Re: git: 4e2121c10afc - main - mac_ddb: add some validation functions

On 7/19/2022 10:26 AM, Konstantin Belousov wrote:
> On Mon, Jul 18, 2022 at 10:06:57PM +0000, Allan Jude wrote:
>> The branch main has been updated by allanjude:
>>
>> URL: https://cgit.FreeBSD.org/src/commit/?id=4e2121c10afc3d9273368eae776fe31d0c68ba6a
>>
>> commit 4e2121c10afc3d9273368eae776fe31d0c68ba6a
>> Author:     Mitchell Horne <mhorne@FreeBSD.org>
>> AuthorDate: 2022-07-18 21:25:00 +0000
>> Commit:     Allan Jude <allanjude@FreeBSD.org>
>> CommitDate: 2022-07-18 22:06:22 +0000
>>
>>      mac_ddb: add some validation functions
>>      
>>      These global objects are easy to validate, so provide the helper
>>      functions to do so and include these commands in the allow lists.
>>      
>>      Reviewed by:    markj
>>      Sponsored by:   Juniper Networks, Inc.
>>      Sponsored by:   Klara, Inc.
>>      Differential Revision:  https://reviews.freebsd.org/D35372
>> ---
>>   sys/security/mac_ddb/mac_ddb.c | 101 +++++++++++++++++++++++++++++++++++++++++
>>   1 file changed, 101 insertions(+)
> 
>> +static int
>> +db_show_vnet_valid(db_expr_t addr, bool have_addr, db_expr_t count, char *modif)
>> +{
>> +	VNET_ITERATOR_DECL(vnet);
>> +
>> +	if (!have_addr)
>> +		return (0);
>> +
>> +	VNET_FOREACH(vnet) {
>> +		if ((void *)vnet == (void *)addr)
>> +			return (0);
>> +	}
>> +
>> +	return (EACCES);
>> +}
> 
> This seems to break non-VNET builds:
> /usr/home/kostik/work/DEV/src/sys/security/mac_ddb/mac_ddb.c:200:15: error: use of undeclared identifier 'vnet'; did you mean 'int'?
>                  if ((void *)vnet == (void *)addr)
>                              ^~~~
>                              int
> /usr/home/kostik/work/DEV/src/sys/security/mac_ddb/mac_ddb.c:200:15: error: expected expression
> 2 errors generated.
> --- mac_ddb.o ---
> *** [mac_ddb.o] Error code 1

I reached out to Mitchell, but he hasn't gotten back to me yet (he is on 
vacation), so I've committed a fix.



-- 
Allan Jude