From nobody Mon Nov 13 21:33:11 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4STjMr16rvz50lvK;
	Mon, 13 Nov 2023 21:33:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4STjMr0Z6lz3R2g;
	Mon, 13 Nov 2023 21:33:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1699911192;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7ELOQ71Cvun+k0icgXTbBYKYlH1zqcWrayLs6jCUV9E=;
	b=kaQh9GwSchDvWiJxcUbfob7ZgY2Z1NhGv+YZtrfovIhsEFm6cmCJqLi9L3a8OLEKMzz8ps
	QxbGG5G+iTAOzfwqMYm1MDIMGFPULLynv9tBo/33U2WbqnVnbAsfkPU2dSUOH3LwVrJJPJ
	xwELVZu7xTf4WJ+/Z5T7X/Ux86VszDiacdnjiXBhrzpk1cgtY6hi723iEUFfCPpkHhKH35
	uTa0n615hJ7HFLbbTZQk466hukB1Y7aW3asouw9Av7VUcOEGgb5fHxEDVqQwKH70S/SwI6
	hbLlIMp5GeKPQD7/r5p7RmeMUovMFUqMWbXGoJurfoObGAh5G6+hvnIDULpWdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1699911192;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7ELOQ71Cvun+k0icgXTbBYKYlH1zqcWrayLs6jCUV9E=;
	b=p7aDlJGo4A7j5hRob5WxaQbjUCrOtMYPbeclgqu3O38qgO/pRmWeSBayqnufQ4keBbutkx
	7U9l6lDq39bPuYSxQDINHhMLlDXhxEDCg20LzwtGYjXYFslePG11BbnsmG6v3OMpR+/J7J
	izSVvaubc0StUQhFaMNJrfEZFTRh9rQQ/pV8G7Q0tRHy8RJhl/aXz+eo9tnBtnYLL5Aj2D
	ArVgPwdrTKT5YWALyeYb3qdqcZzd3g8yW1CT0piOVG1AmVFZzOf8OIdOP9mtoIzLFOgvAY
	Z1cm230W1QteQ5Lb7PmPot/n15wRG0TxiSOpl5GyA7hNSmzzldLJGAur+faqnw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699911192; a=rsa-sha256; cv=none;
	b=AyWCzhXEo0kGd8e/see9BdGcExhTaBLWuusvsTpHgqL1YRlEBCwIupEm+uLQT2oi+g3JEc
	t3Q3l0Xd4M6wYl0LE6pmsBQiVJG8dRYc1z1gjY39R2277BQIL3r7CNZzAHGIAaC0Hnlb5p
	T/bGEv+3Lq/Ag6KMJh1tL43+EC+EJklyWERJsMcDLIUVfXXr7V+JPooFTIhvlBTflBZfih
	HlXRYD6UOEEfpiOdQYxOu4UTuwQP1fzgMiN+THZviC6hTSuX560Wf7VFNvHKdk3l35o6uu
	gzBkxDVSr/f0qLem57NrBavOPzc+De8fxEJfH/mfikiLqOTZArG83QYYrkTg8Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4STjMq6l2Dz6ff;
	Mon, 13 Nov 2023 21:33:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3ADLXB6u077881;
	Mon, 13 Nov 2023 21:33:11 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3ADLXBhX077878;
	Mon, 13 Nov 2023 21:33:11 GMT
	(envelope-from git)
Date: Mon, 13 Nov 2023 21:33:11 GMT
Message-Id: <202311132133.3ADLXBhX077878@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Brooks Davis <brooks@FreeBSD.org>
Subject: git: f64a688dfda9 - main - Remove gratuitous copyouts of
  unchanged struct mac.
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: brooks
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: f64a688dfda9d664c03ba67dab27dd6c7e10784d
Auto-Submitted: auto-generated

The branch main has been updated by brooks:

URL: https://cgit.FreeBSD.org/src/commit/?id=f64a688dfda9d664c03ba67dab27dd6c7e10784d

commit f64a688dfda9d664c03ba67dab27dd6c7e10784d
Author:     Brooks Davis <brooks@FreeBSD.org>
AuthorDate: 2023-11-13 21:32:15 +0000
Commit:     Brooks Davis <brooks@FreeBSD.org>
CommitDate: 2023-11-13 21:32:15 +0000

    Remove gratuitous copyouts of unchanged struct mac.
    
