git: 11b567e94ad2 - main - MAC/do: Remove superfluous configuration initialization
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 29 May 2026 16:01:42 UTC
The branch main has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=11b567e94ad2a1b4baf768d77c6f1fb2018cfe83
commit 11b567e94ad2a1b4baf768d77c6f1fb2018cfe83
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2026-05-20 09:29:51 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2026-05-29 15:22:49 +0000
MAC/do: Remove superfluous configuration initialization
Configuration objects would be initialized (zeroed, and some
STAILQ_INIT() called) multiple times. Make sure they are so only once,
and add assertions to check that this is actually the case for functions
that expect it.
Reviewed by: bapt
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Pull Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
---
sys/security/mac_do/mac_do.c | 34 ++++++++++++++++++++++++----------
1 file changed, 24 insertions(+), 10 deletions(-)
diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 1d9b756bc0fc..fa20beadbaad 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -33,6 +33,23 @@
#include <security/mac/mac_policy.h>
+#ifdef INVARIANTS
+/*
+ * Should typically be moved to libkern (and perhaps libc) at some point, and be
+ * optimized if to be used outside of INVARIANTS.
+ */
+static bool
+is_zeroed(const void *const buf, const size_t size)
+{
+ const char *const p = buf;
+
+ for (size_t i = 0; i < size; ++i)
+ if (p[i] != 0)
+ return (false);
+ return (true);
+}
+#endif
+
static SYSCTL_NODE(_security_mac, OID_AUTO, do,
CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "mac_do policy controls");
@@ -353,25 +370,24 @@ toast_rules(struct rules *const rules)
}
}
-/* Assumes storage has been zeroed. */
-static void
+static inline void
init_rules(struct rules *const rules)
{
+ MPASS(is_zeroed(rules, sizeof(*rules)));
STAILQ_INIT(&rules->head);
}
-static void
+static inline void
init_exec_paths(struct exec_paths *const exec_paths)
{
- bzero(exec_paths, sizeof(*exec_paths));
- exec_paths->exec_paths_str[0] = 0;
+ MPASS(is_zeroed(exec_paths, sizeof(*exec_paths)));
}
static struct conf *
new_conf(void)
{
- struct conf *const conf = malloc(sizeof(*conf), M_MAC_DO, M_WAITOK |
- M_ZERO);
+ struct conf *const conf = malloc(sizeof(*conf), M_MAC_DO,
+ M_WAITOK | M_ZERO);
init_rules(&conf->rules);
init_exec_paths(&conf->exec_paths);
@@ -1356,9 +1372,7 @@ clone_rules(struct rules *const dst, const struct rules *const src)
{
struct rule *src_rule, *dst_rule;
- bzero(dst, sizeof(*dst));
strlcpy(dst->string, src->string, sizeof(dst->string));
- STAILQ_INIT(&dst->head);
STAILQ_FOREACH(src_rule, &src->head, r_entries) {
dst_rule = malloc(sizeof(*dst_rule), M_MAC_DO, M_WAITOK |
@@ -1387,7 +1401,7 @@ static void
clone_exec_paths(struct exec_paths *const dst,
const struct exec_paths *const src)
{
- bzero(dst, sizeof(*dst));
+ MPASS(is_zeroed(dst, sizeof(*dst)));
dst->exec_path_count = src->exec_path_count;
for (int i = 0; i < src->exec_path_count; i++)
strlcpy(dst->exec_paths[i], src->exec_paths[i],