the stack to be changed in a way incompatible with elf32_map_insert()
where we used data_buf without initializing it for when the partial
mapping resulting in a misaligned image (typical when the page size
implied by the image is not the same as the page size in use by the
kernel). Since data_buf is passed by reference to vm_map_find(), the
compiler cannot warn about it.
While here, move all local variables to the top of the function.
o Up to 8 arguments are allowed. This is the number of arguments
passed in registers. Subsequent registers are passed on the stack.
Trying to deal with this is not easy in C and likely forces us to
use assembly code. Let's avoid that for now. There's no indication
that more than 8 arguments is a strong requirement (Linux also has
an 8 argument limit).
o We expect that the stack base is 16-byte aligned and the stack
size is a multiple of 16-byte. We bomb out if this is not the case.
We probably want to be less strict by enforcing it ourselves. For
now it's better to not hide gross alignment bogons by silently
correcting it.
of C strings internally; C strings require a lot of return value
checking that (a) takes a lot of space, and (b) is difficult to get
right. Prior to the advent of compartment support, modeling APIs
for helper functions on snprintf worked fine; with the additional
complexity, the sbuf_printf() API makes a lot more sense.
While doing this, break out the printing of sequential compartment
lists into a helper function, mac_{biba,mls}_compartment_to_string().
This permits the main body of mac_{biba,mls}_element_to_string()
to be concerned only with identifying sequential ranges rather
than rendering.
At a less disruptive moment, we'll push the move from snprintf()-like
interface to sbuf()-like interface up into the MAC Framework layer.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
