The branch stable/14 has been updated by markj:
URL:
https://cgit.FreeBSD.org/src/commit/?id=1225d1a7c948dd1f1ef6afce231d276a8269c36e
commit 1225d1a7c948dd1f1ef6afce231d276a8269c36e
Author: Mark Johnston <ma...@freebsd.org>
AuthorDate: 2025-05-20 20:19:47 +0000
Commit: Mark Johnston <ma...@freebsd.org>
CommitDate: 2025-06-20 12:46:09 +0000
capsicum: Statically initialize commonly used capability rights
Rather than initializing all of these sets during boot, define a macro
which can do so at compile-time. This lets us get rid of the silly
sysinit and furthermore allows the sets to live in .rodata, where they
ought to be anyway.
The CAP_RIGHTS_INITIALIZER2 macro can create a set out of up to two
capsicum rights. This could be made more general, but we currently
don't have any use for a more abstract implementation, so just keep it
simple for now.
Also remove the unused cap_chflags_rights symbol.
No functional change intended.
Reviewed by: olce, oshogbo, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50420
(cherry picked from commit 1f922483cc993e282329ffed9096f437799b630e)
---
sys/kern/subr_capability.c | 153 ++++++++++++++++-----------------------------
sys/sys/caprights.h | 90 +++++++++++++-------------
sys/sys/capsicum.h | 18 ++++++
3 files changed, 117 insertions(+), 144 deletions(-)
diff --git a/sys/kern/subr_capability.c b/sys/kern/subr_capability.c
index 1f3a181a91cb..b4fedb402b43 100644
--- a/sys/kern/subr_capability.c
+++ b/sys/kern/subr_capability.c
@@ -50,105 +50,60 @@
#ifdef _KERNEL
#define assert(exp) KASSERT((exp), ("%s:%u", __func__, __LINE__))
-__read_mostly cap_rights_t cap_accept_rights;
-__read_mostly cap_rights_t cap_bind_rights;
-__read_mostly cap_rights_t cap_chflags_rights;
-__read_mostly cap_rights_t cap_connect_rights;
-__read_mostly cap_rights_t cap_event_rights;
-__read_mostly cap_rights_t cap_fchdir_rights;
-__read_mostly cap_rights_t cap_fchflags_rights;
-__read_mostly cap_rights_t cap_fchmod_rights;
-__read_mostly cap_rights_t cap_fchown_rights;
-__read_mostly cap_rights_t cap_fcntl_rights;
-__read_mostly cap_rights_t cap_fexecve_rights;
-__read_mostly cap_rights_t cap_flock_rights;
-__read_mostly cap_rights_t cap_fpathconf_rights;
-__read_mostly cap_rights_t cap_fstat_rights;
-__read_mostly cap_rights_t cap_fstatfs_rights;
-__read_mostly cap_rights_t cap_fsync_rights;
-__read_mostly cap_rights_t cap_ftruncate_rights;
-__read_mostly cap_rights_t cap_futimes_rights;
-__read_mostly cap_rights_t cap_getpeername_rights;
-__read_mostly cap_rights_t cap_getsockopt_rights;
-__read_mostly cap_rights_t cap_getsockname_rights;
-__read_mostly cap_rights_t cap_ioctl_rights;
-__read_mostly cap_rights_t cap_listen_rights;
-__read_mostly cap_rights_t cap_linkat_source_rights;
-__read_mostly cap_rights_t cap_linkat_target_rights;
-__read_mostly cap_rights_t cap_mmap_rights;
-__read_mostly cap_rights_t cap_mkdirat_rights;
-__read_mostly cap_rights_t cap_mkfifoat_rights;
-__read_mostly cap_rights_t cap_mknodat_rights;
-__read_mostly cap_rights_t cap_pdgetpid_rights;
-__read_mostly cap_rights_t cap_pdkill_rights;
-__read_mostly cap_rights_t cap_pread_rights;
-__read_mostly cap_rights_t cap_pwrite_rights;
-__read_mostly cap_rights_t cap_read_rights;
-__read_mostly cap_rights_t cap_recv_rights;
-__read_mostly cap_rights_t cap_renameat_source_rights;
-__read_mostly cap_rights_t cap_renameat_target_rights;
-__read_mostly cap_rights_t cap_seek_rights;
-__read_mostly cap_rights_t cap_send_rights;
-__read_mostly cap_rights_t cap_send_connect_rights;
-__read_mostly cap_rights_t cap_setsockopt_rights;
-__read_mostly cap_rights_t cap_shutdown_rights;
-__read_mostly cap_rights_t cap_symlinkat_rights;
-__read_mostly cap_rights_t cap_unlinkat_rights;
-__read_mostly cap_rights_t cap_write_rights;
-__read_mostly cap_rights_t cap_no_rights;
-
-static void
-cap_rights_sysinit(void *arg)
-{
- cap_rights_init_one(&cap_accept_rights, CAP_ACCEPT);
- cap_rights_init_one(&cap_bind_rights, CAP_BIND);
- cap_rights_init_one(&cap_connect_rights, CAP_CONNECT);
- cap_rights_init_one(&cap_event_rights, CAP_EVENT);
- cap_rights_init_one(&cap_fchdir_rights, CAP_FCHDIR);
- cap_rights_init_one(&cap_fchflags_rights, CAP_FCHFLAGS);
- cap_rights_init_one(&cap_fchmod_rights, CAP_FCHMOD);
- cap_rights_init_one(&cap_fchown_rights, CAP_FCHOWN);
- cap_rights_init_one(&cap_fcntl_rights, CAP_FCNTL);
- cap_rights_init_one(&cap_fexecve_rights, CAP_FEXECVE);
- cap_rights_init_one(&cap_flock_rights, CAP_FLOCK);
- cap_rights_init_one(&cap_fpathconf_rights, CAP_FPATHCONF);
- cap_rights_init_one(&cap_fstat_rights, CAP_FSTAT);
- cap_rights_init_one(&cap_fstatfs_rights, CAP_FSTATFS);
- cap_rights_init_one(&cap_fsync_rights, CAP_FSYNC);
- cap_rights_init_one(&cap_ftruncate_rights, CAP_FTRUNCATE);
- cap_rights_init_one(&cap_futimes_rights, CAP_FUTIMES);
- cap_rights_init_one(&cap_getpeername_rights, CAP_GETPEERNAME);
- cap_rights_init_one(&cap_getsockname_rights, CAP_GETSOCKNAME);
- cap_rights_init_one(&cap_getsockopt_rights, CAP_GETSOCKOPT);
- cap_rights_init_one(&cap_ioctl_rights, CAP_IOCTL);
- cap_rights_init_one(&cap_linkat_source_rights, CAP_LINKAT_SOURCE);
- cap_rights_init_one(&cap_linkat_target_rights, CAP_LINKAT_TARGET);
- cap_rights_init_one(&cap_listen_rights, CAP_LISTEN);
- cap_rights_init_one(&cap_mkdirat_rights, CAP_MKDIRAT);
- cap_rights_init_one(&cap_mkfifoat_rights, CAP_MKFIFOAT);
- cap_rights_init_one(&cap_mknodat_rights, CAP_MKNODAT);
- cap_rights_init_one(&cap_mmap_rights, CAP_MMAP);
- cap_rights_init_one(&cap_pdgetpid_rights, CAP_PDGETPID);
- cap_rights_init_one(&cap_pdkill_rights, CAP_PDKILL);
- cap_rights_init_one(&cap_pread_rights, CAP_PREAD);
- cap_rights_init_one(&cap_pwrite_rights, CAP_PWRITE);
- cap_rights_init_one(&cap_read_rights, CAP_READ);
- cap_rights_init_one(&cap_recv_rights, CAP_RECV);
- cap_rights_init_one(&cap_renameat_source_rights, CAP_RENAMEAT_SOURCE);
- cap_rights_init_one(&cap_renameat_target_rights, CAP_RENAMEAT_TARGET);
- cap_rights_init_one(&cap_seek_rights, CAP_SEEK);
- cap_rights_init_one(&cap_send_rights, CAP_SEND);
- cap_rights_init(&cap_send_connect_rights, CAP_SEND, CAP_CONNECT);
