The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=134d00bd2c910cc7cc21c11fba093ff82bbb9344
commit 134d00bd2c910cc7cc21c11fba093ff82bbb9344 Author: John Baldwin <[email protected]> AuthorDate: 2025-11-24 15:47:20 +0000 Commit: John Baldwin <[email protected]> CommitDate: 2025-11-24 15:47:20 +0000 MAC: Use the current thread's user ABI to determine the layout of struct mac This removes mac_label_copyin32() as mac_label_copyin() can now handle both native and 32-bit struct mac objects. Reviewed by: olce, brooks Obtained from: CheriBSD Sponsored by: AFRL, DARPA Differential Revision: https://reviews.freebsd.org/D53755 --- sys/kern/kern_prot.c | 7 +------ sys/security/mac/mac_syscalls.c | 25 +++++-------------------- sys/security/mac/mac_syscalls.h | 9 +-------- 3 files changed, 7 insertions(+), 34 deletions(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 81099aa7d28d..5d57cdb7928d 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -635,12 +635,7 @@ user_setcred(struct thread *td, const u_int flags, #ifdef MAC if ((flags & SETCREDF_MAC_LABEL) != 0) { -#ifdef COMPAT_FREEBSD32 - if (is_32bit) - error = mac_label_copyin32(umac, &mac, NULL); - else -#endif - error = mac_label_copyin(umac, &mac, NULL); + error = mac_label_copyin(umac, &mac, NULL); if (error != 0) goto free_groups; wcred.sc_label = &mac; diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 26181781a394..13c7998041f9 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -57,6 +57,7 @@ #include <sys/proc.h> #include <sys/systm.h> #include <sys/sysctl.h> +#include <sys/sysent.h> #include <sys/sysproto.h> #include <sys/vnode.h> #include <sys/mount.h> @@ -94,15 +95,15 @@ struct mac32 { * after use by calling free_copied_label() (which see). On success, 'u_string' * if not NULL is filled with the userspace address for 'u_mac->m_string'. */ -static int -mac_label_copyin_impl(const void *const u_mac, struct mac *const mac, - char **const u_string, bool is_32bit) +int +mac_label_copyin(const void *const u_mac, struct mac *const mac, + char **const u_string) { char *buffer; int error; #ifdef COMPAT_FREEBSD32 - if (is_32bit) { + if (SV_CURPROC_FLAG(SV_ILP32)) { struct mac32 mac32; error = copyin(u_mac, &mac32, sizeof(mac32)); @@ -138,28 +139,12 @@ mac_label_copyin_impl(const void *const u_mac, struct mac *const mac, return (0); } -int -mac_label_copyin(const struct mac *const u_mac, struct mac *const mac, - char **const u_string) -{ - return (mac_label_copyin_impl(u_mac, mac, u_string, false)); -} - void free_copied_label(const struct mac *const mac) { free(mac->m_string, M_MACTEMP); } -#ifdef COMPAT_FREEBSD32 -int -mac_label_copyin32(const struct mac32 *const u_mac, - struct mac *const mac, char **const u_string) -{ - return (mac_label_copyin_impl(u_mac, mac, u_string, true)); -} -#endif - int sys___mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap) { diff --git a/sys/security/mac/mac_syscalls.h b/sys/security/mac/mac_syscalls.h index 4efeaf300d31..f95ff3ef1264 100644 --- a/sys/security/mac/mac_syscalls.h +++ b/sys/security/mac/mac_syscalls.h @@ -19,17 +19,10 @@ #error "no user-serviceable parts inside" #endif -int mac_label_copyin(const struct mac *const u_mac, struct mac *const mac, +int mac_label_copyin(const void *const u_mac, struct mac *const mac, char **const u_string); void free_copied_label(const struct mac *const mac); -#ifdef COMPAT_FREEBSD32 -struct mac32; - -int mac_label_copyin32(const struct mac32 *const u_mac, - struct mac *const mac, char **const u_string); -#endif /* COMPAT_FREEBSD32 */ - int mac_set_proc_prepare(struct thread *const td, const struct mac *const mac, void **const mac_set_proc_data); int mac_set_proc_core(struct thread *const td, struct ucred *const newcred,
