333425) >> >> @@ -52,10 +52,9 @@ static __inline void >> >> releasef(int fd) >> >> { >> >> struct file *fp; >> >> - cap_rights_t rights; >> >> >> >> /* No CAP_ rights required, as we're only releasing. */ >> >> - if (fget(curthread, fd, cap_rights_init(&rights), &fp) == 0) { >> >> + if (fget(curthread, fd, &cap_no_rights, &fp) == 0) { >> >> fdrop(fp, curthread); >> >> fdrop(fp, curthread); >> >> } >> >> >> >> Modified: >> >> head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c >> >> Wed May 9 18:41:04 2018 (r333424) >> >> +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c >> >> Wed May 9 18:47:24 2018 (r333425) >> >> @@ -4446,7 +4446,6 @@ zfs_ioc_recv(zfs_cmd_t *zc) >> >> char *origin = NULL; >> >> char *tosnap; >> >> char tofs[ZFS_MAX_DATASET_NAME_LEN]; >> >> - cap_rights_t rights; >> >> boolean_t first_recvd_props = B_FALSE; >> >> >> >> if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || >> >> @@ -4467,7 +4466,7 @@ zfs_ioc_recv(zfs_cmd_t *zc) >> >> #ifdef illumos >> >> fp = getf(fd); >> >> #else >> >> - fget_read(curthread, fd, cap_rights_init(&rights, CAP_PREAD), >> >> &fp); >> >> + fget_read(curthread, fd, &cap_pread_rights, &fp); >> >> #endif >> >> if (fp == NULL) { >> >> nvlist_free(props); >> >> @@ -4744,13 +4743,11 @@ zfs_ioc_send(zfs_cmd_t *zc) >> >> dsl_pool_rele(dp, FTAG); >> >> } else { >> >> file_t *fp; >> >> - cap_rights_t rights; >> >> >> >> #ifdef illumos >> >> fp = getf(zc->zc_cookie); >> >> #else >> >> - fget_write(curthread, zc->zc_cookie, >> >> - cap_rights_init(&rights, CAP_WRITE), &fp); >> >> + fget_write(curthread, zc->zc_cookie, &cap_write_rights, >> >> &fp); >> >> #endif >> >> if (fp == NULL) >> >> return (SET_ERROR(EBADF)); >> >> @@ -5387,15 +5384,13 @@ static int >> >> zfs_ioc_diff(zfs_cmd_t *zc) >> >> { >> >> file_t *fp; >> >> - cap_rights_t rights; >> >> offset_t off; >> >> int error; >> >> >> >> #ifdef illumos >> >> fp = getf(zc->zc_cookie); >> >> #else >> >> - fget_write(curthread, zc->zc_cookie, >> >> - cap_rights_init(&rights, CAP_WRITE), &fp); >> >> + fget_write(curthread, zc->zc_cookie, &cap_write_rights, &fp); >> >> #endif >> >> if (fp == NULL) >> >> return (SET_ERROR(EBADF)); >> >> @@ -5787,7 +5782,6 @@ zfs_ioc_unjail(zfs_cmd_t *zc) >> >> static int >> >> zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t >> >> *outnvl) >> >> { >> >> - cap_rights_t rights; >> >> file_t *fp; >> >> int error; >> >> offset_t off; >> >> @@ -5815,7 +5809,7 @@ zfs_ioc_send_new(const char *snapname, nvlist_t >> >> *innvl >> >> #ifdef illumos >> >> file_t *fp = getf(fd); >> >> #else >> >> - fget_write(curthread, fd, cap_rights_init(&rights, CAP_WRITE), >> >> &fp); >> >> + fget_write(curthread, fd, &cap_write_rights, &fp); >> >> #endif >> >> if (fp == NULL) >> >> return (SET_ERROR(EBADF)); >> >> >> >> Modified: >> >> head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_onexit.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_onexit.c >> >> Wed May 9 18:41:04 2018 (r333424) >> >> +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_onexit.c >> >> Wed May 9 18:47:24 2018 (r333425) >> >> @@ -126,7 +126,7 @@ zfs_onexit_fd_hold(int fd, minor_t *minorp) >> >> void *data; >> >> int error; >> >> >> >> - fp = getf(fd, cap_rights_init(&rights)); >> >> + fp = getf(fd, &cap_no_rights); >> >> if (fp == NULL) >> >> return (SET_ERROR(EBADF)); >> >> >> >> >> >> Modified: head/sys/compat/cloudabi/cloudabi_file.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/compat/cloudabi/cloudabi_file.c Wed May 9 18:41:04 >> >> 2018 >> >> (r333424) >> >> +++ head/sys/compat/cloudabi/cloudabi_file.c Wed May 9 18:47:24 >> >> 2018 >> >> (r333425) >> >> @@ -390,12 +390,11 @@ cloudabi_sys_file_readdir(struct thread *td, >> >> struct file *fp; >> >> struct vnode *vp; >> >> void *readbuf; >> >> - cap_rights_t rights; >> >> cloudabi_dircookie_t offset; >> >> int error; >> >> >> >> /* Obtain directory vnode. */ >> >> - error = getvnode(td, uap->fd, cap_rights_init(&rights, >> >> CAP_READ), >> >> &fp); >> >> + error = getvnode(td, uap->fd, &cap_read_rights, &fp); >> >> if (error != 0) { >> >> if (error == EINVAL) >> >> return (ENOTDIR); >> >> @@ -559,14 +558,13 @@ cloudabi_sys_file_stat_fget(struct thread *td, >> >> struct stat sb; >> >> cloudabi_filestat_t csb; >> >> struct file *fp; >> >> - cap_rights_t rights; >> >> cloudabi_filetype_t filetype; >> >> int error; >> >> >> >> memset(&csb, 0, sizeof(csb)); >> >> >> >> /* Fetch file descriptor attributes. */ >> >> - error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FSTAT), >> >> &fp); >> >> + error = fget(td, uap->fd, &cap_fstat_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> error = fo_stat(fp, &sb, td->td_ucred, td); >> >> >> >> Modified: head/sys/compat/linux/linux_event.