- cap_rights_init_one(&cap_setsockopt_rights, CAP_SETSOCKOPT);
- cap_rights_init_one(&cap_shutdown_rights, CAP_SHUTDOWN);
- cap_rights_init_one(&cap_symlinkat_rights, CAP_SYMLINKAT);
- cap_rights_init_one(&cap_unlinkat_rights, CAP_UNLINKAT);
- cap_rights_init_one(&cap_write_rights, CAP_WRITE);
- cap_rights_init(&cap_no_rights);
-}
-SYSINIT(cap_rights_sysinit, SI_SUB_COPYRIGHT, SI_ORDER_ANY, cap_rights_sysinit,
- NULL);
-
+const cap_rights_t cap_accept_rights = CAP_RIGHTS_INITIALIZER(CAP_ACCEPT);
+const cap_rights_t cap_bind_rights = CAP_RIGHTS_INITIALIZER(CAP_BIND);
+const cap_rights_t cap_connect_rights = CAP_RIGHTS_INITIALIZER(CAP_CONNECT);
+const cap_rights_t cap_event_rights = CAP_RIGHTS_INITIALIZER(CAP_EVENT);
+const cap_rights_t cap_fchdir_rights = CAP_RIGHTS_INITIALIZER(CAP_FCHDIR);
+const cap_rights_t cap_fchflags_rights = CAP_RIGHTS_INITIALIZER(CAP_FCHFLAGS);
+const cap_rights_t cap_fchmod_rights = CAP_RIGHTS_INITIALIZER(CAP_FCHMOD);
+const cap_rights_t cap_fchown_rights = CAP_RIGHTS_INITIALIZER(CAP_FCHOWN);
+const cap_rights_t cap_fcntl_rights = CAP_RIGHTS_INITIALIZER(CAP_FCNTL);
+const cap_rights_t cap_fexecve_rights = CAP_RIGHTS_INITIALIZER(CAP_FEXECVE);
+const cap_rights_t cap_flock_rights = CAP_RIGHTS_INITIALIZER(CAP_FLOCK);
+const cap_rights_t cap_fpathconf_rights =
CAP_RIGHTS_INITIALIZER(CAP_FPATHCONF);
+const cap_rights_t cap_fstat_rights = CAP_RIGHTS_INITIALIZER(CAP_FSTAT);
+const cap_rights_t cap_fstatfs_rights = CAP_RIGHTS_INITIALIZER(CAP_FSTATFS);
+const cap_rights_t cap_fsync_rights = CAP_RIGHTS_INITIALIZER(CAP_FSYNC);
+const cap_rights_t cap_ftruncate_rights =
CAP_RIGHTS_INITIALIZER(CAP_FTRUNCATE);
+const cap_rights_t cap_futimes_rights = CAP_RIGHTS_INITIALIZER(CAP_FUTIMES);
+const cap_rights_t cap_getpeername_rights =
+ CAP_RIGHTS_INITIALIZER(CAP_GETPEERNAME);
+const cap_rights_t cap_getsockopt_rights =
+ CAP_RIGHTS_INITIALIZER(CAP_GETSOCKOPT);
+const cap_rights_t cap_getsockname_rights =
+ CAP_RIGHTS_INITIALIZER(CAP_GETSOCKNAME);
+const cap_rights_t cap_ioctl_rights = CAP_RIGHTS_INITIALIZER(CAP_IOCTL);
+const cap_rights_t cap_listen_rights = CAP_RIGHTS_INITIALIZER(CAP_LISTEN);
+const cap_rights_t cap_linkat_source_rights =
+ CAP_RIGHTS_INITIALIZER(CAP_LINKAT_SOURCE);
+const cap_rights_t cap_linkat_target_rights =
+ CAP_RIGHTS_INITIALIZER(CAP_LINKAT_TARGET);
+const cap_rights_t cap_mmap_rights = CAP_RIGHTS_INITIALIZER(CAP_MMAP);
+const cap_rights_t cap_mkdirat_rights = CAP_RIGHTS_INITIALIZER(CAP_MKDIRAT);
+const cap_rights_t cap_mkfifoat_rights = CAP_RIGHTS_INITIALIZER(CAP_MKFIFOAT);
+const cap_rights_t cap_mknodat_rights = CAP_RIGHTS_INITIALIZER(CAP_MKNODAT);
+const cap_rights_t cap_pdgetpid_rights = CAP_RIGHTS_INITIALIZER(CAP_PDGETPID);
+const cap_rights_t cap_pdkill_rights = CAP_RIGHTS_INITIALIZER(CAP_PDKILL);
+const cap_rights_t cap_pread_rights = CAP_RIGHTS_INITIALIZER(CAP_PREAD);
+const cap_rights_t cap_pwrite_rights = CAP_RIGHTS_INITIALIZER(CAP_PWRITE);
+const cap_rights_t cap_read_rights = CAP_RIGHTS_INITIALIZER(CAP_READ);
+const cap_rights_t cap_recv_rights = CAP_RIGHTS_INITIALIZER(CAP_RECV);
