Add some checks to ensure that Capsicum is behaving correctly, and add some

more explicit comments about what's going on and what future maintainers
need to do when e.g. adding a new operation to a sys_machdep.c.

Approved by: mentor(rwatson), re(bz)

1 files changed, 18 insertions, 16 deletions

diff --git a/sys/amd64/amd64/sys_machdep.c b/sys/amd64/amd64/sys_machdep.c
index beb248c..17eada1 100644
--- a/sys/amd64/amd64/sys_machdep.c
+++ b/sys/amd64/amd64/sys_machdep.c
@@ -182,26 +182,28 @@ sysarch(td, uap)
 
 #ifdef CAPABILITY_MODE
 	/*
-	 * Whitelist of operations which are safe enough for capability mode.
+	 * When adding new operations, add a new case statement here to
+	 * explicitly indicate whether or not the operation is safe to
+	 * perform in capability mode.
 	 */
 	if (IN_CAPABILITY_MODE(td)) {
 		switch (uap->op) {
-			case I386_GET_LDT:
-			case I386_SET_LDT:
-			case I386_GET_IOPERM:
-			case I386_GET_FSBASE:
-			case I386_SET_FSBASE:
-			case I386_GET_GSBASE:
-			case I386_SET_GSBASE:
-			case AMD64_GET_FSBASE:
-			case AMD64_SET_FSBASE:
-			case AMD64_GET_GSBASE:
-			case AMD64_SET_GSBASE:
-				break;
+		case I386_GET_LDT:
+		case I386_SET_LDT:
+		case I386_GET_IOPERM:
+		case I386_GET_FSBASE:
+		case I386_SET_FSBASE:
+		case I386_GET_GSBASE:
+		case I386_SET_GSBASE:
+		case AMD64_GET_FSBASE:
+		case AMD64_SET_FSBASE:
+		case AMD64_GET_GSBASE:
+		case AMD64_SET_GSBASE:
+			break;
 
-			case I386_SET_IOPERM:
-			default:
-				return (ECAPMODE);
+		case I386_SET_IOPERM:
+		default:
+			return (ECAPMODE);
 		}
 	}
 #endif