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/compat/linux/linux_event.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/compat/linux/linux_event.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -1190,14 +1190,13 @@ linux_timerfd_curval(struct timerfd *tfd, >> >> struct >> >> itime >> >> int >> >> linux_timerfd_gettime(struct thread *td, struct >> >> linux_timerfd_gettime_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct l_itimerspec lots; >> >> struct itimerspec ots; >> >> struct timerfd *tfd; >> >> struct file *fp; >> >> int error; >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_READ), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_read_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> tfd = fp->f_data; >> >> @@ -1225,7 +1224,6 @@ linux_timerfd_settime(struct thread *td, struct >> >> linux_ >> >> struct l_itimerspec lots; >> >> struct itimerspec nts, ots; >> >> struct timespec cts, ts; >> >> - cap_rights_t rights; >> >> struct timerfd *tfd; >> >> struct timeval tv; >> >> struct file *fp; >> >> @@ -1241,7 +1239,7 @@ linux_timerfd_settime(struct thread *td, struct >> >> linux_ >> >> if (error != 0) >> >> return (error); >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_WRITE), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_write_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> tfd = fp->f_data; >> >> >> >> Modified: head/sys/compat/linux/linux_file.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/compat/linux/linux_file.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/compat/linux/linux_file.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -89,7 +89,6 @@ linux_creat(struct thread *td, struct >> >> linux_creat_args >> >> static int >> >> linux_common_open(struct thread *td, int dirfd, char *path, int >> >> l_flags, >> >> int mode) >> >> { >> >> - cap_rights_t rights; >> >> struct proc *p = td->td_proc; >> >> struct file *fp; >> >> int fd; >> >> @@ -144,7 +143,7 @@ linux_common_open(struct thread *td, int dirfd, >> >> char * >> >> * checking below. >> >> */ >> >> fd = td->td_retval[0]; >> >> - if (fget(td, fd, cap_rights_init(&rights, CAP_IOCTL), &fp) == >> >> 0) { >> >> + if (fget(td, fd, &cap_ioctl_rights, &fp) == 0) { >> >> if (fp->f_type != DTYPE_VNODE) { >> >> fdrop(fp, td); >> >> goto done; >> >> @@ -263,13 +262,12 @@ linux_llseek(struct thread *td, struct >> >> linux_llseek_ar >> >> static int >> >> linux_getdents_error(struct thread *td, int fd, int err) >> >> { >> >> - cap_rights_t rights; >> >> struct vnode *vp; >> >> struct file *fp; >> >> int error; >> >> >> >> /* Linux return ENOTDIR in case when fd is not a directory. */ >> >> - error = getvnode(td, fd, cap_rights_init(&rights, CAP_READ), >> >> &fp); >> >> + error = getvnode(td, fd, &cap_read_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> vp = fp->f_vnode; >> >> @@ -985,15 +983,13 @@ linux_fdatasync(td, uap) >> >> int >> >> linux_pread(struct thread *td, struct linux_pread_args *uap) >> >> { >> >> - cap_rights_t rights; >> >> struct vnode *vp; >> >> int error; >> >> >> >> error = kern_pread(td, uap->fd, uap->buf, uap->nbyte, >> >> uap->offset); >> >> if (error == 0) { >> >> /* This seems to violate POSIX but Linux does it. */ >> >> - error = fgetvp(td, uap->fd, >> >> - cap_rights_init(&rights, CAP_PREAD), &vp); >> >> + error = fgetvp(td, uap->fd, &cap_pread_rights, &vp); >> >> if (error != 0) >> >> return (error); >> >> if (vp->v_type == VDIR) { >> >> @@ -1275,7 +1271,6 @@ fcntl_common(struct thread *td, struct >> >> linux_fcntl_arg >> >> { >> >> struct l_flock linux_flock; >> >> struct flock bsd_flock; >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> long arg; >> >> int error, result; >> >> @@ -1379,7 +1374,7 @@ fcntl_common(struct thread *td, struct >> >> linux_fcntl_arg >> >> * pipes under Linux-2.2.35 at least). >> >> */ >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_FCNTL), &fp); >> >> + &cap_fcntl_rights, &fp); >> >> if (error) >> >> return (error); >> >> if (fp->f_type == DTYPE_PIPE) { >> >> >> >> Modified: head/sys/compat/linux/linux_ioctl.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/compat/linux/linux_ioctl.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/compat/linux/linux_ioctl.