    The get operations change the data pointed to by the structure, but do
    not update the contents of the struct.
    
    Mark the struct mac arguments of mac_[gs]etsockopt_*label() and
    mac_check_structmac_consistent() const to prevent this from changing
    in the future.
    
    Reviewed by:    markj
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D14488
---
 sys/kern/uipc_socket.c           | 4 ++--
 sys/security/mac/mac_framework.c | 3 +--
 sys/security/mac/mac_framework.h | 6 +++---
 sys/security/mac/mac_internal.h  | 2 +-
 sys/security/mac/mac_socket.c    | 8 +++++---
 5 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 880dec89245b..0ddcf0409cb0 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -3442,7 +3442,7 @@ integer:
 			    so, &extmac);
 			if (error)
 				goto bad;
-			error = sooptcopyout(sopt, &extmac, sizeof extmac);
+			/* Don't copy out extmac, it is unchanged. */
 #else
 			error = EOPNOTSUPP;
 #endif
@@ -3458,7 +3458,7 @@ integer:
 			    sopt->sopt_td->td_ucred, so, &extmac);
 			if (error)
 				goto bad;
-			error = sooptcopyout(sopt, &extmac, sizeof extmac);
+			/* Don't copy out extmac, it is unchanged. */
 #else
 			error = EOPNOTSUPP;
 #endif
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index 8f1aa37d45b3..682f05c6979f 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -725,9 +725,8 @@ mac_error_select(int error1, int error2)
 }
 
 int
-mac_check_structmac_consistent(struct mac *mac)
+mac_check_structmac_consistent(const struct mac *mac)
 {
-
 	/* Require that labels have a non-zero length. */
 	if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN ||
 	    mac->m_buflen <= sizeof(""))
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 644028bde478..c69b9cd64454 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -408,11 +408,11 @@ void	mac_socket_destroy(struct socket *);
 int	mac_socket_init(struct socket *, int);
 void	mac_socket_newconn(struct socket *oldso, struct socket *newso);
 int	mac_getsockopt_label(struct ucred *cred, struct socket *so,
-	    struct mac *extmac);
+	    const struct mac *extmac);
 int	mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
-	    struct mac *extmac);
+	    const struct mac *extmac);
 int	mac_setsockopt_label(struct ucred *cred, struct socket *so,
-	    struct mac *extmac);
+	    const struct mac *extmac);
 
 void	mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so);
 void	mac_socketpeer_set_from_socket(struct socket *oldso,
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index d1ee1af09c0b..aa407598600a 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -210,7 +210,7 @@ void		 mac_labelzone_init(void);
 
 void	mac_init_label(struct label *label);
 void	mac_destroy_label(struct label *label);
-int	mac_check_structmac_consistent(struct mac *mac);
+int	mac_check_structmac_consistent(const struct mac *mac);
 int	mac_allocate_slot(void);
 
 /*
diff --git a/sys/security/mac/mac_socket.c b/sys/security/mac/mac_socket.c
index be1363024657..e9f94404734a 100644
--- a/sys/security/mac/mac_socket.c
+++ b/sys/security/mac/mac_socket.c
@@ -521,7 +521,8 @@ mac_socket_label_set(struct ucred *cred, struct socket *so,
 }
 
 int
-mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
+mac_setsockopt_label(struct ucred *cred, struct socket *so,
+    const struct mac *mac)
 {
 	struct label *intlabel;
 	char *buffer;
@@ -554,7 +555,8 @@ out:
 }
 
 int
-mac_getsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
+mac_getsockopt_label(struct ucred *cred, struct socket *so,
+    const struct mac *mac)
 {
 	char *buffer, *elements;
 	struct label *intlabel;
@@ -593,7 +595,7 @@ mac_getsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
 
 int
 mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
-    struct mac *mac)
+    const struct mac *mac)
 {
 	char *elements, *buffer;
 	struct label *intlabel;