CHERI hybrid: create kernel caps using PTR2CAP

When calling functions that need capabilities to kernel resources, create those capabilities using PTR2CAP.
CTSRD-CHERI · Aug 7, 2024 · 6c49ea4 · 6c49ea4
1 parent 5573511
commit 6c49ea4
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 8 deletions.
diff --git a/module/os/freebsd/zfs/zfs_file_os.c b/module/os/freebsd/zfs/zfs_file_os.c
@@ -71,9 +71,9 @@ zfs_file_open(const char *path, int flags, int mode, zfs_file_t **fpp)
 	fp->f_flag = flags & FMASK;
 
 #if __FreeBSD_version >= 1400043
-	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, path);
+	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, PTR2CAP(path));
 #else
-	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, path, td);
+	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, PTR2CAP(path), td);
 #endif
 	error = vn_open(&nd, &flags, mode, fp);
 	if (error != 0) {
@@ -329,7 +329,8 @@ zfs_file_unlink(const char *fnamep)
 	int rc;
 
 #if __FreeBSD_version >= 1300018
-	rc = kern_funlinkat(curthread, AT_FDCWD, fnamep, FD_NONE, seg, 0, 0);
+	rc = kern_funlinkat(curthread, AT_FDCWD, PTR2CAP(fnamep), FD_NONE,
+	    seg, 0, 0);
 #elif __FreeBSD_version >= 1202504 || defined(AT_BENEATH)
 	rc = kern_unlinkat(curthread, AT_FDCWD, __DECONST(char *, fnamep),
 	    seg, 0, 0);

diff --git a/module/os/freebsd/zfs/zfs_vnops_os.c b/module/os/freebsd/zfs/zfs_vnops_os.c
@@ -661,8 +661,8 @@ zfs_write_simple(znode_t *zp, const void *data, size_t len,
 	int error = 0;
 	ssize_t resid;
 
-	error = vn_rdwr(UIO_WRITE, ZTOV(zp), __DECONST(void *, data), len, pos,
-	    UIO_SYSSPACE, IO_SYNC, kcred, NOCRED, &resid, curthread);
+	error = vn_rdwr(UIO_WRITE, ZTOV(zp), PTR2CAP(__DECONST(void *, data)),
+	    len, pos, UIO_SYSSPACE, IO_SYNC, kcred, NOCRED, &resid, curthread);
 
 	if (error) {
 		return (SET_ERROR(error));
@@ -5360,7 +5360,8 @@ zfs_getextattr_dir(struct vop_getextattr_args *ap, const char *attrname)
 	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname,
 	    xvp, td);
 #else
-	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname, xvp);
+	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, PTR2CAP(attrname),
+	    xvp);
 #endif
 	error = vn_open_cred(&nd, &flags, 0, VN_OPEN_INVFS, ap->a_cred, NULL);
 	if (error != 0)
@@ -5505,7 +5506,7 @@ zfs_deleteextattr_dir(struct vop_deleteextattr_args *ap, const char *attrname)
 	    UIO_SYSSPACE, attrname, xvp, ap->a_td);
 #else
 	NDINIT_ATVP(&nd, DELETE, NOFOLLOW | LOCKPARENT | LOCKLEAF,
-	    UIO_SYSSPACE, attrname, xvp);
+	    UIO_SYSSPACE, PTR2CAP(attrname), xvp);
 #endif
 	error = namei(&nd);
 	if (error != 0)
@@ -5647,7 +5648,7 @@ zfs_setextattr_dir(struct vop_setextattr_args *ap, const char *attrname)
 #if __FreeBSD_version < 1400043
 	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname, xvp, td);
 #else
-	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname, xvp);
+	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, PTR2CAP(attrname), xvp);
 #endif
 	error = vn_open_cred(&nd, &flags, 0600, VN_OPEN_INVFS, ap->a_cred,
 	    NULL);