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -194,13 +194,12 @@ struct linux_hd_big_geometry { >> >> static int >> >> linux_ioctl_hdio(struct thread *td, struct linux_ioctl_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> int error; >> >> u_int sectorsize, fwcylinders, fwheads, fwsectors; >> >> off_t mediasize, bytespercyl; >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> switch (args->cmd & 0xffff) { >> >> @@ -278,13 +277,12 @@ linux_ioctl_hdio(struct thread *td, struct >> >> linux_ioctl >> >> static int >> >> linux_ioctl_disk(struct thread *td, struct linux_ioctl_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> int error; >> >> u_int sectorsize; >> >> off_t mediasize; >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> switch (args->cmd & 0xffff) { >> >> @@ -717,11 +715,10 @@ linux_ioctl_termio(struct thread *td, struct >> >> linux_ioc >> >> struct termios bios; >> >> struct linux_termios lios; >> >> struct linux_termio lio; >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> int error; >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> >> >> @@ -1461,11 +1458,10 @@ bsd_to_linux_dvd_authinfo(struct dvd_authinfo >> >> *bp, >> >> l_d >> >> static int >> >> linux_ioctl_cdrom(struct thread *td, struct linux_ioctl_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> int error; >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> switch (args->cmd & 0xffff) { >> >> @@ -1998,11 +1994,10 @@ linux_ioctl_sound(struct thread *td, struct >> >> linux_ioct >> >> static int >> >> linux_ioctl_console(struct thread *td, struct linux_ioctl_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> int error; >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> switch (args->cmd & 0xffff) { >> >> @@ -2411,7 +2406,6 @@ static int >> >> linux_ioctl_socket(struct thread *td, struct linux_ioctl_args *args) >> >> { >> >> char lifname[LINUX_IFNAMSIZ], ifname[IFNAMSIZ]; >> >> - cap_rights_t rights; >> >> struct ifnet *ifp; >> >> struct file *fp; >> >> int error, type; >> >> @@ -2419,7 +2413,7 @@ linux_ioctl_socket(struct thread *td, struct >> >> linux_ioc >> >> ifp = NULL; >> >> error = 0; >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> type = fp->f_type; >> >> @@ -2649,11 +2643,10 @@ linux_ioctl_socket(struct thread *td, struct >> >> linux_ioc >> >> static int >> >> linux_ioctl_private(struct thread *td, struct linux_ioctl_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> int error, type; >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> type = fp->f_type; >> >> @@ -2685,11 +2678,10 @@ linux_ioctl_sg_io(struct thread *td, struct >> >> linux_ioct >> >> { >> >> struct sg_io_hdr io; >> >> struct sg_io_hdr32 io32; >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> int error; >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_ioctl_rights, &fp); >> >> if (error != 0) { >> >> printf("sg_linux_ioctl: fget returned %d\n", error); >> >> return (error); >> >> @@ -2997,7 +2989,6 @@ linux_v4l_cliplist_copy(struct l_video_window >> >> *lvw, >> >> st >> >> static int >> >> linux_ioctl_v4l(struct thread *td, struct linux_ioctl_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> int error; >> >> struct video_tuner vtun; >> >> @@ -3016,7 +3007,7 @@ linux_ioctl_v4l(struct thread *td, struct >> >> linux_ioctl_ >> >> >> >> case LINUX_VIDIOCGTUNER: >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> error = copyin((void *) args->arg, &l_vtun, >> >> sizeof(l_vtun)); >> >> @@ -3036,7 +3027,7 @@ linux_ioctl_v4l(struct thread *td, struct >> >> linux_ioctl_ >> >> >> >> case LINUX_VIDIOCSTUNER: >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> error = copyin((void *) args->arg, &l_vtun, >> >> sizeof(l_vtun)); >> >> @@ -3055,7 +3046,7 @@ linux_ioctl_v4l(struct thread *td, struct >> >> linux_ioctl_ >> >> >> >> case LINUX_VIDIOCGWIN: >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> error = fo_ioctl(fp, VIDIOCGWIN, &vwin, td->td_ucred, >> >> td); >> >> @@ -3069,7 +3060,7 @@ linux_ioctl_v4l(struct thread *td, struct >> >> linux_ioctl_ >> >> >> >> case LINUX_VIDIOCSWIN: >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> error = copyin((void *) args->arg, &l_vwin, >> >> sizeof(l_vwin)); >> >> @@ -3094,7 +3085,7 @@ linux_ioctl_v4l(struct thread *td, struct >> >> linux_ioctl_ >> >> >> >> case LINUX_VIDIOCGFBUF: >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> error = fo_ioctl(fp, VIDIOCGFBUF, &vbuf, td->td_ucred, >> >> td); >> >> @@ -3108,7 +3099,7 @@ linux_ioctl_v4l(struct thread *td, struct >> >> linux_ioctl_ >> >> >> >> case LINUX_VIDIOCSFBUF: >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> error = copyin((void *) args->arg, &l_vbuf, >> >> sizeof(l_vbuf)); >> >> @@ -3138,7 +3129,7 @@ linux_ioctl_v4l(struct thread *td, struct >> >> linux_ioctl_ >> >> >> >> case LINUX_VIDIOCSMICROCODE: >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> error = copyin((void *) args->arg, &l_vcode, >> >> sizeof(l_vcode)); >> >> @@ -3302,7 +3293,6 @@ bsd_to_linux_v4l2_format(struct v4l2_format *vf, >> >> struc >> >> static int >> >> linux_ioctl_v4l2(struct thread *td, struct linux_ioctl_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> int error; >> >> struct v4l2_format vformat; >> >> @@ -3395,7 +3385,7 @@ linux_ioctl_v4l2(struct thread *td, struct >> >> linux_ioctl >> >> if (error) >> >> return (error); >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error) >> >> return (error); >> >> if (linux_to_bsd_v4l2_format(&l_vformat, &vformat) != >> >> 0) >> >> @@ -3420,7 +3410,7 @@ linux_ioctl_v4l2(struct thread *td, struct >> >> linux_ioctl >> >> return (error); >> >> linux_to_bsd_v4l2_standard(&l_vstd, &vstd); >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error) >> >> return (error); >> >> error = fo_ioctl(fp, VIDIOC_ENUMSTD, (caddr_t)&vstd, >> >> @@ -3444,7 +3434,7 @@ linux_ioctl_v4l2(struct thread *td, struct >> >> linux_ioctl >> >> if (error != 0) >> >> return (error); >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> error = fo_ioctl(fp, VIDIOC_ENUMINPUT, (caddr_t)&vinp, >> >> @@ -3465,7 +3455,7 @@ linux_ioctl_v4l2(struct thread *td, struct >> >> linux_ioctl >> >> if (error) >> >> return (error); >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error) >> >> return (error); >> >> linux_to_bsd_v4l2_buffer(&l_vbuf, &vbuf); >> >> @@ -3640,7 +3630,6 @@ linux_ioctl_fbsd_usb(struct thread *td, struct >> >> linux_i >> >> static int >> >> linux_ioctl_evdev(struct thread *td, struct linux_ioctl_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> clockid_t clock; >> >> int error; >> >> @@ -3668,7 +3657,7 @@ linux_ioctl_evdev(struct thread *td, struct >> >> linux_ioct >> >> return (error); >> >> >> >> error = fget(td, args->fd, >> >> - cap_rights_init(&rights, CAP_IOCTL), &fp); >> >> + &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> >> >> @@ -3694,7 +3683,6 @@ linux_ioctl_evdev(struct thread *td, struct >> >> linux_ioct >> >> int >> >> linux_ioctl(struct thread *td, struct linux_ioctl_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct file *fp; >> >> struct handler_element *he; >> >> int error, cmd; >> >> @@ -3705,7 +3693,7 @@ linux_ioctl(struct thread *td, struct >> >> linux_ioctl_args >> >> (unsigned long)args->cmd); >> >> #endif >> >> >> >> - error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), >> >> &fp); >> >> + error = fget(td, args->fd, &cap_ioctl_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> if ((fp->f_flag & (FREAD|FWRITE)) == 0) { >> >> >> >> Modified: head/sys/compat/linux/linux_mmap.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/compat/linux/linux_mmap.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/compat/linux/linux_mmap.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -72,7 +72,6 @@ linux_mmap_common(struct thread *td, uintptr_t addr, >> >> s >> >> int bsd_flags, error; >> >> struct file *fp; >> >> >> >> - cap_rights_t rights; >> >> LINUX_CTR6(mmap2, "0x%lx, %ld, %ld, 0x%08lx, %ld, 0x%lx", >> >> addr, len, prot, flags, fd, pos); >> >> >> >> @@ -126,7 +125,7 @@ linux_mmap_common(struct thread *td, uintptr_t >> >> addr, s >> >> * protection options specified. >> >> */ >> >> >> >> - error = fget(td, fd, cap_rights_init(&rights, >> >> CAP_MMAP), >> >> &fp); >> >> + error = fget(td, fd, &cap_mmap_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> if (fp->f_type != DTYPE_VNODE && fp->f_type != >> >> DTYPE_DEV) >> >> { >> >> >> >> Modified: head/sys/compat/linux/linux_socket.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/compat/linux/linux_socket.c Wed May 9 18:41:04 >> >> 2018 >> >> (r333424) >> >> +++ head/sys/compat/linux/linux_socket.c Wed May 9 18:47:24 >> >> 2018 >> >> (r333425) >> >> @@ -766,7 +766,6 @@ linux_bind(struct thread *td, struct >> >> linux_bind_args * >> >> int >> >> linux_connect(struct thread *td, struct linux_connect_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct socket *so; >> >> struct sockaddr *sa; >> >> struct file *fp; >> >> @@ -788,7 +787,7 @@ linux_connect(struct thread *td, struct >> >> linux_connect_ >> >> * when on a non-blocking socket. Instead it returns the >> >> * error getsockopt(SOL_SOCKET, SO_ERROR) would return on BSD. >> >> */ >> >> - error = getsock_cap(td, args->s, cap_rights_init(&rights, >> >> CAP_CONNECT), >> >> + error = getsock_cap(td, args->s, &cap_connect_rights, >> >> &fp, &fflag, NULL); >> >> if (error != 0) >> >> return (error); >> >> @@ -824,7 +823,6 @@ linux_accept_common(struct thread *td, int s, >> >> l_uintpt >> >> socklen_t * __restrict anamelen; >> >> int flags; >> >> } */ bsd_args; >> >> - cap_rights_t rights; >> >> struct socket *so; >> >> struct file *fp; >> >> int error, error1; >> >> @@ -842,8 +840,7 @@ linux_accept_common(struct thread *td, int s, >> >> l_uintpt >> >> if (error == EFAULT && namelen != sizeof(struct >> >> sockaddr_in)) >> >> return (EINVAL); >> >> if (error == EINVAL) { >> >> - error1 = getsock_cap(td, s, >> >> - cap_rights_init(&rights, CAP_ACCEPT), &fp, >> >> NULL, NULL); >> >> + error1 = getsock_cap(td, s, &cap_accept_rights, >> >> &fp, NULL, NULL); >> >> if (error1 != 0) >> >> return (error1); >> >> so = fp->f_data; >> >> >> >> Modified: head/sys/compat/linux/linux_stats.