Re: [patch 4/7] selinux: fix error codes in cond_read_node()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 7, 2010 at 5:07 PM, Dan Carpenter <error27@xxxxxxxxx> wrote:
> Originally cond_read_node() returned -1 (-EPERM) on errors which was
> incorrect.  Now it either propagates the error codes from lower level
> functions next_entry() or cond_read_av_list() or it returns -ENOMEM or
> -EINVAL.
>
> next_entry() returns -EINVAL.
> cond_read_av_list() returns -EINVAL or -ENOMEM.
>
> Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
>
> diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
> index 4c39f19..f0de637 100644
> --- a/security/selinux/ss/conditional.c
> +++ b/security/selinux/ss/conditional.c
> @@ -392,14 +392,14 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
>
>        rc = next_entry(buf, fp, sizeof(u32));
>        if (rc < 0)
> -               return -1;
> +               return rc;
>
>        node->cur_state = le32_to_cpu(buf[0]);
>
>        len = 0;
>        rc = next_entry(buf, fp, sizeof(u32));
>        if (rc < 0)
> -               return -1;
> +               return rc;
>
>        /* expr */
>        len = le32_to_cpu(buf[0]);
> @@ -409,6 +409,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
>                if (rc < 0)
>                        goto err;
>
> +               rc = -ENOMEM;
>                expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
>                if (!expr)
>                        goto err;
> @@ -417,6 +418,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
>                expr->bool = le32_to_cpu(buf[1]);
>
>                if (!expr_isvalid(p, expr)) {
> +                       rc = -EINVAL;
>                        kfree(expr);
>                        goto err;
>                }
> @@ -428,14 +430,16 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
>                last = expr;
>        }
>
> -       if (cond_read_av_list(p, fp, &node->true_list, NULL) != 0)
> +       rc = cond_read_av_list(p, fp, &node->true_list, NULL);
> +       if (rc < 0)
>                goto err;
> -       if (cond_read_av_list(p, fp, &node->false_list, node->true_list) != 0)
> +       rc = cond_read_av_list(p, fp, &node->false_list, node->true_list);
> +       if (rc < 0)
>                goto err;

I know that lots of the next_entry() calls use if (rc < 0) [unrelated
note I think those need to be fixed too] but most of the code uses if
(rc) and I strongly prefer if (rc) as it's cleaner and faster from a
micro architecture point of view.  Would you mind re-spinning this
one?

-Eric
>        return 0;
>  err:
>        cond_node_destroy(node);
> -       return -1;
> +       return rc;
>  }
>
>  int cond_read_list(struct policydb *p, void *fp)
>
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux