From: Ondrej Mosnacek <omosnace@redhat.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Dan Carpenter <dan.carpenter@linaro.org>, selinux@vger.kernel.org
Subject: Re: [bug report] selinux: optimize storage of filename transitions
Date: Thu, 4 Apr 2024 14:59:54 +0200 [thread overview]
Message-ID: <CAFqZXNstaBpRAPqtLDa9vurVSGGv0-XYw7ded85+84g94Lo3xA@mail.gmail.com> (raw)
In-Reply-To: <CAHC9VhRU2OC2EWNAsiLKXAqH_QHYiD9Sytu1rPObcQmofCL+Gg@mail.gmail.com>
On Wed, Apr 3, 2024 at 8:13 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Wed, Apr 3, 2024 at 4:38 AM Dan Carpenter <dan.carpenter@linaro.org> wrote:
> >
> > Hello Ondrej Mosnacek,
> >
> > Commit c3a276111ea2 ("selinux: optimize storage of filename
> > transitions") from Feb 18, 2020 (linux-next), leads to the following
> > Smatch static checker warning:
> >
> > security/selinux/ss/policydb.c:1953 filename_trans_read_helper_compat()
> > warn: missing error code 'rc'
> >
> > security/selinux/ss/policydb.c
> > 1916 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
> > 1917 {
> > 1918 struct filename_trans_key key, *ft = NULL;
> > 1919 struct filename_trans_datum *last, *datum = NULL;
> > 1920 char *name = NULL;
> > 1921 u32 len, stype, otype;
> > 1922 __le32 buf[4];
> > 1923 int rc;
> > 1924
> > 1925 /* length of the path component string */
> > 1926 rc = next_entry(buf, fp, sizeof(u32));
> > 1927 if (rc)
> > 1928 return rc;
> > 1929 len = le32_to_cpu(buf[0]);
> > 1930
> > 1931 /* path component string */
> > 1932 rc = str_read(&name, GFP_KERNEL, fp, len);
> > 1933 if (rc)
> > 1934 return rc;
> > 1935
> > 1936 rc = next_entry(buf, fp, sizeof(u32) * 4);
> > 1937 if (rc)
> > 1938 goto out;
> > 1939
> > 1940 stype = le32_to_cpu(buf[0]);
> > 1941 key.ttype = le32_to_cpu(buf[1]);
> > 1942 key.tclass = le32_to_cpu(buf[2]);
> > 1943 key.name = name;
> > 1944
> > 1945 otype = le32_to_cpu(buf[3]);
> > 1946
> > 1947 last = NULL;
> > 1948 datum = policydb_filenametr_search(p, &key);
> > 1949 while (datum) {
> > 1950 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
> > 1951 /* conflicting/duplicate rules are ignored */
> > 1952 datum = NULL;
> > --> 1953 goto out;
> >
> > It's not clear just from looking at this, if it should return zero or an
> > error code. The way to silence these warnings in smatch is to add a
> > "rc = 0;" within 5 lines of the goto. Or a comment would also help
> > reviewers.
>
> Thanks Dan,
>
> Based on the comment and rest of the function I believe the right
> choice is to set @rc to zero before the 'goto'. However, let's give
> Ondrej a chance to comment and submit a patch.
Yes, it should be set to zero in that path (and already happens to be
as a result of lines 1936-1937). I will send a patch to set it
explicitly just before the goto to make it clear and less error-prone.
Thank you for the report!
--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
prev parent reply other threads:[~2024-04-04 13:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 8:37 [bug report] selinux: optimize storage of filename transitions Dan Carpenter
2024-04-03 18:13 ` Paul Moore
2024-04-04 12:59 ` Ondrej Mosnacek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFqZXNstaBpRAPqtLDa9vurVSGGv0-XYw7ded85+84g94Lo3xA@mail.gmail.com \
--to=omosnace@redhat.com \
--cc=dan.carpenter@linaro.org \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).