On Wed, Apr 3, 2024 at 4:38 AM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
>
> Hello Ondrej Mosnacek,
>
> Commit c3a276111ea2 ("selinux: optimize storage of filename
> transitions") from Feb 18, 2020 (linux-next), leads to the following
> Smatch static checker warning:
>
> security/selinux/ss/policydb.c:1953 filename_trans_read_helper_compat()
> warn: missing error code 'rc'
>
> security/selinux/ss/policydb.c
> 1916 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
> 1917 {
> 1918 struct filename_trans_key key, *ft = NULL;
> 1919 struct filename_trans_datum *last, *datum = NULL;
> 1920 char *name = NULL;
> 1921 u32 len, stype, otype;
> 1922 __le32 buf[4];
> 1923 int rc;
> 1924
> 1925 /* length of the path component string */
> 1926 rc = next_entry(buf, fp, sizeof(u32));
> 1927 if (rc)
> 1928 return rc;
> 1929 len = le32_to_cpu(buf[0]);
> 1930
> 1931 /* path component string */
> 1932 rc = str_read(&name, GFP_KERNEL, fp, len);
> 1933 if (rc)
> 1934 return rc;
> 1935
> 1936 rc = next_entry(buf, fp, sizeof(u32) * 4);
> 1937 if (rc)
> 1938 goto out;
> 1939
> 1940 stype = le32_to_cpu(buf[0]);
> 1941 key.ttype = le32_to_cpu(buf[1]);
> 1942 key.tclass = le32_to_cpu(buf[2]);
> 1943 key.name = name;
> 1944
> 1945 otype = le32_to_cpu(buf[3]);
> 1946
> 1947 last = NULL;
> 1948 datum = policydb_filenametr_search(p, &key);
> 1949 while (datum) {
> 1950 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
> 1951 /* conflicting/duplicate rules are ignored */
> 1952 datum = NULL;
> --> 1953 goto out;
>
> It's not clear just from looking at this, if it should return zero or an
> error code. The way to silence these warnings in smatch is to add a
> "rc = 0;" within 5 lines of the goto. Or a comment would also help
> reviewers.
Thanks Dan,
Based on the comment and rest of the function I believe the right
choice is to set @rc to zero before the 'goto'. However, let's give
Ondrej a chance to comment and submit a patch.
--
paul-moore.com