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/compat/linux/linux_stats.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/compat/linux/linux_stats.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -103,14 +103,13 @@ translate_fd_major_minor(struct thread *td, int >> >> fd, >> >> st >> >> { >> >> struct file *fp; >> >> struct vnode *vp; >> >> - cap_rights_t rights; >> >> int major, minor; >> >> >> >> /* >> >> * No capability rights required here. >> >> */ >> >> if ((!S_ISCHR(buf->st_mode) && !S_ISBLK(buf->st_mode)) || >> >> - fget(td, fd, cap_rights_init(&rights), &fp) != 0) >> >> + fget(td, fd, &cap_no_rights, &fp) != 0) >> >> return; >> >> vp = fp->f_vnode; >> >> if (vp != NULL && vp->v_rdev != NULL && >> >> @@ -680,12 +679,11 @@ linux_newfstatat(struct thread *td, struct >> >> linux_newfs >> >> int >> >> linux_syncfs(struct thread *td, struct linux_syncfs_args *args) >> >> { >> >> - cap_rights_t rights; >> >> struct mount *mp; >> >> struct vnode *vp; >> >> int error, save; >> >> >> >> - error = fgetvp(td, args->fd, cap_rights_init(&rights, >> >> CAP_FSYNC), >> >> &vp); >> >> + error = fgetvp(td, args->fd, &cap_fsync_rights, &vp); >> >> if (error != 0) >> >> /* >> >> * Linux syncfs() returns only EBADF, however fgetvp() >> >> >> >> Modified: head/sys/compat/linuxkpi/common/include/linux/file.h >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/compat/linuxkpi/common/include/linux/file.h Wed May >> >> 9 >> >> 18:41:04 2018 (r333424) >> >> +++ head/sys/compat/linuxkpi/common/include/linux/file.h Wed May >> >> 9 >> >> 18:47:24 2018 (r333425) >> >> @@ -50,12 +50,11 @@ extern struct fileops linuxfileops; >> >> static inline struct linux_file * >> >> linux_fget(unsigned int fd) >> >> { >> >> - cap_rights_t rights; >> >> struct file *file; >> >> >> >> /* lookup file pointer by file descriptor index */ >> >> if (fget_unlocked(curthread->td_proc->p_fd, fd, >> >> - cap_rights_init(&rights), &file, NULL) != 0) >> >> + &cap_no_rights, &file, NULL) != 0) >> >> return (NULL); >> >> >> >> /* check if file handle really belongs to us */ >> >> @@ -88,11 +87,10 @@ file_count(struct linux_file *filp) >> >> static inline void >> >> put_unused_fd(unsigned int fd) >> >> { >> >> - cap_rights_t rights; >> >> struct file *file; >> >> >> >> if (fget_unlocked(curthread->td_proc->p_fd, fd, >> >> - cap_rights_init(&rights), &file, NULL) != 0) { >> >> + &cap_no_rights, &file, NULL) != 0) { >> >> return; >> >> } >> >> /* >> >> @@ -109,11 +107,10 @@ put_unused_fd(unsigned int fd) >> >> static inline void >> >> fd_install(unsigned int fd, struct linux_file *filp) >> >> { >> >> - cap_rights_t rights; >> >> struct file *file; >> >> >> >> if (fget_unlocked(curthread->td_proc->p_fd, fd, >> >> - cap_rights_init(&rights), &file, NULL) != 0) { >> >> + &cap_no_rights, &file, NULL) != 0) { >> >> filp->_file = NULL; >> >> } else { >> >> filp->_file = file; >> >> >> >> Modified: head/sys/dev/filemon/filemon.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/dev/filemon/filemon.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/dev/filemon/filemon.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -361,7 +361,6 @@ filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t >> >> da >> >> int error = 0; >> >> struct filemon *filemon; >> >> struct proc *p; >> >> - cap_rights_t rights; >> >> >> >> if ((error = devfs_get_cdevpriv((void **) &filemon)) != 0) >> >> return (error); >> >> @@ -377,7 +376,7 @@ filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t >> >> da >> >> } >> >> >> >> error = fget_write(td, *(int *)data, >> >> - cap_rights_init(&rights, CAP_PWRITE), >> >> + &cap_pwrite_rights, >> >> &filemon->fp); >> >> if (error == 0) >> >> /* Write the file header. */ >> >> >> >> Modified: head/sys/dev/hwpmc/hwpmc_logging.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/dev/hwpmc/hwpmc_logging.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/dev/hwpmc/hwpmc_logging.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -638,7 +638,6 @@ int >> >> pmclog_configure_log(struct pmc_mdep *md, struct pmc_owner *po, int >> >> logfd) >> >> { >> >> struct proc *p; >> >> - cap_rights_t rights; >> >> int error; >> >> >> >> sx_assert(&pmc_sx, SA_XLOCKED); >> >> @@ -655,8 +654,7 @@ pmclog_configure_log(struct pmc_mdep *md, struct >> >> pmc_o >> >> po->po_file)); >> >> >> >> /* get a reference to the file state */ >> >> - error = fget_write(curthread, logfd, >> >> - cap_rights_init(&rights, CAP_WRITE), &po->po_file); >> >> + error = fget_write(curthread, logfd, &cap_write_rights, >> >> &po->po_file); >> >> if (error) >> >> goto error; >> >> >> >> >> >> Modified: head/sys/fs/fdescfs/fdesc_vnops.