+const cap_rights_t cap_renameat_source_rights =
+ CAP_RIGHTS_INITIALIZER(CAP_RENAMEAT_SOURCE);
+const cap_rights_t cap_renameat_target_rights =
+ CAP_RIGHTS_INITIALIZER(CAP_RENAMEAT_TARGET);
+const cap_rights_t cap_seek_rights = CAP_RIGHTS_INITIALIZER(CAP_SEEK);
+const cap_rights_t cap_send_rights = CAP_RIGHTS_INITIALIZER(CAP_SEND);
+const cap_rights_t cap_send_connect_rights =
+ CAP_RIGHTS_INITIALIZER2(CAP_SEND, CAP_CONNECT);
+const cap_rights_t cap_setsockopt_rights =
+ CAP_RIGHTS_INITIALIZER(CAP_SETSOCKOPT);
+const cap_rights_t cap_shutdown_rights = CAP_RIGHTS_INITIALIZER(CAP_SHUTDOWN);
+const cap_rights_t cap_symlinkat_rights =
CAP_RIGHTS_INITIALIZER(CAP_SYMLINKAT);
+const cap_rights_t cap_unlinkat_rights = CAP_RIGHTS_INITIALIZER(CAP_UNLINKAT);
+const cap_rights_t cap_write_rights = CAP_RIGHTS_INITIALIZER(CAP_WRITE);
+const cap_rights_t cap_no_rights = CAP_RIGHTS_INITIALIZER(0ULL);
#endif
#define CAPARSIZE_MIN (CAP_RIGHTS_VERSION_00 + 2)
diff --git a/sys/sys/caprights.h b/sys/sys/caprights.h
index 32ae05172e24..b2fb2898437a 100644
--- a/sys/sys/caprights.h
+++ b/sys/sys/caprights.h
@@ -58,51 +58,51 @@ typedef struct cap_rights cap_rights_t;
#endif
#ifdef _KERNEL
-extern cap_rights_t cap_accept_rights;
-extern cap_rights_t cap_bind_rights;
-extern cap_rights_t cap_connect_rights;
-extern cap_rights_t cap_event_rights;
-extern cap_rights_t cap_fchdir_rights;
-extern cap_rights_t cap_fchflags_rights;
-extern cap_rights_t cap_fchmod_rights;
-extern cap_rights_t cap_fchown_rights;
-extern cap_rights_t cap_fcntl_rights;
-extern cap_rights_t cap_fexecve_rights;
-extern cap_rights_t cap_flock_rights;
-extern cap_rights_t cap_fpathconf_rights;
-extern cap_rights_t cap_fstat_rights;
-extern cap_rights_t cap_fstatfs_rights;
-extern cap_rights_t cap_fsync_rights;
-extern cap_rights_t cap_ftruncate_rights;
-extern cap_rights_t cap_futimes_rights;
-extern cap_rights_t cap_getpeername_rights;
-extern cap_rights_t cap_getsockopt_rights;
-extern cap_rights_t cap_getsockname_rights;
-extern cap_rights_t cap_ioctl_rights;
-extern cap_rights_t cap_linkat_source_rights;
-extern cap_rights_t cap_linkat_target_rights;
-extern cap_rights_t cap_listen_rights;
-extern cap_rights_t cap_mkdirat_rights;
-extern cap_rights_t cap_mkfifoat_rights;
-extern cap_rights_t cap_mknodat_rights;
-extern cap_rights_t cap_mmap_rights;
-extern cap_rights_t cap_no_rights;
-extern cap_rights_t cap_pdgetpid_rights;
-extern cap_rights_t cap_pdkill_rights;
-extern cap_rights_t cap_pread_rights;
-extern cap_rights_t cap_pwrite_rights;
-extern cap_rights_t cap_read_rights;
-extern cap_rights_t cap_recv_rights;
-extern cap_rights_t cap_renameat_source_rights;
-extern cap_rights_t cap_renameat_target_rights;
-extern cap_rights_t cap_seek_rights;
-extern cap_rights_t cap_send_rights;
-extern cap_rights_t cap_send_connect_rights;
-extern cap_rights_t cap_setsockopt_rights;
-extern cap_rights_t cap_shutdown_rights;
-extern cap_rights_t cap_symlinkat_rights;
-extern cap_rights_t cap_unlinkat_rights;
-extern cap_rights_t cap_write_rights;
+extern const cap_rights_t cap_accept_rights;
