shm: correct KPI mistake introduced around memfd_create

When file sealing and shm_open2 were introduced, we should have grown a new
kern_shm_open2 helper that did the brunt of the work with the new interface
while kern_shm_open remains the same. Instead, more complexity was
introduced to kern_shm_open to handle the additional features and consumers
had to keep changing in somewhat awkward ways, and a kern_shm_open2 was
added to wrap kern_shm_open.

Backpedal on this and correct the situation- kern_shm_open returns to the
interface it had prior to file sealing being introduced, and neither
function needs an initial_seals argument anymore as it's handled in
kern_shm_open2 based on the shmflags.

sys/compat/cloudabi/cloudabi_fd.c

@@ -96,7 +96,7 @@ cloudabi_sys_fd_create1(struct thread *td,
 		cap_rights_init(&fcaps.fc_rights, CAP_FSTAT, CAP_FTRUNCATE,
 		    CAP_MMAP_RWX);
 		return (kern_shm_open(td, SHM_ANON, O_RDWR | O_CLOEXEC, 0,
-		    &fcaps, F_SEAL_SEAL));
+		    &fcaps));
 	default:
 		return (EINVAL);
 	}

sys/kern/uipc_shm.c

@@ -731,8 +731,8 @@ shm_remove(char *path, Fnv32_t fnv, struct ucred *ucred)
 }
 
 int
-kern_shm_open(struct thread *td, const char *userpath, int flags, mode_t mode,
-    struct filecaps *fcaps, int initial_seals)
+kern_shm_open2(struct thread *td, const char *userpath, int flags, mode_t mode,
+    int shmflags, struct filecaps *fcaps, const char *name __unused)
 {
 	struct filedesc *fdp;
 	struct shmfd *shmfd;
@@ -741,7 +741,14 @@ kern_shm_open(struct thread *td, const char *userpath, int flags, mode_t mode,
 	void *rl_cookie;
 	Fnv32_t fnv;
 	mode_t cmode;
-	int fd, error;
+	int error, fd, initial_seals;
+
+	if ((shmflags & ~SHM_ALLOW_SEALING) != 0)
+		return (EINVAL);
+
+	initial_seals = F_SEAL_SEAL;
+	if ((shmflags & SHM_ALLOW_SEALING) != 0)
+		initial_seals &= ~F_SEAL_SEAL;
 
 #ifdef CAPABILITY_MODE
 	/*
@@ -923,8 +930,8 @@ int
 freebsd12_shm_open(struct thread *td, struct freebsd12_shm_open_args *uap)
 {
 
-	return (kern_shm_open(td, uap->path, uap->flags | O_CLOEXEC, uap->mode,
-	    NULL, F_SEAL_SEAL));
+	return (kern_shm_open(td, uap->path, uap->flags | O_CLOEXEC,
+	    uap->mode, NULL));
 }
 #endif
 
@@ -1476,18 +1483,11 @@ SYSCTL_PROC(_kern_ipc, OID_AUTO, posix_shm_list,
     "POSIX SHM list");
 
 int
-kern_shm_open2(struct thread *td, const char *path, int flags, mode_t mode,
-    int shmflags, const char *name __unused)
+kern_shm_open(struct thread *td, const char *path, int flags, mode_t mode,
+    struct filecaps *caps)
 {
-	int initial_seals;
 
-	if ((shmflags & ~SHM_ALLOW_SEALING) != 0)
-		return (EINVAL);
-
-	initial_seals = F_SEAL_SEAL;
-	if ((shmflags & SHM_ALLOW_SEALING) != 0)
-		initial_seals &= ~F_SEAL_SEAL;
-	return (kern_shm_open(td, path, flags, mode, NULL, initial_seals));
+	return (kern_shm_open2(td, path, flags, mode, 0, caps, NULL));
 }
 
 /*
@@ -1505,5 +1505,5 @@ sys_shm_open2(struct thread *td, struct shm_open2_args *uap)
 {
 
 	return (kern_shm_open2(td, uap->path, uap->flags, uap->mode,
-	    uap->shmflags, uap->name));
+	    uap->shmflags, NULL, uap->name));
 }

sys/sys/syscallsubr.h

@@ -257,9 +257,10 @@ int	kern_setsockopt(struct thread *td, int s, int level, int name,
 int	kern_settimeofday(struct thread *td, struct timeval *tv,
 	    struct timezone *tzp);
 int	kern_shm_open(struct thread *td, const char *userpath, int flags,
-	    mode_t mode, struct filecaps *fcaps, int initial_seals);
+	    mode_t mode, struct filecaps *fcaps);
 int	kern_shm_open2(struct thread *td, const char *path, int flags,
-	    mode_t mode, int shmflags, const char *name);
+	    mode_t mode, int shmflags, struct filecaps *fcaps,
+	    const char *name);
 int	kern_shmat(struct thread *td, int shmid, const void *shmaddr,
 	    int shmflg);
 int	kern_shmctl(struct thread *td, int shmid, int cmd, void *buf,