On Fri, Jan 25, 2019 at 5:07 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > We don't need to crash the machine in these cases. Let's just detect the > buggy state early and error out with a warning. > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > security/selinux/avc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) It's always good to remove BUG_ON()s. Merged, thanks. > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > index 502162eeb3a0..5ebad47391c9 100644 > --- a/security/selinux/avc.c > +++ b/security/selinux/avc.c > @@ -678,7 +678,6 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) > return; > } > > - BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map)); > perms = secclass_map[sad->tclass-1].perms; > > audit_log_string(ab, " {"); > @@ -731,7 +730,6 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) > kfree(scontext); > } > > - BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map)); > audit_log_format(ab, " tclass=%s", secclass_map[sad->tclass-1].name); > > if (sad->denied) > @@ -748,6 +746,9 @@ noinline int slow_avc_audit(struct selinux_state *state, > struct common_audit_data stack_data; > struct selinux_audit_data sad; > > + if (WARN_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map))) > + return -EINVAL; > + > if (!a) { > a = &stack_data; > a->type = LSM_AUDIT_DATA_NONE; > -- > 2.20.1 > -- paul moore www.paul-moore.com