K 10
svn:author
V 3
mjg
K 8
svn:date
V 27
2014-10-14T21:19:23.737206Z
K 7
svn:log
V 1384
MFC r269023,r272503,r272505,r272523,r272567,r272569,r272574

Prepare fget_unlocked for reading fd table only once.

Some capsicum functions accept fdp + fd and lookup fde based on that.
Add variants which accept fde.

===============================

Add sequence counters with memory barriers.

Current implementation is somewhat simplistic and hackish,
will be improved later after possible memory barrier overhaul.

===============================

Plug capability races.

fp and appropriate capability lookups were not atomic, which could result in
improper capabilities being checked.

This could result either in protection bypass or in a spurious ENOTCAPABLE.

Make fp + capability check atomic with the help of sequence counters.

===============================

Put and #ifdef _KERNEL around the #include for opt_capsicum.h to
hopefully allow the build to finish after r272505.

===============================

filedesc: fix up breakage introduced in 272505

Include sequence counter supports incoditionally [1]. This fixes reprted build
problems with e.g. nvidia driver due to missing opt_capsicum.h.

Replace fishy looking sizeof with offsetof. Make fde_seq the last member in
order to simplify calculations.

===============================

Keep struct filedescent comments within 80-char limit.

===============================

seq_t needs to be visible to userspace

END