PERFORCE change 156454 for review

Tue Jan 20 16:27:00 PST 2009

http://perforce.freebsd.org/chv.cgi?CH=156454

Change 156454 by rwatson at rwatson_freebsd_capabilities on 2009/01/21 00:26:55

	When exporting file descriptor data via the filedesc sysctl for
	procstat, rather than exporting the capability, export the
	underlying object information and just set a flag indicating it
	is wrapped by a capability.  Export the rights mask as well.
	
	Modify procstat to handle this by adding a new file descriptor
	flag field; for now, don't print capability rights as that is
	really too wide for the -f display by default, but in the
	future we may want to add a -C to enable capability mask
	printing.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#16 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/user.h#11 edit
.. //depot/projects/trustedbsd/capabilities/src/usr.bin/procstat/procstat_files.c#11 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#16 (text+ko) ====

@@ -2675,6 +2675,17 @@
 		so = NULL;
 		tp = NULL;
 		kif->kf_fd = i;
+
+		/*
+		 * When reporting a capability, most fields will be from the
+		 * underlying object, but do mark as a capability.  With
+		 * ofiledesc, we don't have a field to export the
+		 * cap_rights_t, but we do with the new filedesc.
+		 */
+		if (fp->f_type == DTYPE_CAPABILITY) {
+			kif->kf_flags |= KF_FLAG_CAPABILITY;
+			(void)cap_fextract(fp, 0, &fp);
+		}
 		switch (fp->f_type) {
 		case DTYPE_VNODE:
 			kif->kf_type = KF_TYPE_VNODE;
@@ -2721,10 +2732,6 @@
 			tp = fp->f_data;
 			break;
 
-		case DTYPE_CAPABILITY:
-			kif->kf_type = KF_TYPE_CAPABILITY;
-			break;
-
 		case DTYPE_PROCDESC:
 			kif->kf_type = KF_TYPE_PROCDESC;
 			break;
@@ -2933,6 +2940,17 @@
 		so = NULL;
 		tp = NULL;
 		kif->kf_fd = i;
+
+		/*
+		 * When reporting a capability, most fields will be from the
+		 * underlying object, but do mark as a capability and export
+		 * the capability rights mask.
+		 */
+		if (fp->f_type == DTYPE_CAPABILITY) {
+			kif->kf_flags |= KF_FLAG_CAPABILITY;
+			kif->kf_cap_rights = cap_rights(fp);
+			(void)cap_fextract(fp, 0, &fp);
+		}
 		switch (fp->f_type) {
 		case DTYPE_VNODE:
 			kif->kf_type = KF_TYPE_VNODE;
@@ -2977,10 +2995,6 @@
 		case DTYPE_PTS:
 			kif->kf_type = KF_TYPE_PTS;
 			tp = fp->f_data;
-
-		case DTYPE_CAPABILITY:
-			kif->kf_type = KF_TYPE_CAPABILITY;
-			kif->kf_cap_rights = cap_rights(fp);
 			break;
 
 		case DTYPE_PROCDESC:

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/user.h#11 (text+ko) ====

@@ -252,7 +252,6 @@
 #define	KF_TYPE_SHM	8
 #define	KF_TYPE_SEM	9
 #define	KF_TYPE_PTS	10
-#define	KF_TYPE_CAPABILITY	11
 #define	KF_TYPE_PROCDESC	12
 #define	KF_TYPE_UNKNOWN	255
 
@@ -279,6 +278,7 @@
 #define	KF_FLAG_NONBLOCK	0x00000020
 #define	KF_FLAG_DIRECT		0x00000040
 #define	KF_FLAG_HASLOCK		0x00000080
+#define	KF_FLAG_CAPABILITY	0x00000100
 
 /*
  * Old format.  Has variable hidden padding due to alignment.

==== //depot/projects/trustedbsd/capabilities/src/usr.bin/procstat/procstat_files.c#11 (text+ko) ====

@@ -132,6 +132,7 @@
 	printf("%s", addr);
 }
 
+#if notyet
 static struct cap_desc {
 	cap_rights_t	 cd_right;
 	const char	*cd_desc;
@@ -199,6 +200,7 @@
 		}
 	}
 }
+#endif
 
 void
 procstat_files(pid_t pid, struct kinfo_proc *kipp)
@@ -208,7 +210,7 @@
 	const char *str;
 
 	if (!hflag)
-		printf("%5s %-16s %4s %1s %1s %-8s %3s %7s %-3s %-12s\n",
+		printf("%5s %-16s %4s %1s %1s %-9s %3s %7s %-3s %-12s\n",
 		    "PID", "COMM", "FD", "T", "V", "FLAGS", "REF", "OFFSET",
 		    "PRO", "NAME");
 
@@ -278,15 +280,6 @@
 			str = "e";
 			break;
 
-		case KF_TYPE_CAPABILITY:
-			/*
-			 * XXXRW: Ideally, we'd display detailed information
-			 * on the object behind the capability, and the
-			 * rights on the capability.
-			 */
-			str = "a";
-			break;
-
 		case KF_TYPE_PROCDESC:
 			str = "P";
 			break;
@@ -348,7 +341,8 @@
 		printf("%s", kif->kf_flags & KF_FLAG_FSYNC ? "f" : "-");
 		printf("%s", kif->kf_flags & KF_FLAG_NONBLOCK ? "n" : "-");
 		printf("%s", kif->kf_flags & KF_FLAG_DIRECT ? "d" : "-");
-		printf("%s ", kif->kf_flags & KF_FLAG_HASLOCK ? "l" : "-");
+		printf("%s", kif->kf_flags & KF_FLAG_HASLOCK ? "l" : "-");
+		printf("%s ", kif->kf_flags & KF_FLAG_CAPABILITY ? "c" : "-");
 		if (kif->kf_ref_count > -1)
 			printf("%3d ", kif->kf_ref_count);
 		else
@@ -392,11 +386,6 @@
 			}
 			break;
 
-		case KF_TYPE_CAPABILITY:
-			printf("%-4s ", "-");
-			print_capability(kif->kf_cap_rights);
-			break;
-
 		case KF_TYPE_PROCDESC:
 			printf("%-3s %d", "-", kif->kf_pid);
 			break;
