file: Qualify pointers to capsicum rights as const - src

diff options


context:
space:
mode:

author	Mark Johnston <markj@FreeBSD.org>	2025-05-20 20:19:30 +0000
committer	Mark Johnston <markj@FreeBSD.org>	2026-02-09 23:11:00 +0000
commit	0b18e4842c9df9caefac5f5d8fd8f4fbd5b29901 (patch)
tree	13e4dc757b851f0fd0ece59719f12fe465e855fc /sys
parent	0e9fc21ec0a80eaf2514e9e7edab0860cb923198 (diff)

Diffstat (limited to 'sys')

-rw-r--r--

sys/kern/kern_descrip.c

-rw-r--r--

sys/kern/sys_procdesc.c

-rw-r--r--

sys/kern/uipc_mqueue.c

-rw-r--r--

sys/kern/uipc_sem.c

-rw-r--r--

sys/kern/uipc_syscalls.c

-rw-r--r--

sys/kern/vfs_syscalls.c

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

11 files changed, 69 insertions, 56 deletions

diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index f51a1092114d..f37eab12da70 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c

@@ -114,7 +114,8 @@ static void fdgrowtable_exp(struct filedesc *fdp, int nfd);

static void fdunused(struct filedesc *fdp, int fd);

static void fdused(struct filedesc *fdp, int fd);

static int fget_unlocked_seq(struct filedesc *fdp, int fd,

- cap_rights_t *needrightsp, struct file **fpp, seqc_t *seqp);

+ const cap_rights_t *needrightsp, struct file **fpp,

+ seqc_t *seqp);

static int getmaxfd(struct thread *td);

static u_long *filecaps_copy_prep(const struct filecaps *src);

static void filecaps_copy_finish(const struct filecaps *src,

@@ -2978,7 +2979,7 @@ finit_vnode(struct file *fp, u_int flag, void *data, struct fileops *ops)

}

int

-fget_cap_locked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

+fget_cap_locked(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,

struct file **fpp, struct filecaps *havecapsp)

{

struct filedescent *fde;

@@ -3010,7 +3011,7 @@ out:

}

int

-fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,

+fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,

struct file **fpp, struct filecaps *havecapsp)

{

struct filedesc *fdp = td->td_proc->p_fd;

@@ -3256,7 +3257,7 @@ out_free:

}

static int

-fget_unlocked_seq(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

+fget_unlocked_seq(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,

struct file **fpp, seqc_t *seqp)

{

#ifdef CAPABILITIES

@@ -3339,7 +3340,7 @@ fget_unlocked_seq(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

* racing with itself.

int

-fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

+fget_unlocked(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,

struct file **fpp)

{

#ifdef CAPABILITIES

@@ -3406,7 +3407,7 @@ out_fallback:

#ifdef CAPABILITIES

int

-fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

+fget_only_user(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,

struct file **fpp)

{

const struct filedescent *fde;

@@ -3436,7 +3437,7 @@ fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

}

#else

int

-fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

+fget_only_user(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,

struct file **fpp)

{

struct file *fp;

@@ -3472,7 +3473,7 @@ fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

static __inline int

_fget(struct thread *td, int fd, struct file **fpp, int flags,

- cap_rights_t *needrightsp)

+ const cap_rights_t *needrightsp)

{

struct filedesc *fdp;

struct file *fp;

@@ -3520,15 +3521,15 @@ _fget(struct thread *td, int fd, struct file **fpp, int flags,

}

int

-fget(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)

+fget(struct thread *td, int fd, const cap_rights_t *rightsp, struct file **fpp)

{

return (_fget(td, fd, fpp, 0, rightsp));

}

int

-fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp, vm_prot_t *maxprotp,

- struct file **fpp)

+fget_mmap(struct thread *td, int fd, const cap_rights_t *rightsp,

+ vm_prot_t *maxprotp, struct file **fpp)

{

int error;

#ifndef CAPABILITIES

@@ -3571,22 +3572,24 @@ fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp, vm_prot_t *maxprotp,

}

int

-fget_read(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)

+fget_read(struct thread *td, int fd, const cap_rights_t *rightsp,

+ struct file **fpp)

{

return (_fget(td, fd, fpp, FREAD, rightsp));

}

int

-fget_write(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)

+fget_write(struct thread *td, int fd, const cap_rights_t *rightsp,

+ struct file **fpp)

{

return (_fget(td, fd, fpp, FWRITE, rightsp));

}

int

-fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp, int needfcntl,

- struct file **fpp)

+fget_fcntl(struct thread *td, int fd, const cap_rights_t *rightsp,

+ int needfcntl, struct file **fpp)

