Re: [bug report] selinux: optimize storage of filename transitions

SELinux Archive mirror
 help / color / mirror / Atom feed

From: Ondrej Mosnacek <omosnace@redhat.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Dan Carpenter <dan.carpenter@linaro.org>, selinux@vger.kernel.org
Subject: Re: [bug report] selinux: optimize storage of filename transitions
Date: Thu, 4 Apr 2024 14:59:54 +0200	[thread overview]
Message-ID: <CAFqZXNstaBpRAPqtLDa9vurVSGGv0-XYw7ded85+84g94Lo3xA@mail.gmail.com> (raw)
In-Reply-To: <CAHC9VhRU2OC2EWNAsiLKXAqH_QHYiD9Sytu1rPObcQmofCL+Gg@mail.gmail.com>

On Wed, Apr 3, 2024 at 8:13 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Wed, Apr 3, 2024 at 4:38 AM Dan Carpenter <dan.carpenter@linaro.org> wrote:
> >
> > Hello Ondrej Mosnacek,
> >
> > Commit c3a276111ea2 ("selinux: optimize storage of filename
> > transitions") from Feb 18, 2020 (linux-next), leads to the following
> > Smatch static checker warning:
> >
> >         security/selinux/ss/policydb.c:1953 filename_trans_read_helper_compat()
> >         warn: missing error code 'rc'
> >
> > security/selinux/ss/policydb.c
> >     1916 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
> >     1917 {
> >     1918         struct filename_trans_key key, *ft = NULL;
> >     1919         struct filename_trans_datum *last, *datum = NULL;
> >     1920         char *name = NULL;
> >     1921         u32 len, stype, otype;
> >     1922         __le32 buf[4];
> >     1923         int rc;
> >     1924
> >     1925         /* length of the path component string */
> >     1926         rc = next_entry(buf, fp, sizeof(u32));
> >     1927         if (rc)
> >     1928                 return rc;
> >     1929         len = le32_to_cpu(buf[0]);
> >     1930
> >     1931         /* path component string */
> >     1932         rc = str_read(&name, GFP_KERNEL, fp, len);
> >     1933         if (rc)
> >     1934                 return rc;
> >     1935
> >     1936         rc = next_entry(buf, fp, sizeof(u32) * 4);
> >     1937         if (rc)
> >     1938                 goto out;
> >     1939
> >     1940         stype = le32_to_cpu(buf[0]);
> >     1941         key.ttype = le32_to_cpu(buf[1]);
> >     1942         key.tclass = le32_to_cpu(buf[2]);
> >     1943         key.name = name;
> >     1944
> >     1945         otype = le32_to_cpu(buf[3]);
> >     1946
> >     1947         last = NULL;
> >     1948         datum = policydb_filenametr_search(p, &key);
> >     1949         while (datum) {
> >     1950                 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
> >     1951                         /* conflicting/duplicate rules are ignored */
> >     1952                         datum = NULL;
> > --> 1953                         goto out;
> >
> > It's not clear just from looking at this, if it should return zero or an
> > error code.  The way to silence these warnings in smatch is to add a
> > "rc = 0;" within 5 lines of the goto.  Or a comment would also help
> > reviewers.
>
> Thanks Dan,
>
> Based on the comment and rest of the function I believe the right
> choice is to set @rc to zero before the 'goto'.  However, let's give
> Ondrej a chance to comment and submit a patch.

Yes, it should be set to zero in that path (and already happens to be
as a result of lines 1936-1937). I will send a patch to set it
explicitly just before the goto to make it clear and less error-prone.

Thank you for the report!

-- 
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.

     prev parent reply	other threads:[~2024-04-04 13:00 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-03  8:37 [bug report] selinux: optimize storage of filename transitions Dan Carpenter
2024-04-03 18:13 ` Paul Moore
2024-04-04 12:59   ` Ondrej Mosnacek [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAFqZXNstaBpRAPqtLDa9vurVSGGv0-XYw7ded85+84g94Lo3xA@mail.gmail.com \
    --to=omosnace@redhat.com \
    --cc=dan.carpenter@linaro.org \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).