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/fs/fdescfs/fdesc_vnops.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/fs/fdescfs/fdesc_vnops.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -286,7 +286,6 @@ fdesc_lookup(struct vop_lookup_args *ap) >> >> struct thread *td = cnp->cn_thread; >> >> struct file *fp; >> >> struct fdesc_get_ino_args arg; >> >> - cap_rights_t rights; >> >> int nlen = cnp->cn_namelen; >> >> u_int fd, fd1; >> >> int error; >> >> @@ -331,7 +330,7 @@ fdesc_lookup(struct vop_lookup_args *ap) >> >> /* >> >> * No rights to check since 'fp' isn't actually used. >> >> */ >> >> - if ((error = fget(td, fd, cap_rights_init(&rights), &fp)) != 0) >> >> + if ((error = fget(td, fd, &cap_no_rights, &fp)) != 0) >> >> goto bad; >> >> >> >> /* Check if we're looking up ourselves. */ >> >> @@ -613,7 +612,6 @@ static int >> >> fdesc_readlink(struct vop_readlink_args *va) >> >> { >> >> struct vnode *vp, *vn; >> >> - cap_rights_t rights; >> >> struct thread *td; >> >> struct uio *uio; >> >> struct file *fp; >> >> @@ -631,7 +629,7 @@ fdesc_readlink(struct vop_readlink_args *va) >> >> VOP_UNLOCK(vn, 0); >> >> >> >> td = curthread; >> >> - error = fget_cap(td, fd_fd, cap_rights_init(&rights), &fp, >> >> NULL); >> >> + error = fget_cap(td, fd_fd, &cap_no_rights, &fp, NULL); >> >> if (error != 0) >> >> goto out; >> >> >> >> >> >> Modified: head/sys/fs/fuse/fuse_vfsops.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/fs/fuse/fuse_vfsops.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/fs/fuse/fuse_vfsops.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -222,7 +222,6 @@ fuse_vfsop_mount(struct mount *mp) >> >> struct file *fp, *fptmp; >> >> char *fspec, *subtype; >> >> struct vfsoptlist *opts; >> >> - cap_rights_t rights; >> >> >> >> subtype = NULL; >> >> max_read_set = 0; >> >> @@ -292,7 +291,7 @@ fuse_vfsop_mount(struct mount *mp) >> >> >> >> FS_DEBUG2G("mntopts 0x%jx\n", (uintmax_t)mntopts); >> >> >> >> - err = fget(td, fd, cap_rights_init(&rights, CAP_READ), &fp); >> >> + err = fget(td, fd, &cap_read_rights, &fp); >> >> if (err != 0) { >> >> FS_DEBUG("invalid or not opened device: data=%p\n", >> >> data); >> >> goto out; >> >> >> >> Modified: head/sys/kern/kern_descrip.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/kern/kern_descrip.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/kern/kern_descrip.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -490,7 +490,6 @@ kern_fcntl(struct thread *td, int fd, int cmd, >> >> intptr_ >> >> struct filedescent *fde; >> >> struct proc *p; >> >> struct vnode *vp; >> >> - cap_rights_t rights; >> >> int error, flg, tmp; >> >> uint64_t bsize; >> >> off_t foffset; >> >> @@ -548,8 +547,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, >> >> intptr_ >> >> break; >> >> >> >> case F_GETFL: >> >> - error = fget_fcntl(td, fd, >> >> - cap_rights_init(&rights, CAP_FCNTL), F_GETFL, &fp); >> >> + error = fget_fcntl(td, fd, &cap_fcntl_rights, F_GETFL, >> >> &fp); >> >> if (error != 0) >> >> break; >> >> td->td_retval[0] = OFLAGS(fp->f_flag); >> >> @@ -557,8 +555,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, >> >> intptr_ >> >> break; >> >> >> >> case F_SETFL: >> >> - error = fget_fcntl(td, fd, >> >> - cap_rights_init(&rights, CAP_FCNTL), F_SETFL, &fp); >> >> + error = fget_fcntl(td, fd, &cap_fcntl_rights, F_SETFL, >> >> &fp); >> >> if (error != 0) >> >> break; >> >> do { >> >> @@ -585,8 +582,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, >> >> intptr_ >> >> break; >> >> >> >> case F_GETOWN: >> >> - error = fget_fcntl(td, fd, >> >> - cap_rights_init(&rights, CAP_FCNTL), F_GETOWN, >> >> &fp); >> >> + error = fget_fcntl(td, fd, &cap_fcntl_rights, F_GETOWN, >> >> &fp); >> >> if (error != 0) >> >> break; >> >> error = fo_ioctl(fp, FIOGETOWN, &tmp, td->td_ucred, >> >> td); >> >> @@ -596,8 +592,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, >> >> intptr_ >> >> break; >> >> >> >> case F_SETOWN: >> >> - error = fget_fcntl(td, fd, >> >> - cap_rights_init(&rights, CAP_FCNTL), F_SETOWN, >> >> &fp); >> >> + error = fget_fcntl(td, fd, &cap_fcntl_rights, F_SETOWN, >> >> &fp); >> >> if (error != 0) >> >> break; >> >> tmp = arg; >> >> @@ -618,8 +613,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, >> >> intptr_ >> >> >> >> case F_SETLK: >> >> do_setlk: >> >> - cap_rights_init(&rights, CAP_FLOCK); >> >> - error = fget_unlocked(fdp, fd, &rights, &fp, NULL); >> >> + error = fget_unlocked(fdp, fd, &cap_flock_rights, &fp, >> >> NULL); >> >> if (error != 0) >> >> break; >> >> if (fp->f_type != DTYPE_VNODE) { >> >> @@ -711,7 +705,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, >> >> intptr_ >> >> * that the closing thread was a bit slower