{

struct filedesc *fdp = td->td_proc->p_fd;

#ifndef CAPABILITIES

@@ -3624,7 +3627,7 @@ fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp, int needfcntl,

* XXX: what about the unused flags ?

static __inline int

-_fgetvp(struct thread *td, int fd, int flags, cap_rights_t *needrightsp,

+_fgetvp(struct thread *td, int fd, int flags, const cap_rights_t *needrightsp,

struct vnode **vpp)

{

struct file *fp;

@@ -3646,14 +3649,15 @@ _fgetvp(struct thread *td, int fd, int flags, cap_rights_t *needrightsp,

}

int

-fgetvp(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)

+fgetvp(struct thread *td, int fd, const cap_rights_t *rightsp,

+ struct vnode **vpp)

{

return (_fgetvp(td, fd, 0, rightsp, vpp));

}

int

-fgetvp_rights(struct thread *td, int fd, cap_rights_t *needrightsp,

+fgetvp_rights(struct thread *td, int fd, const cap_rights_t *needrightsp,

struct filecaps *havecaps, struct vnode **vpp)

{

struct filecaps caps;

@@ -3685,14 +3689,16 @@ out:

}

int

-fgetvp_read(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)

+fgetvp_read(struct thread *td, int fd, const cap_rights_t *rightsp,

+ struct vnode **vpp)

{

return (_fgetvp(td, fd, FREAD, rightsp, vpp));

}

int

-fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)

+fgetvp_exec(struct thread *td, int fd, const cap_rights_t *rightsp,

+ struct vnode **vpp)

{

return (_fgetvp(td, fd, FEXEC, rightsp, vpp));

@@ -3700,7 +3706,7 @@ fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp

#ifdef notyet

int

-fgetvp_write(struct thread *td, int fd, cap_rights_t *rightsp,

+fgetvp_write(struct thread *td, int fd, const cap_rights_t *rightsp,

struct vnode **vpp)

{

diff --git a/sys/kern/sys_procdesc.c b/sys/kern/sys_procdesc.c
index aab7b1616594..4665dc2c0421 100644
--- a/sys/kern/sys_procdesc.c
+++ b/sys/kern/sys_procdesc.c

@@ -121,7 +121,7 @@ static struct fileops procdesc_ops = {

* died.

int

-procdesc_find(struct thread *td, int fd, cap_rights_t *rightsp,

+procdesc_find(struct thread *td, int fd, const cap_rights_t *rightsp,

struct proc **p)

{

struct procdesc *pd;

@@ -168,7 +168,8 @@ procdesc_pid(struct file *fp_procdesc)

* Retrieve the PID associated with a process descriptor.

int

-kern_pdgetpid(struct thread *td, int fd, cap_rights_t *rightsp, pid_t *pidp)

+kern_pdgetpid(struct thread *td, int fd, const cap_rights_t *rightsp,

+ pid_t *pidp)

{

struct file *fp;

int error;

diff --git a/sys/kern/uipc_mqueue.c b/sys/kern/uipc_mqueue.c
index 6f14f071588d..926a9d311b67 100644
--- a/sys/kern/uipc_mqueue.c
+++ b/sys/kern/uipc_mqueue.c

@@ -2160,13 +2160,14 @@ sys_kmq_unlink(struct thread *td, struct kmq_unlink_args *uap)

return (error);

}

-typedef int (*_fgetf)(struct thread *, int, cap_rights_t *, struct file **);

+typedef int (*_fgetf)(struct thread *, int, const cap_rights_t *,

+ struct file **);

* Get message queue by giving file slot

static int

-_getmq(struct thread *td, int fd, cap_rights_t *rightsp, _fgetf func,

+_getmq(struct thread *td, int fd, const cap_rights_t *rightsp, _fgetf func,

struct file **fpp, struct mqfs_node **ppn, struct mqueue **pmq)

{

struct mqfs_node *pn;

diff --git a/sys/kern/uipc_sem.c b/sys/kern/uipc_sem.c
index 7cb25749ad9c..9871c0528338 100644
--- a/sys/kern/uipc_sem.c
+++ b/sys/kern/uipc_sem.c

@@ -123,8 +123,8 @@ static int ksem_create(struct thread *td, const char *path,

semid_t *semidp, mode_t mode, unsigned int value,

int flags, int compat32);

static void ksem_drop(struct ksem *ks);

-static int ksem_get(struct thread *td, semid_t id, cap_rights_t *rightsp,

- struct file **fpp);

