rights(4): fix our representation of the unused bits
ClosedPublic
Actions

Authored by kevans on Mon, Jun 8, 4:53 PM.

Details

Reviewers

markj
oshogbo
kib

Group Reviewers

capsicum

Commits

rG57fefbee1f95: rights(4): fix our representation of the unused bits

Summary

The current format seems to be a little confusing, and the version of it
for index 0 was broken by the below-referenced commit. Turn our
UNUSED macros into a single mask for the entire unused range to prevent
future misinterpretation, since these are still useful to have around as
long as the top 7 bits are reserved for different uses / defined to be
zeroed out.

While we're here, add some static assertions to confirm that our
bookkeeping is in order for these, since it's not unexpected that one
might use CAP_UNUSED* to determine where they can slice off a new right.

Fixes: b165e9e3ea4e327fc ("Add fchroot(2)")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 73991
Build 70874: arc lint + arc unit

Event Timeline

kevans created this revision.Mon, Jun 8, 4:53 PM

Herald added subscribers: olce, imp. · View Herald TranscriptMon, Jun 8, 4:53 PM

kevans requested review of this revision.Mon, Jun 8, 4:53 PM

Harbormaster completed remote builds in B73749: Diff 179397.Mon, Jun 8, 4:53 PM

oshogbo accepted this revision.Mon, Jun 8, 6:26 PM

oshogbo added a subscriber: oshogbo.

oshogbo added inline comments.

sys/kern/subr_capability.c
55 ↗	(On Diff #179397)	This reads a little bit weird - but maybe its just me. Maybe: CAP_ALL0 and CAP_UNUSED0 must cover all non-reserved bits

This revision is now accepted and ready to land.Mon, Jun 8, 6:26 PM

kevans added inline comments.Mon, Jun 8, 6:45 PM

sys/kern/subr_capability.c
55 ↗	(On Diff #179397)	I like how that reads better, though I wonder if it'd be better to split into two and have one that separately asserts that the combination doesn't touch the reserved bits outside of the index.

kib added a subscriber: kib.Mon, Jun 8, 9:39 PM

kib added inline comments.

sys/sys/capsicum.h
341–342	I think this is similarly not obvious as the current state. I suggest to go out and proivde CAP_UNUSEDXX for each unused bit in the word 1. It costs nothing to generate all of them, but much easier to pick one later.

I like kib's suggestion, or at least keeping the old style used for CAP_UNUSED1_22 ... CAP_UNUSED1_57.

Reverse course to make picking a bit later easier, split out a boatload of
CAP_UNUSED macros. The assertions are useless anyways if we enumerate all of
the valid bits, so just drop those.

This revision now requires review to proceed.Fri, Jun 19, 4:31 AM

Harbormaster completed remote builds in B73991: Diff 180042.Fri, Jun 19, 4:31 AM

kib accepted this revision.Fri, Jun 19, 7:39 AM

This revision is now accepted and ready to land.Fri, Jun 19, 7:39 AM

markj accepted this revision.Fri, Jun 19, 4:57 PM

Closed by commit rG57fefbee1f95: rights(4): fix our representation of the unused bits (authored by kevans). · Explain WhySat, Jun 20, 1:58 PM

This revision was automatically updated to reflect the committed changes.

kevans added a commit: rG57fefbee1f95: rights(4): fix our representation of the unused bits.