and that >> >> the >> >> * advisory lock succeeded before the close. >> >> */ >> >> - error = fget_unlocked(fdp, fd, &rights, &fp2, NULL); >> >> + error = fget_unlocked(fdp, fd, &cap_no_rights, &fp2, >> >> NULL); >> >> if (error != 0) { >> >> fdrop(fp, td); >> >> break; >> >> @@ -729,8 +723,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, >> >> intptr_ >> >> break; >> >> >> >> case F_GETLK: >> >> - error = fget_unlocked(fdp, fd, >> >> - cap_rights_init(&rights, CAP_FLOCK), &fp, NULL); >> >> + error = fget_unlocked(fdp, fd, &cap_flock_rights, &fp, >> >> NULL); >> >> if (error != 0) >> >> break; >> >> if (fp->f_type != DTYPE_VNODE) { >> >> @@ -767,8 +760,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, >> >> intptr_ >> >> arg = arg ? 128 * 1024: 0; >> >> /* FALLTHROUGH */ >> >> case F_READAHEAD: >> >> - error = fget_unlocked(fdp, fd, >> >> - cap_rights_init(&rights), &fp, NULL); >> >> + error = fget_unlocked(fdp, fd, &cap_no_rights, &fp, >> >> NULL); >> >> if (error != 0) >> >> break; >> >> if (fp->f_type != DTYPE_VNODE) { >> >> @@ -1363,12 +1355,11 @@ int >> >> kern_fstat(struct thread *td, int fd, struct stat *sbp) >> >> { >> >> struct file *fp; >> >> - cap_rights_t rights; >> >> int error; >> >> >> >> AUDIT_ARG_FD(fd); >> >> >> >> - error = fget(td, fd, cap_rights_init(&rights, CAP_FSTAT), &fp); >> >> + error = fget(td, fd, &cap_fstat_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> >> >> @@ -1445,10 +1436,9 @@ kern_fpathconf(struct thread *td, int fd, int >> >> name, >> >> lo >> >> { >> >> struct file *fp; >> >> struct vnode *vp; >> >> - cap_rights_t rights; >> >> int error; >> >> >> >> - error = fget(td, fd, cap_rights_init(&rights, CAP_FPATHCONF), >> >> &fp); >> >> + error = fget(td, fd, &cap_fpathconf_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> >> >> @@ -2982,10 +2972,9 @@ sys_flock(struct thread *td, struct flock_args >> >> *uap) >> >> struct file *fp; >> >> struct vnode *vp; >> >> struct flock lf; >> >> - cap_rights_t rights; >> >> int error; >> >> >> >> - error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FLOCK), >> >> &fp); >> >> + error = fget(td, uap->fd, &cap_flock_rights, &fp); >> >> if (error != 0) >> >> return (error); >> >> if (fp->f_type != DTYPE_VNODE) { >> >> @@ -3633,7 +3622,7 @@ kern_proc_filedesc_out(struct proc *p, struct >> >> sbuf >> >> *s >> >> #ifdef CAPABILITIES >> >> rights = *cap_rights(fdp, i); >> >> #else /* !CAPABILITIES */ >> >> - cap_rights_init(&rights); >> >> + rights = cap_no_rights; >> >> #endif >> >> /* >> >> * Create sysctl entry. It is OK to drop the filedesc >> >> >> >> Modified: head/sys/kern/kern_event.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/kern/kern_event.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/kern/kern_event.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -1286,7 +1286,6 @@ kqueue_register(struct kqueue *kq, struct kevent >> >> *kev, >> >> struct file *fp; >> >> struct knote *kn, *tkn; >> >> struct knlist *knl; >> >> - cap_rights_t rights; >> >> int error, filt, event; >> >> int haskqglobal, filedesc_unlock; >> >> >> >> @@ -1322,8 +1321,7 @@ findkn: >> >> if (kev->ident > INT_MAX) >> >> error = EBADF; >> >> else >> >> - error = fget(td, kev->ident, >> >> - cap_rights_init(&rights, CAP_EVENT), &fp); >> >> + error = fget(td, kev->ident, &cap_event_rights, >> >> &fp); >> >> if (error) >> >> goto done; >> >> >> >> >> >> Modified: head/sys/kern/kern_exec.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/kern/kern_exec.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/kern/kern_exec.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -374,7 +374,6 @@ do_execve(struct thread *td, struct image_args >> >> *args, >> >> struct ucred *tracecred = NULL; >> >> #endif >> >> struct vnode *oldtextvp = NULL, *newtextvp; >> >> - cap_rights_t rights; >> >> int credential_changing; >> >> int textset; >> >> #ifdef MAC >> >> @@ -455,8 +454,7 @@ interpret: >> >> /* >> >> * Descriptors opened only with O_EXEC or O_RDONLY are >> >> allowed. >> >> */ >> >> - error = fgetvp_exec(td, args->fd, >> >> - cap_rights_init(&rights, CAP_FEXECVE), &newtextvp); >> >> + error = fgetvp_exec(td, args->fd, &cap_fexecve_rights, >> >> &newtextvp); >> >> if (error) >> >> goto exec_fail; >> >> vn_lock(newtextvp, LK_EXCLUSIVE | LK_RETRY); >> >> >> >> Modified: head/sys/kern/kern_sendfile.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/kern/kern_sendfile.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/kern/kern_sendfile.