+extern const cap_rights_t cap_bind_rights;
+extern const cap_rights_t cap_connect_rights;
+extern const cap_rights_t cap_event_rights;
+extern const cap_rights_t cap_fchdir_rights;
+extern const cap_rights_t cap_fchflags_rights;
+extern const cap_rights_t cap_fchmod_rights;
+extern const cap_rights_t cap_fchown_rights;
+extern const cap_rights_t cap_fcntl_rights;
+extern const cap_rights_t cap_fexecve_rights;
+extern const cap_rights_t cap_flock_rights;
+extern const cap_rights_t cap_fpathconf_rights;
+extern const cap_rights_t cap_fstat_rights;
+extern const cap_rights_t cap_fstatfs_rights;
+extern const cap_rights_t cap_fsync_rights;
+extern const cap_rights_t cap_ftruncate_rights;
+extern const cap_rights_t cap_futimes_rights;
+extern const cap_rights_t cap_getpeername_rights;
+extern const cap_rights_t cap_getsockopt_rights;
+extern const cap_rights_t cap_getsockname_rights;
+extern const cap_rights_t cap_ioctl_rights;
+extern const cap_rights_t cap_linkat_source_rights;
+extern const cap_rights_t cap_linkat_target_rights;
+extern const cap_rights_t cap_listen_rights;
+extern const cap_rights_t cap_mkdirat_rights;
+extern const cap_rights_t cap_mkfifoat_rights;
+extern const cap_rights_t cap_mknodat_rights;
+extern const cap_rights_t cap_mmap_rights;
+extern const cap_rights_t cap_no_rights;
+extern const cap_rights_t cap_pdgetpid_rights;
+extern const cap_rights_t cap_pdkill_rights;
+extern const cap_rights_t cap_pread_rights;
+extern const cap_rights_t cap_pwrite_rights;
+extern const cap_rights_t cap_read_rights;
+extern const cap_rights_t cap_recv_rights;
+extern const cap_rights_t cap_renameat_source_rights;
+extern const cap_rights_t cap_renameat_target_rights;
+extern const cap_rights_t cap_seek_rights;
+extern const cap_rights_t cap_send_rights;
+extern const cap_rights_t cap_send_connect_rights;
+extern const cap_rights_t cap_setsockopt_rights;
+extern const cap_rights_t cap_shutdown_rights;
+extern const cap_rights_t cap_symlinkat_rights;
+extern const cap_rights_t cap_unlinkat_rights;
+extern const cap_rights_t cap_write_rights;
#endif
#endif /* !_SYS_CAPRIGHTS_H_ */
diff --git a/sys/sys/capsicum.h b/sys/sys/capsicum.h
index 405a7af419bf..9dd34cff943a 100644
--- a/sys/sys/capsicum.h
+++ b/sys/sys/capsicum.h
@@ -371,6 +371,24 @@ _Static_assert(CAP_RIGHTS_VERSION == CAP_RIGHTS_VERSION_00,
_r; \
})
+#define _CAP_RIGHTS_WORD_INITIALIZER(i, r)
\
+ (CAPIDXBIT(r) == (i) + 1 ? (r) : 0ULL)
+
+/*
+ * Define a set of up to two rights at compile time.
+ */
+#define CAP_RIGHTS_INITIALIZER2(r1, r2) ((struct cap_rights){
\
+ .cr_rights = { \
+ [0] = ((uint64_t)CAP_RIGHTS_VERSION << 62) | \
+ _CAP_RIGHTS_WORD_INITIALIZER(0, r1) | \
+ _CAP_RIGHTS_WORD_INITIALIZER(0, r2), \
+ [1] = _CAP_RIGHTS_WORD_INITIALIZER(1, r1) | \
+ _CAP_RIGHTS_WORD_INITIALIZER(1, r2), \
+ }, \
+})
+#define CAP_RIGHTS_INITIALIZER(r)
\
+ CAP_RIGHTS_INITIALIZER2(r, 0ULL)
+
/*
* Allow checking caps which are possibly getting modified at the same time.
* The caller is expected to determine whether the result is legitimate via
