Re: [PATCH v2 2/3] IMA: Add log statements for failure conditions.

Joe Perches <joe@xxxxxxxxxxx> · Mon, 10 Feb 2020 19:23:42 -0800

On Mon, 2020-02-10 at 18:47 -0800, Tushar Sugandhi wrote:
> process_buffer_measurement() and ima_alloc_key_entry()
> functions do not have log messages for failure conditions.

trivia:

> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
[]
> @@ -757,6 +757,9 @@ void process_buffer_measurement(const void *buf, int size,
>  		ima_free_template_entry(entry);
>  
>  out:
> +	if (ret < 0)
> +		pr_err("Process buffer measurement failed, result: %d\n", ret);

perhaps use %s, __func__

		pr_err("%s: failed, result: %d\n", __func__, ret);
 
> diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
[]
> @@ -90,6 +90,7 @@ static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring,
>  
>  out:
>  	if (rc) {
> +		pr_err("Key entry allocation failed, result: %d\n", rc);
>  		ima_free_key_entry(entry);
>  		entry = NULL;
>  	}

Likely the pr_err is unnecessary here as kmalloc, kstrdup
and kmemdup all emit a dump_stack() on allocation failure.

Perhaps instead:

o Remove unnecessary indentation in ima_free_key_entry by
  returning early on NULL argument
o Remove unnecessary rc, tests and label in ima_alloc_key_entry
---
 security/integrity/ima/ima_queue_keys.c | 37 +++++++++++++--------------------
 1 file changed, 15 insertions(+), 22 deletions(-)

diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
index c87c722..ba449f 100644
--- a/security/integrity/ima/ima_queue_keys.c
+++ b/security/integrity/ima/ima_queue_keys.c
@@ -58,42 +58,35 @@ void ima_init_key_queue(void)
 
 static void ima_free_key_entry(struct ima_key_entry *entry)
 {
-	if (entry) {
-		kfree(entry->payload);
-		kfree(entry->keyring_name);
-		kfree(entry);
-	}
+	if (!entry)
+		return;
+
+	kfree(entry->payload);
+	kfree(entry->keyring_name);
+	kfree(entry);
 }
 
 static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring,
 						 const void *payload,
 						 size_t payload_len)
 {
-	int rc = 0;
 	struct ima_key_entry *entry;
 
 	entry = kzalloc(sizeof(*entry), GFP_KERNEL);
-	if (entry) {
-		entry->payload = kmemdup(payload, payload_len, GFP_KERNEL);
-		entry->keyring_name = kstrdup(keyring->description,
-					      GFP_KERNEL);
-		entry->payload_len = payload_len;
-	}
-
-	if ((entry == NULL) || (entry->payload == NULL) ||
-	    (entry->keyring_name == NULL)) {
-		rc = -ENOMEM;
-		goto out;
-	}
+	if (!entry)
+		return NULL;
 
-	INIT_LIST_HEAD(&entry->list);
+	entry->payload = kmemdup(payload, payload_len, GFP_KERNEL);
+	entry->payload_len = payload_len;
+	entry->keyring_name = kstrdup(keyring->description, GFP_KERNEL);
 
-out:
-	if (rc) {
+	if (!entry->payload || !entry->keyring_name) {
 		ima_free_key_entry(entry);
-		entry = NULL;
+		return NULL;
 	}
 
+	INIT_LIST_HEAD(&entry->list);
+
 	return entry;
 }
 








