capsicum: provide cap_rights_fde_inline
Reading caps is in the hot path (on each successful fd lookup), but completely unnecessarily requires a function call. Approved by: re (gjb) Sponsored by: The FreeBSD Foundation
This commit is contained in:
parent
17285ea2d0
commit
468ae8ae63
@ -2560,7 +2560,7 @@ fget_cap_locked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
|
||||
}
|
||||
|
||||
#ifdef CAPABILITIES
|
||||
error = cap_check(cap_rights_fde(fde), needrightsp);
|
||||
error = cap_check(cap_rights_fde_inline(fde), needrightsp);
|
||||
if (error != 0)
|
||||
goto out;
|
||||
#endif
|
||||
@ -2651,7 +2651,7 @@ fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
|
||||
#ifdef CAPABILITIES
|
||||
seq = seq_read(fd_seq(fdt, fd));
|
||||
fde = &fdt->fdt_ofiles[fd];
|
||||
haverights = *cap_rights_fde(fde);
|
||||
haverights = *cap_rights_fde_inline(fde);
|
||||
fp = fde->fde_file;
|
||||
if (!seq_consistent(fd_seq(fdt, fd), seq))
|
||||
continue;
|
||||
|
@ -208,7 +208,7 @@ const cap_rights_t *
|
||||
cap_rights_fde(const struct filedescent *fdep)
|
||||
{
|
||||
|
||||
return (&fdep->fde_rights);
|
||||
return (cap_rights_fde_inline(fdep));
|
||||
}
|
||||
|
||||
const cap_rights_t *
|
||||
|
@ -465,7 +465,13 @@ u_char cap_rights_to_vmprot(const cap_rights_t *havep);
|
||||
/*
|
||||
* For the purposes of procstat(1) and similar tools, allow kern_descrip.c to
|
||||
* extract the rights from a capability.
|
||||
*
|
||||
* Dereferencing fdep requires filedesc.h, but including it would cause
|
||||
* significant pollution. Instead add a macro for consumers which want it,
|
||||
* most notably kern_descrip.c.
|
||||
*/
|
||||
#define cap_rights_fde_inline(fdep) (&(fdep)->fde_rights)
|
||||
|
||||
const cap_rights_t *cap_rights_fde(const struct filedescent *fde);
|
||||
const cap_rights_t *cap_rights(struct filedesc *fdp, int fd);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user