The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=626fe12e2801a06c59eaa056ecf11f573e30ecbb
commit 626fe12e2801a06c59eaa056ecf11f573e30ecbb Author: Kyle Evans <[email protected]> AuthorDate: 2025-11-07 04:15:45 +0000 Commit: Kyle Evans <[email protected]> CommitDate: 2026-01-16 00:23:39 +0000 kern: mac: pull mac_label_copyin_string out A future commit to the area will further our jail integration and add a use for this: the struct mac itself was already copied in as part of vfs_buildopts(), so we only need to copyin the strings. We add an explicit flag argument because the jail operation will need to do it while holding the prison lock. Reviewed by: olce Differential Revision: https://reviews.freebsd.org/D53957 --- sys/security/mac/mac_syscalls.c | 48 +++++++++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 3e9908fb9da9..2a8b8d1f18ce 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -90,6 +90,35 @@ struct mac32 { }; #endif +static int +mac_label_copyin_string(struct mac *const mac, char **const u_string, + int flag) +{ + char *buffer; + int error; + + error = mac_check_structmac_consistent(mac); + if (error != 0) + return (error); + + /* 'm_buflen' not too big checked by function call above. */ + buffer = malloc(mac->m_buflen, M_MACTEMP, flag); + if (buffer == NULL) + return (ENOMEM); + + error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL); + if (error != 0) { + free(buffer, M_MACTEMP); + return (error); + } + + MPASS(error == 0); + if (u_string != NULL) + *u_string = mac->m_string; + mac->m_string = buffer; + return (0); +} + /* * Copyin a 'struct mac', including the string pointed to by 'm_string'. * @@ -101,7 +130,6 @@ int mac_label_copyin(const void *const u_mac, struct mac *const mac, char **const u_string) { - char *buffer; int error; #ifdef COMPAT_FREEBSD32 @@ -122,23 +150,7 @@ mac_label_copyin(const void *const u_mac, struct mac *const mac, return (error); } - error = mac_check_structmac_consistent(mac); - if (error != 0) - return (error); - - /* 'm_buflen' not too big checked by function call above. */ - buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK); - error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL); - if (error != 0) { - free(buffer, M_MACTEMP); - return (error); - } - - MPASS(error == 0); - if (u_string != NULL) - *u_string = mac->m_string; - mac->m_string = buffer; - return (0); + return (mac_label_copyin_string(mac, u_string, M_WAITOK)); } void
