Previously we'd have an assertion failure in cap_rights_is_set if sysdecode_cap_rights is called with an invalid cap_rights_t, so test for validity first.
Found during investigation of PR 222258
Details
Details
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
I don't have any confidence I understand what the layout of bits in cr_rights[foo] is supposed to be, but assuming that CAPIDXBIT == 1 << i part is correct, LGTM.
Comment Actions
From sys/sys/caprights.h:
/* * The top two bits in the first element of the cr_rights[] array contain * total number of elements in the array - 2. This means if those two bits are * equal to 0, we have 2 array elements. * The top two bits in all remaining array elements should be 0. * The next five bits contain array index. Only one bit is used and bit position * in this five-bits range defines array index. This means there can be at most * five array elements. */
and sys/kern/subr_capability.c:
static __inline int
right_to_index(uint64_t right)
{
static const int bit2idx[] = {
-1, 0, 1, -1, 2, -1, -1, -1, 3, -1, -1, -1, -1, -1, -1, -1,
4, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
};
int idx;
idx = CAPIDXBIT(right);
assert(idx >= 0 && idx < sizeof(bit2idx) / sizeof(bit2idx[0]));
return (bit2idx[idx]);
}This could be better documented, but basically an individual capability right consists of two bits of version/size, five bits of index (where only one bit is set), and 57 bits corresponding to individual capabilities. A set of rights consists of an array of up to five elements (depending on version).
Comment Actions
I see. I was looking at the C file subr_capability.c and didn't know to look in that header.
Comment Actions
Yes - in fact I knew I read this description at one point but couldn't find it again just now -- which is why I added the file links and quoted the comment itself :-)