kenv: assert that an empty static buffer passed in is "empty"

Garbage in the passed-in buffer can cause problems if any attempts to read
the kenv are inadvertently made between init_static_kenv and the first
kern_setenv -- assuming there is one.

This is cheap and easy, so do it. This also helps rule out some class of
bugs as one tries to debug; tunables fetch from the static environment up
until SI_SUB_KMEM + 1, and many of these buffers are global ~4k buffers that
rely on BSS clearing while others just grab a page of free memory and use it
(e.g. xen).

diff --git a/sys/kern/kern_environment.c b/sys/kern/kern_environment.c
index af3449f2b0bddf824c9f1c2fc686d2663e1ae5d8..f7be09b6eb72357de1f1f81c1abff9e8ce6e041b 100644 (file)
--- a/sys/kern/kern_environment.c
+++ b/sys/kern/kern_environment.c
@@ -250,6 +250,8 @@ init_static_kenv(char *buf, size_t len)
        char *eval;
 
        KASSERT(!dynamic_kenv, ("kenv: dynamic_kenv already initialized"));
+       KASSERT(len == 0 || *buf == '\0',
+           ("kenv: sized buffer must be initially empty"));
 
        /*
         * We may be called twice, with the second call needed to relocate