+static int ksem_get(struct thread *td, semid_t id,

+ const cap_rights_t *rightsp, struct file **fpp);

static struct ksem *ksem_hold(struct ksem *ks);

static void ksem_insert(char *path, Fnv32_t fnv, struct ksem *ks);

static struct ksem *ksem_lookup(char *path, Fnv32_t fnv);

@@ -588,7 +588,7 @@ ksem_create(struct thread *td, const char *name, semid_t *semidp, mode_t mode,

}

static int

-ksem_get(struct thread *td, semid_t id, cap_rights_t *rightsp,

+ksem_get(struct thread *td, semid_t id, const cap_rights_t *rightsp,

struct file **fpp)

{

struct ksem *ks;

diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index ef3ebeb58176..336a0dd77d5c 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c

@@ -91,7 +91,7 @@ static int sockargs(struct mbuf **, char *, socklen_t, int);

* A reference on the file entry is held upon returning.

int

-getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,

+getsock_cap(struct thread *td, int fd, const cap_rights_t *rightsp,

struct file **fpp, u_int *fflagp, struct filecaps *havecapsp)

{

struct file *fp;

@@ -727,7 +727,7 @@ kern_sendit(struct thread *td, int s, struct msghdr *mp, int flags,

struct uio auio;

struct iovec *iov;

struct socket *so;

- cap_rights_t *rights;

+ const cap_rights_t *rights;

#ifdef KTRACE

struct uio *ktruio = NULL;

#endif

diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 7dcdaa66adb8..51f26b843c45 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c

@@ -4315,7 +4315,7 @@ out:

* semantics.

int

-getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,

+getvnode_path(struct thread *td, int fd, const cap_rights_t *rightsp,

struct file **fpp)

{

struct file *fp;

@@ -4353,7 +4353,8 @@ getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,

* A reference on the file entry is held upon returning.

int

-getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)

+getvnode(struct thread *td, int fd, const cap_rights_t *rightsp,

+ struct file **fpp)

{

int error;

diff --git a/sys/sys/file.h b/sys/sys/file.h
index 9ae31974745a..4c0ec276c700 100644
--- a/sys/sys/file.h
+++ b/sys/sys/file.h

@@ -251,14 +251,15 @@ extern struct fileops socketops;

extern int maxfiles; /* kernel limit on number of open files */

extern int maxfilesperproc; /* per process limit on number of open files */

-int fget(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp);

-int fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp,

+int fget(struct thread *td, int fd, const cap_rights_t *rightsp,

+ struct file **fpp);

+int fget_mmap(struct thread *td, int fd, const cap_rights_t *rightsp,

vm_prot_t *maxprotp, struct file **fpp);

-int fget_read(struct thread *td, int fd, cap_rights_t *rightsp,

+int fget_read(struct thread *td, int fd, const cap_rights_t *rightsp,

struct file **fpp);

-int fget_write(struct thread *td, int fd, cap_rights_t *rightsp,

+int fget_write(struct thread *td, int fd, const cap_rights_t *rightsp,

struct file **fpp);

-int fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp,

+int fget_fcntl(struct thread *td, int fd, const cap_rights_t *rightsp,

int needfcntl, struct file **fpp);

int _fdrop(struct file *fp, struct thread *td);

int fget_remote(struct thread *td, struct proc *p, int fd, struct file **fpp);

@@ -281,15 +282,15 @@ int file_kcmp_generic(struct file *fp1, struct file *fp2, struct thread *td);

void finit(struct file *, u_int, short, void *, struct fileops *);

void finit_vnode(struct file *, u_int, void *, struct fileops *);

-int fgetvp(struct thread *td, int fd, cap_rights_t *rightsp,

+int fgetvp(struct thread *td, int fd, const cap_rights_t *rightsp,

struct vnode **vpp);

-int fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp,

+int fgetvp_exec(struct thread *td, int fd, const cap_rights_t *rightsp,

struct vnode **vpp);

-int fgetvp_rights(struct thread *td, int fd, cap_rights_t *needrightsp,

+int fgetvp_rights(struct thread *td, int fd, const cap_rights_t *needrightsp,

struct filecaps *havecaps, struct vnode **vpp);

-int fgetvp_read(struct thread *td, int fd, cap_rights_t *rightsp,

+int fgetvp_read(struct thread *td, int fd, const cap_rights_t *rightsp,

struct vnode **vpp);

