Re: [bug report] selinux: optimize storage of filename transitions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Apr 3, 2024 at 8:13 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> On Wed, Apr 3, 2024 at 4:38 AM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> >
> > Hello Ondrej Mosnacek,
> >
> > Commit c3a276111ea2 ("selinux: optimize storage of filename
> > transitions") from Feb 18, 2020 (linux-next), leads to the following
> > Smatch static checker warning:
> >
> >         security/selinux/ss/policydb.c:1953 filename_trans_read_helper_compat()
> >         warn: missing error code 'rc'
> >
> > security/selinux/ss/policydb.c
> >     1916 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
> >     1917 {
> >     1918         struct filename_trans_key key, *ft = NULL;
> >     1919         struct filename_trans_datum *last, *datum = NULL;
> >     1920         char *name = NULL;
> >     1921         u32 len, stype, otype;
> >     1922         __le32 buf[4];
> >     1923         int rc;
> >     1924
> >     1925         /* length of the path component string */
> >     1926         rc = next_entry(buf, fp, sizeof(u32));
> >     1927         if (rc)
> >     1928                 return rc;
> >     1929         len = le32_to_cpu(buf[0]);
> >     1930
> >     1931         /* path component string */
> >     1932         rc = str_read(&name, GFP_KERNEL, fp, len);
> >     1933         if (rc)
> >     1934                 return rc;
> >     1935
> >     1936         rc = next_entry(buf, fp, sizeof(u32) * 4);
> >     1937         if (rc)
> >     1938                 goto out;
> >     1939
> >     1940         stype = le32_to_cpu(buf[0]);
> >     1941         key.ttype = le32_to_cpu(buf[1]);
> >     1942         key.tclass = le32_to_cpu(buf[2]);
> >     1943         key.name = name;
> >     1944
> >     1945         otype = le32_to_cpu(buf[3]);
> >     1946
> >     1947         last = NULL;
> >     1948         datum = policydb_filenametr_search(p, &key);
> >     1949         while (datum) {
> >     1950                 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
> >     1951                         /* conflicting/duplicate rules are ignored */
> >     1952                         datum = NULL;
> > --> 1953                         goto out;
> >
> > It's not clear just from looking at this, if it should return zero or an
> > error code.  The way to silence these warnings in smatch is to add a
> > "rc = 0;" within 5 lines of the goto.  Or a comment would also help
> > reviewers.
>
> Thanks Dan,
>
> Based on the comment and rest of the function I believe the right
> choice is to set @rc to zero before the 'goto'.  However, let's give
> Ondrej a chance to comment and submit a patch.

Yes, it should be set to zero in that path (and already happens to be
as a result of lines 1936-1937). I will send a patch to set it
explicitly just before the goto to make it clear and less error-prone.

Thank you for the report!

-- 
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux