On Tue, Aug 6, 2024 at 2:51 AM <thunder.leizhen@xxxxxxxxxxxxxxx> wrote: > > From: Zhen Lei <thunder.leizhen@xxxxxxxxxx> > > The count increases only when a node is successfully added to > the linked list. > > Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") > Signed-off-by: Zhen Lei <thunder.leizhen@xxxxxxxxxx> This looks correct to me but I also notice that the caller is not checking or handling the return code for the -ENOMEM situation. Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > security/selinux/avc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > index 32eb67fb3e42c0f..7087cd2b802d8d8 100644 > --- a/security/selinux/avc.c > +++ b/security/selinux/avc.c > @@ -330,12 +330,12 @@ static int avc_add_xperms_decision(struct avc_node *node, > { > struct avc_xperms_decision_node *dest_xpd; > > - node->ae.xp_node->xp.len++; > dest_xpd = avc_xperms_decision_alloc(src->used); > if (!dest_xpd) > return -ENOMEM; > avc_copy_xperms_decision(&dest_xpd->xpd, src); > list_add(&dest_xpd->xpd_list, &node->ae.xp_node->xpd_head); > + node->ae.xp_node->xp.len++; > return 0; > } > > -- > 2.34.1 >