From feeee4c707ab28bab6cd1180144cef39832a1026 Mon Sep 17 00:00:00 2001
From: mjg <mjg@FreeBSD.org>
Date: Sun, 5 Jul 2015 19:05:16 +0000
Subject: fd: make 'rights' a manadatory argument to fget* functions

---
 sys/cddl/compat/opensolaris/sys/file.h | 3 ++-
 sys/compat/linux/linux_stats.c         | 3 ++-
 sys/fs/fdescfs/fdesc_vnops.c           | 3 ++-
 sys/kern/kern_descrip.c                | 3 ---
 sys/kern/vfs_aio.c                     | 3 ++-
 sys/security/audit/audit_bsm_klib.c    | 4 +++-
 6 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/sys/cddl/compat/opensolaris/sys/file.h b/sys/cddl/compat/opensolaris/sys/file.h
index f9349fd..f392d9e 100644
--- a/sys/cddl/compat/opensolaris/sys/file.h
+++ b/sys/cddl/compat/opensolaris/sys/file.h
@@ -52,9 +52,10 @@ static __inline void
 releasef(int fd)
 {
 	struct file *fp;
+	cap_rights_t rights;
 
 	/* No CAP_ rights required, as we're only releasing. */
-	if (fget(curthread, fd, NULL, &fp) == 0) {
+	if (fget(curthread, fd, cap_rights_init(&rights), &fp) == 0) {
 		fdrop(fp, curthread);
 		fdrop(fp, curthread);
 	}
diff --git a/sys/compat/linux/linux_stats.c b/sys/compat/linux/linux_stats.c
index 05d335a..84ade7b 100644
--- a/sys/compat/linux/linux_stats.c
+++ b/sys/compat/linux/linux_stats.c
@@ -139,13 +139,14 @@ translate_fd_major_minor(struct thread *td, int fd, struct stat *buf)
 {
 	struct file *fp;
 	struct vnode *vp;
+	cap_rights_t rights;
 	int major, minor;
 
 	/*
 	 * No capability rights required here.
 	 */
 	if ((!S_ISCHR(buf->st_mode) && !S_ISBLK(buf->st_mode)) ||
-	    fget(td, fd, 0, &fp) != 0)
+	    fget(td, fd, cap_rights_init(&rights), &fp) != 0)
 		return;
 	vp = fp->f_vnode;
 	if (vp != NULL && vp->v_rdev != NULL &&
diff --git a/sys/fs/fdescfs/fdesc_vnops.c b/sys/fs/fdescfs/fdesc_vnops.c
index 15f3bd4..1b0e569 100644
--- a/sys/fs/fdescfs/fdesc_vnops.c
+++ b/sys/fs/fdescfs/fdesc_vnops.c
@@ -288,6 +288,7 @@ fdesc_lookup(ap)
 	struct thread *td = cnp->cn_thread;
 	struct file *fp;
 	struct fdesc_get_ino_args arg;
+	cap_rights_t rights;
 	int nlen = cnp->cn_namelen;
 	u_int fd, fd1;
 	int error;
@@ -332,7 +333,7 @@ fdesc_lookup(ap)
 	/*
 	 * No rights to check since 'fp' isn't actually used.
 	 */
-	if ((error = fget(td, fd, NULL, &fp)) != 0)
+	if ((error = fget(td, fd, cap_rights_init(&rights), &fp)) != 0)
 		goto bad;
 
 	/* Check if we're looking up ourselves. */
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 2722283..85cda01 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -2423,13 +2423,10 @@ _fget(struct thread *td, int fd, struct file **fpp, int flags,
 {
 	struct filedesc *fdp;
 	struct file *fp;
-	cap_rights_t needrights;
 	int error;
 
 	*fpp = NULL;
 	fdp = td->td_proc->p_fd;
-	if (needrightsp == NULL)
-		needrightsp = cap_rights_init(&needrights);
 	error = fget_unlocked(fdp, fd, needrightsp, &fp, seqp);
 	if (error != 0)
 		return (error);
diff --git a/sys/kern/vfs_aio.c b/sys/kern/vfs_aio.c
index 0bfcf2d..fd50e05 100644
--- a/sys/kern/vfs_aio.c
+++ b/sys/kern/vfs_aio.c
@@ -2058,6 +2058,7 @@ sys_aio_cancel(struct thread *td, struct aio_cancel_args *uap)
 	struct aiocblist *cbe, *cbn;
 	struct file *fp;
 	struct socket *so;
+	cap_rights_t rights;
 	int error;
 	int remove;
 	int cancelled = 0;
@@ -2065,7 +2066,7 @@ sys_aio_cancel(struct thread *td, struct aio_cancel_args *uap)
 	struct vnode *vp;
 
 	/* Lookup file object. */
-	error = fget(td, uap->fd, NULL, &fp);
+	error = fget(td, uap->fd, cap_rights_init(&rights), &fp);
 	if (error)
 		return (error);
 
diff --git a/sys/security/audit/audit_bsm_klib.c b/sys/security/audit/audit_bsm_klib.c
index 2f5a92e..b687a15 100644
--- a/sys/security/audit/audit_bsm_klib.c
+++ b/sys/security/audit/audit_bsm_klib.c
@@ -32,6 +32,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/capsicum.h>
 #include <sys/fcntl.h>
 #include <sys/filedesc.h>
 #include <sys/libkern.h>
@@ -467,6 +468,7 @@ audit_canon_path(struct thread *td, int dirfd, char *path, char *cpath)
 	char *rbuf, *fbuf, *copy;
 	struct filedesc *fdp;
 	struct sbuf sbf;
+	cap_rights_t rights;
 	int error, needslash;
 
 	WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "%s: at %s:%d",
@@ -495,7 +497,7 @@ audit_canon_path(struct thread *td, int dirfd, char *path, char *cpath)
 			vhold(cvnp);
 		} else {
 			/* XXX: fgetvp() that vhold()s vnode instead of vref()ing it would be better */
-			error = fgetvp(td, dirfd, NULL, &cvnp);
+			error = fgetvp(td, dirfd, cap_rights_init(&rights), &cvnp);
 			if (error) {
 				FILEDESC_SUNLOCK(fdp);
 				cpath[0] = '\0';
-- 
cgit v1.1