git: 626fe12e2801 - main - kern: mac: pull mac_label_copyin_string out
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 16 Jan 2026 00:24:22 UTC
The branch main has been updated by kevans:
URL: https://cgit.FreeBSD.org/src/commit/?id=626fe12e2801a06c59eaa056ecf11f573e30ecbb
commit 626fe12e2801a06c59eaa056ecf11f573e30ecbb
Author: Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-11-07 04:15:45 +0000
Commit: Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2026-01-16 00:23:39 +0000
kern: mac: pull mac_label_copyin_string out
A future commit to the area will further our jail integration and add
a use for this: the struct mac itself was already copied in as part of
vfs_buildopts(), so we only need to copyin the strings.
We add an explicit flag argument because the jail operation will need to
do it while holding the prison lock.
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D53957
---
sys/security/mac/mac_syscalls.c | 48 +++++++++++++++++++++++++----------------
1 file changed, 30 insertions(+), 18 deletions(-)
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index 3e9908fb9da9..2a8b8d1f18ce 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -90,6 +90,35 @@ struct mac32 {
};
#endif
+static int
+mac_label_copyin_string(struct mac *const mac, char **const u_string,
+ int flag)
+{
+ char *buffer;
+ int error;
+
+ error = mac_check_structmac_consistent(mac);
+ if (error != 0)
+ return (error);
+
+ /* 'm_buflen' not too big checked by function call above. */
+ buffer = malloc(mac->m_buflen, M_MACTEMP, flag);
+ if (buffer == NULL)
+ return (ENOMEM);
+
+ error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL);
+ if (error != 0) {
+ free(buffer, M_MACTEMP);
+ return (error);
+ }
+
+ MPASS(error == 0);
+ if (u_string != NULL)
+ *u_string = mac->m_string;
+ mac->m_string = buffer;
+ return (0);
+}
+
/*
* Copyin a 'struct mac', including the string pointed to by 'm_string'.
*
@@ -101,7 +130,6 @@ int
mac_label_copyin(const void *const u_mac, struct mac *const mac,
char **const u_string)
{
- char *buffer;
int error;
#ifdef COMPAT_FREEBSD32
@@ -122,23 +150,7 @@ mac_label_copyin(const void *const u_mac, struct mac *const mac,
return (error);
}
- error = mac_check_structmac_consistent(mac);
- if (error != 0)
- return (error);
-
- /* 'm_buflen' not too big checked by function call above. */
- buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
- error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL);
- if (error != 0) {
- free(buffer, M_MACTEMP);
- return (error);
- }
-
- MPASS(error == 0);
- if (u_string != NULL)
- *u_string = mac->m_string;
- mac->m_string = buffer;
- return (0);
+ return (mac_label_copyin_string(mac, u_string, M_WAITOK));
}
void