CHERI hybrid: create kernel caps using PTR2CAP

When calling functions that need capabilities to kernel resources, create those capabilities using PTR2CAP.
CTSRD-CHERI · Jul 21, 2023 · 01ab861 · 01ab861
1 parent f5dd641
commit 01ab861
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/module/os/freebsd/zfs/zfs_file_os.c b/module/os/freebsd/zfs/zfs_file_os.c
@@ -58,7 +58,7 @@ zfs_file_open(const char *path, int flags, int mode, zfs_file_t **fpp)
 	td = curthread;
 	pwd_ensure_dirs();
 	/* 12.x doesn't take a const char * */
-	rc = kern_openat(td, AT_FDCWD, __DECONST(char *, path),
+	rc = kern_openat(td, AT_FDCWD, PTR2CAP(path),
 	    UIO_SYSSPACE, flags, mode);
 	if (rc)
 		return (SET_ERROR(rc));
@@ -293,7 +293,8 @@ zfs_file_unlink(const char *fnamep)
 	int rc;
 
 #if __FreeBSD_version >= 1300018
-	rc = kern_funlinkat(curthread, AT_FDCWD, fnamep, FD_NONE, seg, 0, 0);
+	rc = kern_funlinkat(curthread, AT_FDCWD, PTR2CAP(fnamep), FD_NONE,
+	    seg, 0, 0);
 #elif __FreeBSD_version >= 1202504 || defined(AT_BENEATH)
 	rc = kern_unlinkat(curthread, AT_FDCWD, __DECONST(char *, fnamep),
 	    seg, 0, 0);

diff --git a/module/os/freebsd/zfs/zfs_vnops_os.c b/module/os/freebsd/zfs/zfs_vnops_os.c
@@ -655,8 +655,8 @@ zfs_write_simple(znode_t *zp, const void *data, size_t len,
 	int error = 0;
 	ssize_t resid;
 
-	error = vn_rdwr(UIO_WRITE, ZTOV(zp), __DECONST(void *, data), len, pos,
-	    UIO_SYSSPACE, IO_SYNC, kcred, NOCRED, &resid, curthread);
+	error = vn_rdwr(UIO_WRITE, ZTOV(zp), PTR2CAP(__DECONST(void *, data)),
+	    len, pos, UIO_SYSSPACE, IO_SYNC, kcred, NOCRED, &resid, curthread);
 
 	if (error) {
 		return (SET_ERROR(error));
@@ -5351,7 +5351,8 @@ zfs_getextattr_dir(struct vop_getextattr_args *ap, const char *attrname)
 	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname,
 	    xvp, td);
 #else
-	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname, xvp);
+	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, PTR2CAP(attrname),
+	    xvp);
 #endif
 	error = vn_open_cred(&nd, &flags, 0, VN_OPEN_INVFS, ap->a_cred, NULL);
 	if (error != 0)
@@ -5496,7 +5497,7 @@ zfs_deleteextattr_dir(struct vop_deleteextattr_args *ap, const char *attrname)
 	    UIO_SYSSPACE, attrname, xvp, ap->a_td);
 #else
 	NDINIT_ATVP(&nd, DELETE, NOFOLLOW | LOCKPARENT | LOCKLEAF,
-	    UIO_SYSSPACE, attrname, xvp);
+	    UIO_SYSSPACE, PTR2CAP(attrname), xvp);
 #endif
 	error = namei(&nd);
 	if (error != 0)
@@ -5638,7 +5639,7 @@ zfs_setextattr_dir(struct vop_setextattr_args *ap, const char *attrname)
 #if __FreeBSD_version < 1400043
 	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname, xvp, td);
 #else
-	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname, xvp);
+	NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, PTR2CAP(attrname), xvp);
 #endif
 	error = vn_open_cred(&nd, &flags, 0600, VN_OPEN_INVFS, ap->a_cred,
 	    NULL);