On Tue, Aug 6, 2024 at 2:51 AM <thunder.leizhen@xxxxxxxxxxxxxxx> wrote:
>
> From: Zhen Lei <thunder.leizhen@xxxxxxxxxx>
>
> The count increases only when a node is successfully added to
> the linked list.
>
> Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls")
> Signed-off-by: Zhen Lei <thunder.leizhen@xxxxxxxxxx>
This looks correct to me but I also notice that the caller is not
checking or handling the return code for the -ENOMEM situation.
Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
> ---
> security/selinux/avc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index 32eb67fb3e42c0f..7087cd2b802d8d8 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -330,12 +330,12 @@ static int avc_add_xperms_decision(struct avc_node *node,
> {
> struct avc_xperms_decision_node *dest_xpd;
>
> - node->ae.xp_node->xp.len++;
> dest_xpd = avc_xperms_decision_alloc(src->used);
> if (!dest_xpd)
> return -ENOMEM;
> avc_copy_xperms_decision(&dest_xpd->xpd, src);
> list_add(&dest_xpd->xpd_list, &node->ae.xp_node->xpd_head);
> + node->ae.xp_node->xp.len++;
> return 0;
> }
>
> --
> 2.34.1
>
