* [PATCH] selinux: clarify return code in filename_trans_read_helper_compat()
@ 2024-04-04 15:16 Ondrej Mosnacek
2024-04-04 20:38 ` Paul Moore
0 siblings, 1 reply; 2+ messages in thread
From: Ondrej Mosnacek @ 2024-04-04 15:16 UTC (permalink / raw
To: Paul Moore; +Cc: selinux, Dan Carpenter
For the "conflicting/duplicate rules" branch in
filename_trans_read_helper_compat() the Smatch static checker reports:
security/selinux/ss/policydb.c:1953 filename_trans_read_helper_compat()
warn: missing error code 'rc'
While the value of rc will already always be zero here, it is not
obvious that it's the case and that it's the intended return value
(Smatch expects rc to be assigned within 5 lines from the goto).
Therefore, add an explicit assignment just before the goto to make the
intent more clear and the code less error-prone.
Fixes: c3a276111ea2 ("selinux: optimize storage of filename transitions")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/selinux/722b90c4-1f4b-42ff-a6c2-108ea262bd10@moroto.mountain/
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
security/selinux/ss/policydb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 9a23362c42f47..383f3ae82a736 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -1950,6 +1950,7 @@ static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
/* conflicting/duplicate rules are ignored */
datum = NULL;
+ rc = 0;
goto out;
}
if (likely(datum->otype == otype))
--
2.44.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] selinux: clarify return code in filename_trans_read_helper_compat()
2024-04-04 15:16 [PATCH] selinux: clarify return code in filename_trans_read_helper_compat() Ondrej Mosnacek
@ 2024-04-04 20:38 ` Paul Moore
0 siblings, 0 replies; 2+ messages in thread
From: Paul Moore @ 2024-04-04 20:38 UTC (permalink / raw
To: Ondrej Mosnacek; +Cc: selinux, Dan Carpenter
On Apr 4, 2024 Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> For the "conflicting/duplicate rules" branch in
> filename_trans_read_helper_compat() the Smatch static checker reports:
>
> security/selinux/ss/policydb.c:1953 filename_trans_read_helper_compat()
> warn: missing error code 'rc'
>
> While the value of rc will already always be zero here, it is not
> obvious that it's the case and that it's the intended return value
> (Smatch expects rc to be assigned within 5 lines from the goto).
> Therefore, add an explicit assignment just before the goto to make the
> intent more clear and the code less error-prone.
>
> Fixes: c3a276111ea2 ("selinux: optimize storage of filename transitions")
> Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> Link: https://lore.kernel.org/selinux/722b90c4-1f4b-42ff-a6c2-108ea262bd10@moroto.mountain/
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
> security/selinux/ss/policydb.c | 1 +
> 1 file changed, 1 insertion(+)
As this really only impacts static analysis I don't think this rises to
the level of warranting a stable tag so I'm going to merge this via the
selinux/dev branch. Thanks everyone!
--
paul-moore.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-04-04 20:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-04 15:16 [PATCH] selinux: clarify return code in filename_trans_read_helper_compat() Ondrej Mosnacek
2024-04-04 20:38 ` Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).