capsicum: provide cap_rights_fde_inline

Reading caps is in the hot path (on each successful fd lookup), but
completely unnecessarily requires a function call.

Approved by:	re (gjb)
Sponsored by:	The FreeBSD Foundation

sys/kern/kern_descrip.c

@@ -2560,7 +2560,7 @@ fget_cap_locked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
 	}
 
 #ifdef CAPABILITIES
-	error = cap_check(cap_rights_fde(fde), needrightsp);
+	error = cap_check(cap_rights_fde_inline(fde), needrightsp);
 	if (error != 0)
 		goto out;
 #endif
@@ -2651,7 +2651,7 @@ fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
 #ifdef CAPABILITIES
 		seq = seq_read(fd_seq(fdt, fd));
 		fde = &fdt->fdt_ofiles[fd];
-		haverights = *cap_rights_fde(fde);
+		haverights = *cap_rights_fde_inline(fde);
 		fp = fde->fde_file;
 		if (!seq_consistent(fd_seq(fdt, fd), seq))
 			continue;

sys/kern/sys_capability.c

@@ -208,7 +208,7 @@ const cap_rights_t *
 cap_rights_fde(const struct filedescent *fdep)
 {
 
-	return (&fdep->fde_rights);
+	return (cap_rights_fde_inline(fdep));
 }
 
 const cap_rights_t *

sys/sys/capsicum.h

@@ -465,7 +465,13 @@ u_char	cap_rights_to_vmprot(const cap_rights_t *havep);
 /*
  * For the purposes of procstat(1) and similar tools, allow kern_descrip.c to
  * extract the rights from a capability.
+ *
+ * Dereferencing fdep requires filedesc.h, but including it would cause
+ * significant pollution. Instead add a macro for consumers which want it,
+ * most notably kern_descrip.c.
  */
+#define cap_rights_fde_inline(fdep)	(&(fdep)->fde_rights)
+
 const cap_rights_t	*cap_rights_fde(const struct filedescent *fde);
 const cap_rights_t	*cap_rights(struct filedesc *fdp, int fd);