From nobody Tue Apr 18 19:37:05 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q1DhK4zHBz45ZCt; Tue, 18 Apr 2023 19:37:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Q1DhK4Nshz3H6k; Tue, 18 Apr 2023 19:37:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681846625; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pREfN7qKeXVHEoSHSyffkzcdpF0RU68otgKUfWxkjXw=; b=VT+PBp32P+IxBE+7lEIkXoO8gVbY2/QqxyGivA7HIVZCyXBoKhLCNvu5P24T54BzN26Vpb pQ3pNd1zq7XAH29IwlTow4tdKdhp4zvLJ1RkO1xNmjAamueNOEIHyAXCdbBrwEi403WHai eQ+KOVilbXF8fQBgwnrqrOUdQgSutcZAAjFGzx6nzYp80bmy9dE7N8qKApDH8AeBIJxD/p FFrkMe0vCD4d1meMBJqNpV2nK3PsdonglRIj+9XFUnpxIzcbDq+JoR8n+fRLDnZXyOYFEh S3HTrPHSLdZl4Y7cwtILOtQd/IyAFwAWwjz9miVF6HC/Yy7XGbBU1PE4oFUBqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681846625; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pREfN7qKeXVHEoSHSyffkzcdpF0RU68otgKUfWxkjXw=; b=b017tGd1s3+BDl9BnWFq9XnMbLWe4I+hnwZt+P9z+5ujpkoVOVNblcsHP5snHRaA00DBBE 6FybdGnLRXowMx3YF/4MjT5TRFq5KCmej2Zz1RuTg2/qr4he/InlYU2KM397BM+1c5qNpD I5iuNZIqiJi0bpFF9vWp4kMUlVHUUP4wtKtDhvJYH8gXngnKOlml/AUmef14kFr5AdUVow zPhZVC/LVlZUD5ruLHmAMlIVC+Ha+fzEeQFb5QENxXd48q6cgxnC8G4NkIM/PGtViotOV4 /SiB2sLRtREGUrWWfpC7qNo0bBnJRBJSWboaYOLJq5Kgg22OXs1Jc7Dbkotsqw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1681846625; a=rsa-sha256; cv=none; b=KHWfmSdnDkaVDHOU3Nv2XITZYwPC4FOHsORmcr11uY+iXt1F9oW6SkJNgpsKhX1tevGg5d 9SQ/wkyz7HLfrj7BaPPAJJLQLpUaY1Y1ivog4HwMCNq2mwf5FrsdO9NImJ01VHyhAujOek BFrXCEF6MC5IFi/7RuI2IArwCCTC6tcTZXeFNzPlstYNToH5ha9jUaBwKcd6U19LXtIdLd 05DUDijV/YgK3BV9xBgoMifo5vlxJ3IXqCMg+N8kVGZ50q39b3KoNZhaicHrhighQ3b2Vr d+rLEeWlGHsmhMgWukQ3s503wPv1lf9P4cwShh9Pb09SIOrnwt4KHw9tvrJcxw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Q1DhK31NpzPg3; Tue, 18 Apr 2023 19:37:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33IJb5Qs029521; Tue, 18 Apr 2023 19:37:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33IJb5fl029520; Tue, 18 Apr 2023 19:37:05 GMT (envelope-from git) Date: Tue, 18 Apr 2023 19:37:05 GMT Message-Id: <202304181937.33IJb5fl029520@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Stephen J. Kiernan" Subject: git: 8deb442cf7ab - main - mac: Honor order when registering MAC modules. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: stevek X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8deb442cf7ab2b1097a9186c895017a737d84370 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by stevek: URL: https://cgit.FreeBSD.org/src/commit/?id=8deb442cf7ab2b1097a9186c895017a737d84370 commit 8deb442cf7ab2b1097a9186c895017a737d84370 Author: Steve Kiernan AuthorDate: 2023-04-02 22:17:17 +0000 Commit: Stephen J. Kiernan CommitDate: 2023-04-18 19:36:27 +0000 mac: Honor order when registering MAC modules. Ensure MAC modules are inserted in order that they are registered. Reviewed by: markj Obtained from: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D39589 --- sys/security/mac/mac_framework.c | 38 ++++++++++++++++---------------------- 1 file changed, 16 insertions(+), 22 deletions(-) diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 8fc67f6c1b85..5231783ab454 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -519,7 +519,8 @@ mac_policy_fastpath_unregister(struct mac_policy_conf *mpc) static int mac_policy_register(struct mac_policy_conf *mpc) { - struct mac_policy_conf *tmpc; + struct mac_policy_list_head *mpc_list; + struct mac_policy_conf *last_mpc, *tmpc; int error, slot, static_entry; error = 0; @@ -539,19 +540,14 @@ mac_policy_register(struct mac_policy_conf *mpc) static_entry = (!mac_late && !(mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK)); - if (static_entry) { - LIST_FOREACH(tmpc, &mac_static_policy_list, mpc_list) { - if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) { - error = EEXIST; - goto out; - } - } - } else { - LIST_FOREACH(tmpc, &mac_policy_list, mpc_list) { - if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) { - error = EEXIST; - goto out; - } + mpc_list = (static_entry) ? &mac_static_policy_list : + &mac_policy_list; + last_mpc = NULL; + LIST_FOREACH(tmpc, mpc_list, mpc_list) { + last_mpc = tmpc; + if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) { + error = EEXIST; + goto out; } } if (mpc->mpc_field_off != NULL) { @@ -567,16 +563,14 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_runtime_flags |= MPC_RUNTIME_FLAG_REGISTERED; /* - * If we're loading a MAC module after the framework has initialized, - * it has to go into the dynamic list. If we're loading it before - * we've finished initializing, it can go into the static list with - * weaker locker requirements. + * Some modules may depend on the operations of its dependencies. + * Inserting modules in order of registration ensures operations + * that work on the module list retain dependency order. */ - if (static_entry) - LIST_INSERT_HEAD(&mac_static_policy_list, mpc, mpc_list); + if (last_mpc == NULL) + LIST_INSERT_HEAD(mpc_list, mpc, mpc_list); else - LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list); - + LIST_INSERT_AFTER(last_mpc, mpc, mpc_list); /* * Per-policy initialization. Currently, this takes place under the * exclusive lock, so policies must not sleep in their init method.