diff options
| -rw-r--r-- | sys/kern/kern_event.c | 15 | ||||
| -rw-r--r-- | sys/kern/sys_generic.c | 9 | ||||
| -rw-r--r-- | sys/kern/uipc_mqueue.c | 4 | ||||
| -rw-r--r-- | sys/sys/capability.h | 19 | ||||
| -rw-r--r-- | usr.bin/procstat/procstat_files.c | 5 |
5 files changed, 35 insertions, 17 deletions
diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index 2b08c1b..dfbba67 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -855,10 +855,17 @@ kern_kevent(struct thread *td, int fd, int nchanges, int nevents, cap_rights_t rights; int i, n, nerrors, error; - error = fget(td, fd, cap_rights_init(&rights, CAP_POST_EVENT), &fp); + cap_rights_init(&rights); + if (nchanges > 0) + cap_rights_set(&rights, CAP_KQUEUE_CHANGE); + if (nevents > 0) + cap_rights_set(&rights, CAP_KQUEUE_EVENT); + error = fget(td, fd, &rights, &fp); if (error != 0) return (error); - if ((error = kqueue_acquire(fp, &kq)) != 0) + + error = kqueue_acquire(fp, &kq); + if (error != 0) goto done_norel; nerrors = 0; @@ -1015,7 +1022,7 @@ findkn: if (fops->f_isfd) { KASSERT(td != NULL, ("td is NULL")); error = fget(td, kev->ident, - cap_rights_init(&rights, CAP_POLL_EVENT), &fp); + cap_rights_init(&rights, CAP_EVENT), &fp); if (error) goto done; @@ -2301,7 +2308,7 @@ kqfd_register(int fd, struct kevent *kev, struct thread *td, int waitok) cap_rights_t rights; int error; - error = fget(td, fd, cap_rights_init(&rights, CAP_POST_EVENT), &fp); + error = fget(td, fd, cap_rights_init(&rights, CAP_KQUEUE_CHANGE), &fp); if (error != 0) return (error); if ((error = kqueue_acquire(fp, &kq)) != 0) diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c index c7dfd8f..f8fafb7 100644 --- a/sys/kern/sys_generic.c +++ b/sys/kern/sys_generic.c @@ -1195,8 +1195,9 @@ getselfd_cap(struct filedesc *fdp, int fd, struct file **fpp) { cap_rights_t rights; - return (fget_unlocked(fdp, fd, cap_rights_init(&rights, CAP_POLL_EVENT), - 0, fpp, NULL)); + cap_rights_init(&rights, CAP_EVENT); + + return (fget_unlocked(fdp, fd, &rights, 0, fpp, NULL)); } /* @@ -1392,7 +1393,7 @@ pollrescan(struct thread *td) #ifdef CAPABILITIES if (fp == NULL || cap_check(cap_rights(fdp, fd->fd), - cap_rights_init(&rights, CAP_POLL_EVENT)) != 0) + cap_rights_init(&rights, CAP_EVENT)) != 0) #else if (fp == NULL) #endif @@ -1467,7 +1468,7 @@ pollscan(td, fds, nfd) #ifdef CAPABILITIES if (fp == NULL || cap_check(cap_rights(fdp, fds->fd), - cap_rights_init(&rights, CAP_POLL_EVENT)) != 0) + cap_rights_init(&rights, CAP_EVENT)) != 0) #else if (fp == NULL) #endif diff --git a/sys/kern/uipc_mqueue.c b/sys/kern/uipc_mqueue.c index fe7e886..20efbe0 100644 --- a/sys/kern/uipc_mqueue.c +++ b/sys/kern/uipc_mqueue.c @@ -2119,7 +2119,7 @@ getmq(struct thread *td, int fd, struct file **fpp, struct mqfs_node **ppn, { cap_rights_t rights; - return _getmq(td, fd, cap_rights_init(&rights, CAP_POLL_EVENT), fget, + return _getmq(td, fd, cap_rights_init(&rights, CAP_EVENT), fget, fpp, ppn, pmq); } @@ -2282,7 +2282,7 @@ again: } #ifdef CAPABILITIES error = cap_check(cap_rights(fdp, mqd), - cap_rights_init(&rights, CAP_POLL_EVENT)); + cap_rights_init(&rights, CAP_EVENT)); if (error) { FILEDESC_SUNLOCK(fdp); goto out; diff --git a/sys/sys/capability.h b/sys/sys/capability.h index ace35f2..aad4a15 100644 --- a/sys/sys/capability.h +++ b/sys/sys/capability.h @@ -226,9 +226,10 @@ #define CAP_SEM_POST CAPRIGHT(1, 0x0000000000000008ULL) #define CAP_SEM_WAIT CAPRIGHT(1, 0x0000000000000010ULL) -/* kqueue events. */ -#define CAP_POLL_EVENT CAPRIGHT(1, 0x0000000000000020ULL) -#define CAP_POST_EVENT CAPRIGHT(1, 0x0000000000000040ULL) +/* Allows select(2) and poll(2) on descriptor. */ +#define CAP_EVENT CAPRIGHT(1, 0x0000000000000020ULL) +/* Allows for kevent(2) on kqueue descriptor with eventlist != NULL. */ +#define CAP_KQUEUE_EVENT CAPRIGHT(1, 0x0000000000000040ULL) /* Strange and powerful rights that should not be given lightly. */ /* Allows for ioctl(2). */ @@ -263,14 +264,22 @@ /* Allows for acl_set_fd(3) and acl_set_fd_np(3). */ #define CAP_ACL_SET CAPRIGHT(1, 0x0000000000080000ULL) +/* Allows for kevent(2) on kqueue descriptor with changelist != NULL. */ +#define CAP_KQUEUE_CHANGE CAPRIGHT(1, 0x0000000000100000ULL) + +#define CAP_KQUEUE (CAP_KQUEUE_EVENT | CAP_KQUEUE_CHANGE) + /* All used bits for index 1. */ -#define CAP_ALL1 CAPRIGHT(1, 0x00000000000FFFFFULL) +#define CAP_ALL1 CAPRIGHT(1, 0x00000000001FFFFFULL) /* Available bits for index 1. */ -#define CAP_UNUSED1_21 CAPRIGHT(1, 0x0000000000100000ULL) +#define CAP_UNUSED1_22 CAPRIGHT(1, 0x0000000000200000ULL) /* ... */ #define CAP_UNUSED1_57 CAPRIGHT(1, 0x0100000000000000ULL) +/* Backward compatibility. */ +#define CAP_POLL_EVENT CAP_EVENT + #define CAP_ALL(rights) do { \ (rights)->cr_rights[0] = \ ((uint64_t)CAP_RIGHTS_VERSION << 62) | CAP_ALL0; \ diff --git a/usr.bin/procstat/procstat_files.c b/usr.bin/procstat/procstat_files.c index d65c1ae..484dc2d 100644 --- a/usr.bin/procstat/procstat_files.c +++ b/usr.bin/procstat/procstat_files.c @@ -203,8 +203,9 @@ static struct cap_desc { { CAP_SEM_WAIT, "sw" }, /* Event monitoring and posting. */ - { CAP_POLL_EVENT, "po" }, - { CAP_POST_EVENT, "ev" }, + { CAP_EVENT, "ev" }, + { CAP_KQUEUE_EVENT, "ke" }, + { CAP_KQUEUE_CHANGE, "kc" }, /* Strange and powerful rights that should not be given lightly. */ { CAP_IOCTL, "io" }, |
