* [bug report] selinux: optimize storage of filename transitions
@ 2024-04-03 8:37 Dan Carpenter
2024-04-03 18:13 ` Paul Moore
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2024-04-03 8:37 UTC (permalink / raw
To: omosnace; +Cc: selinux
Hello Ondrej Mosnacek,
Commit c3a276111ea2 ("selinux: optimize storage of filename
transitions") from Feb 18, 2020 (linux-next), leads to the following
Smatch static checker warning:
security/selinux/ss/policydb.c:1953 filename_trans_read_helper_compat()
warn: missing error code 'rc'
security/selinux/ss/policydb.c
1916 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
1917 {
1918 struct filename_trans_key key, *ft = NULL;
1919 struct filename_trans_datum *last, *datum = NULL;
1920 char *name = NULL;
1921 u32 len, stype, otype;
1922 __le32 buf[4];
1923 int rc;
1924
1925 /* length of the path component string */
1926 rc = next_entry(buf, fp, sizeof(u32));
1927 if (rc)
1928 return rc;
1929 len = le32_to_cpu(buf[0]);
1930
1931 /* path component string */
1932 rc = str_read(&name, GFP_KERNEL, fp, len);
1933 if (rc)
1934 return rc;
1935
1936 rc = next_entry(buf, fp, sizeof(u32) * 4);
1937 if (rc)
1938 goto out;
1939
1940 stype = le32_to_cpu(buf[0]);
1941 key.ttype = le32_to_cpu(buf[1]);
1942 key.tclass = le32_to_cpu(buf[2]);
1943 key.name = name;
1944
1945 otype = le32_to_cpu(buf[3]);
1946
1947 last = NULL;
1948 datum = policydb_filenametr_search(p, &key);
1949 while (datum) {
1950 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
1951 /* conflicting/duplicate rules are ignored */
1952 datum = NULL;
--> 1953 goto out;
It's not clear just from looking at this, if it should return zero or an
error code. The way to silence these warnings in smatch is to add a
"rc = 0;" within 5 lines of the goto. Or a comment would also help
reviewers.
1954 }
1955 if (likely(datum->otype == otype))
1956 break;
1957 last = datum;
1958 datum = datum->next;
1959 }
1960 if (!datum) {
1961 rc = -ENOMEM;
1962 datum = kmalloc(sizeof(*datum), GFP_KERNEL);
1963 if (!datum)
1964 goto out;
1965
1966 ebitmap_init(&datum->stypes);
1967 datum->otype = otype;
1968 datum->next = NULL;
1969
1970 if (unlikely(last)) {
1971 last->next = datum;
1972 } else {
1973 rc = -ENOMEM;
1974 ft = kmemdup(&key, sizeof(key), GFP_KERNEL);
1975 if (!ft)
1976 goto out;
1977
1978 rc = hashtab_insert(&p->filename_trans, ft, datum,
1979 filenametr_key_params);
1980 if (rc)
1981 goto out;
1982 name = NULL;
1983
1984 rc = ebitmap_set_bit(&p->filename_trans_ttypes,
1985 key.ttype, 1);
1986 if (rc)
1987 return rc;
1988 }
1989 }
1990 kfree(name);
1991 return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
1992
1993 out:
1994 kfree(ft);
1995 kfree(name);
1996 kfree(datum);
1997 return rc;
1998 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [bug report] selinux: optimize storage of filename transitions
2024-04-03 8:37 [bug report] selinux: optimize storage of filename transitions Dan Carpenter
@ 2024-04-03 18:13 ` Paul Moore
2024-04-04 12:59 ` Ondrej Mosnacek
0 siblings, 1 reply; 3+ messages in thread
From: Paul Moore @ 2024-04-03 18:13 UTC (permalink / raw
To: Dan Carpenter; +Cc: omosnace, selinux
On Wed, Apr 3, 2024 at 4:38 AM Dan Carpenter <dan.carpenter@linaro.org> wrote:
>
> Hello Ondrej Mosnacek,
>
> Commit c3a276111ea2 ("selinux: optimize storage of filename
> transitions") from Feb 18, 2020 (linux-next), leads to the following
> Smatch static checker warning:
>
> security/selinux/ss/policydb.c:1953 filename_trans_read_helper_compat()
> warn: missing error code 'rc'
>
> security/selinux/ss/policydb.c
> 1916 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
> 1917 {
> 1918 struct filename_trans_key key, *ft = NULL;
> 1919 struct filename_trans_datum *last, *datum = NULL;
> 1920 char *name = NULL;
> 1921 u32 len, stype, otype;
> 1922 __le32 buf[4];
> 1923 int rc;
> 1924
> 1925 /* length of the path component string */
> 1926 rc = next_entry(buf, fp, sizeof(u32));
> 1927 if (rc)
> 1928 return rc;
> 1929 len = le32_to_cpu(buf[0]);
> 1930
> 1931 /* path component string */
> 1932 rc = str_read(&name, GFP_KERNEL, fp, len);
> 1933 if (rc)
> 1934 return rc;
> 1935
> 1936 rc = next_entry(buf, fp, sizeof(u32) * 4);
> 1937 if (rc)
> 1938 goto out;
> 1939
> 1940 stype = le32_to_cpu(buf[0]);
> 1941 key.ttype = le32_to_cpu(buf[1]);
> 1942 key.tclass = le32_to_cpu(buf[2]);
> 1943 key.name = name;
> 1944
> 1945 otype = le32_to_cpu(buf[3]);
> 1946
> 1947 last = NULL;
> 1948 datum = policydb_filenametr_search(p, &key);
> 1949 while (datum) {
> 1950 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
> 1951 /* conflicting/duplicate rules are ignored */
> 1952 datum = NULL;
> --> 1953 goto out;
>
> It's not clear just from looking at this, if it should return zero or an
> error code. The way to silence these warnings in smatch is to add a
> "rc = 0;" within 5 lines of the goto. Or a comment would also help
> reviewers.