-int fgetvp_write(struct thread *td, int fd, cap_rights_t *rightsp,

+int fgetvp_write(struct thread *td, int fd, const cap_rights_t *rightsp,

struct vnode **vpp);

int fgetvp_lookup_smr(int fd, struct nameidata *ndp, struct vnode **vpp, bool *fsearch);

int fgetvp_lookup(int fd, struct nameidata *ndp, struct vnode **vpp);

diff --git a/sys/sys/filedesc.h b/sys/sys/filedesc.h
index 9055f0a785e7..bf7a27e37161 100644
--- a/sys/sys/filedesc.h
+++ b/sys/sys/filedesc.h

@@ -267,22 +267,23 @@ struct filedesc_to_leader *

struct filedesc_to_leader *

filedesc_to_leader_share(struct filedesc_to_leader *fdtol,

struct filedesc *fdp);

-int getvnode(struct thread *td, int fd, cap_rights_t *rightsp,

+int getvnode(struct thread *td, int fd, const cap_rights_t *rightsp,

struct file **fpp);

-int getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,

+int getvnode_path(struct thread *td, int fd, const cap_rights_t *rightsp,

struct file **fpp);

void mountcheckdirs(struct vnode *olddp, struct vnode *newdp);

-int fget_cap_locked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

- struct file **fpp, struct filecaps *havecapsp);

-int fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,

+int fget_cap_locked(struct filedesc *fdp, int fd,

+ const cap_rights_t *needrightsp, struct file **fpp,

+ struct filecaps *havecapsp);

+int fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,

struct file **fpp, struct filecaps *havecapsp);

/* Return a referenced file from an unlocked descriptor. */

-int fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

- struct file **fpp);

+int fget_unlocked(struct filedesc *fdp, int fd,

+ const cap_rights_t *needrightsp, struct file **fpp);

/* Return a file pointer without a ref. FILEDESC_IS_ONLY_USER must be true. */

-int fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,

- struct file **fpp);

+int fget_only_user(struct filedesc *fdp, int fd,

+ const cap_rights_t *needrightsp, struct file **fpp);

#define fput_only_user(fdp, fp) ({ \

MPASS(FILEDESC_IS_ONLY_USER(fdp)); \

MPASS(refcount_load(&fp->f_count) > 0); \

diff --git a/sys/sys/namei.h b/sys/sys/namei.h
index 2eb5d49afa62..8ae9f0d786d6 100644
--- a/sys/sys/namei.h
+++ b/sys/sys/namei.h

@@ -72,7 +72,7 @@ struct nameidata {

const char *ni_dirp; /* pathname pointer */

enum uio_seg ni_segflg; /* location of pathname */

- cap_rights_t *ni_rightsneeded; /* rights required to look up vnode */

+ const cap_rights_t *ni_rightsneeded; /* rights needed to look up vnode */

* Arguments to lookup.

@@ -250,7 +250,7 @@ int cache_fplookup(struct nameidata *ndp, enum cache_fpl_status *status,

#define NDINIT_ALL(ndp, op, flags, segflg, namep, dirfd, startdir, rightsp, td) \

do { \

struct nameidata *_ndp = (ndp); \

- cap_rights_t *_rightsp = (rightsp); \

+ const cap_rights_t *_rightsp = (rightsp); \

MPASS(_rightsp != NULL); \

NDINIT_PREFILL(_ndp); \

NDINIT_DBG(_ndp); \

diff --git a/sys/sys/procdesc.h b/sys/sys/procdesc.h
index ca26d65d5417..4e8b06fb7377 100644
--- a/sys/sys/procdesc.h
+++ b/sys/sys/procdesc.h

@@ -94,8 +94,10 @@ struct procdesc {

* In-kernel interfaces to process descriptors.

int procdesc_exit(struct proc *);

-int procdesc_find(struct thread *, int fd, cap_rights_t *, struct proc **);

-int kern_pdgetpid(struct thread *, int fd, cap_rights_t *, pid_t *pidp);

+int procdesc_find(struct thread *, int fd, const cap_rights_t *,

+ struct proc **);

+int kern_pdgetpid(struct thread *, int fd, const cap_rights_t *,

+ pid_t *pidp);

void procdesc_new(struct proc *, int);

void procdesc_finit(struct procdesc *, struct file *);

pid_t procdesc_pid(struct file *);

diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h
index e7ad086818f4..d2b5ac867a46 100644
--- a/sys/sys/socketvar.h
+++ b/sys/sys/socketvar.h

@@ -418,7 +418,7 @@ struct uio;

int getsockaddr(struct sockaddr **namp, const struct sockaddr *uaddr,

size_t len);

-int getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,

+int getsock_cap(struct thread *td, int fd, const cap_rights_t *rightsp,

struct file **fpp, u_int *fflagp, struct filecaps *havecaps);

void soabort(struct socket *so);

int soaccept(struct socket *so, struct sockaddr **nam);