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -511,7 +511,6 @@ static int >> >> sendfile_getsock(struct thread *td, int s, struct file **sock_fp, >> >> struct socket **so) >> >> { >> >> - cap_rights_t rights; >> >> int error; >> >> >> >> *sock_fp = NULL; >> >> @@ -520,7 +519,7 @@ sendfile_getsock(struct thread *td, int s, struct >> >> file >> >> /* >> >> * The socket must be a stream socket and connected. >> >> */ >> >> - error = getsock_cap(td, s, cap_rights_init(&rights, CAP_SEND), >> >> + error = getsock_cap(td, s, &cap_send_rights, >> >> sock_fp, NULL, NULL); >> >> if (error != 0) >> >> return (error); >> >> @@ -949,7 +948,6 @@ sendfile(struct thread *td, struct sendfile_args >> >> *uap, >> >> struct sf_hdtr hdtr; >> >> struct uio *hdr_uio, *trl_uio; >> >> struct file *fp; >> >> - cap_rights_t rights; >> >> off_t sbytes; >> >> int error; >> >> >> >> @@ -1000,10 +998,8 @@ sendfile(struct thread *td, struct sendfile_args >> >> *uap, >> >> * sendfile(2) can start at any offset within a file so we >> >> require >> >> * CAP_READ+CAP_SEEK = CAP_PREAD. >> >> */ >> >> - if ((error = fget_read(td, uap->fd, >> >> - cap_rights_init(&rights, CAP_PREAD), &fp)) != 0) { >> >> + if ((error = fget_read(td, uap->fd, &cap_pread_rights, &fp)) != >> >> 0) >> >> goto out; >> >> - } >> >> >> >> error = fo_sendfile(fp, uap->s, hdr_uio, trl_uio, uap->offset, >> >> uap->nbytes, &sbytes, uap->flags, td); >> >> >> >> Modified: head/sys/kern/kern_sig.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/kern/kern_sig.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/kern/kern_sig.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -1789,7 +1789,6 @@ int >> >> sys_pdkill(struct thread *td, struct pdkill_args *uap) >> >> { >> >> struct proc *p; >> >> - cap_rights_t rights; >> >> int error; >> >> >> >> AUDIT_ARG_SIGNUM(uap->signum); >> >> @@ -1797,8 +1796,7 @@ sys_pdkill(struct thread *td, struct pdkill_args >> >> *uap) >> >> if ((u_int)uap->signum > _SIG_MAXSIG) >> >> return (EINVAL); >> >> >> >> - error = procdesc_find(td, uap->fd, >> >> - cap_rights_init(&rights, CAP_PDKILL), &p); >> >> + error = procdesc_find(td, uap->fd, &cap_pdkill_rights, &p); >> >> if (error) >> >> return (error); >> >> AUDIT_ARG_PROCESS(p); >> >> >> >> Modified: head/sys/kern/subr_capability.c >> >> >> >> >> >> ============================================================================== >> >> --- head/sys/kern/subr_capability.c Wed May 9 18:41:04 2018 >> >> (r333424) >> >> +++ head/sys/kern/subr_capability.c Wed May 9 18:47:24 2018 >> >> (r333425) >> >> @@ -41,7 +41,7 @@ __FBSDID("$FreeBSD$"); >> >> >> >> #ifdef _KERNEL >> >> #include <sys/systm.h> >> >> - >> >> +#include <sys/kernel.h> >> >> #include <machine/stdarg.h> >> >> #else /* !_KERNEL */ >> >> #include <assert.h> >> >> @@ -53,6 +53,38 @@ __FBSDID("$FreeBSD$"); >> >> >> >> #ifdef _KERNEL >> >> #define assert(exp) KASSERT((exp), ("%s:%u", __func__, >> >> __LINE__)) >> >> + >> >> +CAP_RIGHTS_DEFINE1(cap_accept_rights, CAP_ACCEPT); >> >> +CAP_RIGHTS_DEFINE1(cap_bind_rights, CAP_BIND); >> >> +CAP_RIGHTS_DEFINE1(cap_connect_rights, CAP_CONNECT); >> >> +CAP_RIGHTS_DEFINE1(cap_event_rights, CAP_EVENT); >> >> +CAP_RIGHTS_DEFINE1(cap_fchdir_rights, CAP_FCHDIR); >> >> +CAP_RIGHTS_DEFINE1(cap_fcntl_rights, CAP_FCNTL); >> >> +CAP_RIGHTS_DEFINE1(cap_fexecve_rights, CAP_FEXECVE); >> >> +CAP_RIGHTS_DEFINE1(cap_flock_rights, CAP_FLOCK); >> >> +CAP_RIGHTS_DEFINE1(cap_fpathconf_rights, CAP_FPATHCONF); >> >> +CAP_RIGHTS_DEFINE1(cap_fstat_rights, CAP_FSTAT); >> >> +CAP_RIGHTS_DEFINE1(cap_fsync_rights, CAP_FSYNC); >> >> +CAP_RIGHTS_DEFINE1(cap_ftruncate_rights, CAP_FTRUNCATE); >> >> +CAP_RIGHTS_DEFINE1(cap_getpeername_rights, CAP_GETPEERNAME); >> >> +CAP_RIGHTS_DEFINE1(cap_getsockname_rights, CAP_GETSOCKNAME); >> >> +CAP_RIGHTS_DEFINE1(cap_getsockopt_rights, CAP_GETSOCKOPT); >> >> +CAP_RIGHTS_DEFINE1(cap_ioctl_rights, CAP_IOCTL); >> >> +CAP_RIGHTS_DEFINE1(cap_listen_rights, CAP_LISTEN); >> >> +CAP_RIGHTS_DEFINE1(cap_mmap_rights, CAP_MMAP); >> >> +CAP_RIGHTS_DEFINE1(cap_pdgetpid_rights, CAP_PDGETPID); >> >> +CAP_RIGHTS_DEFINE1(cap_pdkill_rights, CAP_PDKILL); >> >> +CAP_RIGHTS_DEFINE1(cap_pread_rights, CAP_PREAD); >> >> +CAP_RIGHTS_DEFINE1(cap_pwrite_rights, CAP_PWRITE); >> >> +CAP_RIGHTS_DEFINE1(cap_read_rights, CAP_READ); >> >> +CAP_RIGHTS_DEFINE1(cap_recv_rights, CAP_RECV); >> >> +CAP_RIGHTS_DEFINE1(cap_send_rights, CAP_SEND); >> >> +CAP_RIGHTS_DEFINE1(cap_setsockopt_rights, CAP_SETSOCKOPT); >> >> +CAP_RIGHTS_DEFINE1(cap_shutdown_rights, CAP_SHUTDOWN); >> >> +CAP_RIGHTS_DEFINE1(cap_write_rights, CAP_WRITE); >> >> + >> >> +__read_mostly cap_rights_t cap_no_rights; >> >> +CAP_RIGHTS_SYSINIT0(cap_no_rights, cap_no_rights); >> >> #endif >> >> >> >> #define CAPARSIZE_MIN (CAP_RIGHTS_VERSION_00 + 2) >> >> >> >> *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** >> >> >> > >> > > > > -- > Mateusz Guzik <mjguzik gmail.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPrugNoLW_soreUR1v9KOusDc70hmOooyXSAPFvnLfdDM__z_Q>