Thanks Dan,
Based on the comment and rest of the function I believe the right
choice is to set @rc to zero before the 'goto'. However, let's give
Ondrej a chance to comment and submit a patch.
--
paul-moore.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [bug report] selinux: optimize storage of filename transitions
2024-04-03 18:13 ` Paul Moore
@ 2024-04-04 12:59 ` Ondrej Mosnacek
0 siblings, 0 replies; 3+ messages in thread
From: Ondrej Mosnacek @ 2024-04-04 12:59 UTC (permalink / raw
To: Paul Moore; +Cc: Dan Carpenter, selinux
On Wed, Apr 3, 2024 at 8:13 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Wed, Apr 3, 2024 at 4:38 AM Dan Carpenter <dan.carpenter@linaro.org> wrote:
> >
> > Hello Ondrej Mosnacek,
> >
> > Commit c3a276111ea2 ("selinux: optimize storage of filename
> > transitions") from Feb 18, 2020 (linux-next), leads to the following
> > Smatch static checker warning:
> >
> > security/selinux/ss/policydb.c:1953 filename_trans_read_helper_compat()
> > warn: missing error code 'rc'
> >
> > security/selinux/ss/policydb.c
> > 1916 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
> > 1917 {
> > 1918 struct filename_trans_key key, *ft = NULL;
> > 1919 struct filename_trans_datum *last, *datum = NULL;
> > 1920 char *name = NULL;
> > 1921 u32 len, stype, otype;
> > 1922 __le32 buf[4];
> > 1923 int rc;
> > 1924
> > 1925 /* length of the path component string */
> > 1926 rc = next_entry(buf, fp, sizeof(u32));
> > 1927 if (rc)
> > 1928 return rc;
> > 1929 len = le32_to_cpu(buf[0]);
> > 1930
> > 1931 /* path component string */
> > 1932 rc = str_read(&name, GFP_KERNEL, fp, len);
> > 1933 if (rc)
> > 1934 return rc;
> > 1935
> > 1936 rc = next_entry(buf, fp, sizeof(u32) * 4);
> > 1937 if (rc)
> > 1938 goto out;
> > 1939
> > 1940 stype = le32_to_cpu(buf[0]);
> > 1941 key.ttype = le32_to_cpu(buf[1]);
> > 1942 key.tclass = le32_to_cpu(buf[2]);
> > 1943 key.name = name;
> > 1944
> > 1945 otype = le32_to_cpu(buf[3]);
> > 1946
> > 1947 last = NULL;
> > 1948 datum = policydb_filenametr_search(p, &key);
> > 1949 while (datum) {
> > 1950 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
> > 1951 /* conflicting/duplicate rules are ignored */
> > 1952 datum = NULL;
> > --> 1953 goto out;
> >
> > It's not clear just from looking at this, if it should return zero or an
> > error code. The way to silence these warnings in smatch is to add a
> > "rc = 0;" within 5 lines of the goto. Or a comment would also help
> > reviewers.
>
> Thanks Dan,
>
> Based on the comment and rest of the function I believe the right
> choice is to set @rc to zero before the 'goto'. However, let's give
> Ondrej a chance to comment and submit a patch.
Yes, it should be set to zero in that path (and already happens to be
as a result of lines 1936-1937). I will send a patch to set it
explicitly just before the goto to make it clear and less error-prone.
Thank you for the report!
--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-04-04 13:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-03 8:37 [bug report] selinux: optimize storage of filename transitions Dan Carpenter
2024-04-03 18:13 ` Paul Moore
2024-04-04 12:59 ` Ondrej Mosnacek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).