From: Paul Moore <paul@paul-moore.com>
To: Markus Elfring <Markus.Elfring@web.de>
Cc: kernel-janitors@vger.kernel.org, selinux@vger.kernel.org,
"Christian Göttsche" <cgzones@googlemail.com>,
"Eric Paris" <eparis@parisplace.org>,
"Michal Orzel" <michalorzel.eng@gmail.com>,
"Ondrej Mosnacek" <omosnace@redhat.com>,
"Ruiqi Gong" <gongruiqi1@huawei.com>,
"Stephen Smalley" <stephen.smalley.work@gmail.com>,
"Xiu Jianfeng" <xiujianfeng@huawei.com>,
cocci@inria.fr, LKML <linux-kernel@vger.kernel.org>,
"Ruiqi Gong" <ruiqi.gong@qq.com>
Subject: Re: [PATCH v2] selinux: Adjust implementation of security_get_bools()
Date: Mon, 27 Mar 2023 17:37:13 -0400 [thread overview]
Message-ID: <CAHC9VhR=yK72JXW3hJR+gUQtGCNpF0Bzk5RDzPZR0MunC84AUQ@mail.gmail.com> (raw)
In-Reply-To: <57a97109-7a67-245b-8072-54aec3b5021d@web.de>
On Mon, Mar 27, 2023 at 3:00 AM Markus Elfring <Markus.Elfring@web.de> wrote:
>
> Date: Mon, 27 Mar 2023 08:50:56 +0200
>
> The label “err” was used to jump to another pointer check despite of
> the detail in the implementation of the function “security_get_bools”
> that it was determined already that a corresponding variable contained
> a null pointer because of a failed memory allocation.
>
> Thus perform the following adjustments:
>
> 1. Convert the statement “policydb = &policy->policydb;” into
> a variable initialisation.
>
> 2. Replace the statement “goto out;” by “return -ENOMEM;”.
>
> 3. Return zero directly at two places.
>
> 4. Omit the variable “rc”.
>
> 5. Use more appropriate labels instead.
>
> 6. Reorder the assignment targets for two kcalloc() calls.
>
> 7. Reorder jump targets at the end.
>
> 8. Assign a value element only after a name assignment succeeded.
>
> 9. Delete an extra pointer check which became unnecessary
> with this refactoring.
>
>
> This issue was detected by using the Coccinelle software.
>
> Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
> ---
> security/selinux/ss/services.c | 52 ++++++++++++++--------------------
> 1 file changed, 22 insertions(+), 30 deletions(-)
Hmm, for some odd reason I don't see this patch in the SELinux mailing
list archive or the patchwork; replying here without comment (that
will come later) to make sure this hits the SELinux list.
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index f14d1ffe54c5..702282954bf9 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -2964,53 +2964,45 @@ int security_fs_use(struct super_block *sb)
> int security_get_bools(struct selinux_policy *policy,
> u32 *len, char ***names, int **values)
> {
> - struct policydb *policydb;
> + struct policydb *policydb = &policy->policydb;
> u32 i;
> - int rc;
> -
> - policydb = &policy->policydb;
>
> *names = NULL;
> *values = NULL;
> -
> - rc = 0;
> *len = policydb->p_bools.nprim;
> if (!*len)
> - goto out;
> -
> - rc = -ENOMEM;
> - *names = kcalloc(*len, sizeof(char *), GFP_ATOMIC);
> - if (!*names)
> - goto err;
> + return 0;
>
> - rc = -ENOMEM;
> *values = kcalloc(*len, sizeof(int), GFP_ATOMIC);
> if (!*values)
> - goto err;
> + goto reset_len;
>
> - for (i = 0; i < *len; i++) {
> - (*values)[i] = policydb->bool_val_to_struct[i]->state;
> + *names = kcalloc(*len, sizeof(char *), GFP_ATOMIC);
> + if (!*names)
> + goto free_values;
>
> - rc = -ENOMEM;
> + for (i = 0; i < *len; i++) {
> (*names)[i] = kstrdup(sym_name(policydb, SYM_BOOLS, i),
> GFP_ATOMIC);
> if (!(*names)[i])
> - goto err;
> - }
> - rc = 0;
> -out:
> - return rc;
> -err:
> - if (*names) {
> - for (i = 0; i < *len; i++)
> - kfree((*names)[i]);
> - kfree(*names);
> + goto free_names;
> +
> + (*values)[i] = policydb->bool_val_to_struct[i]->state;
> }
> - kfree(*values);
> - *len = 0;
> + return 0;
> +
> +free_names:
> + for (i = 0; i < *len; i++)
> + kfree((*names)[i]);
> +
> + kfree(*names);
> *names = NULL;
> +free_values:
> + kfree(*values);
> *values = NULL;
> - goto out;
> +reset_len:
> + *len = 0;
> + return -ENOMEM;
> }
>
>
> --
> 2.40.0
--
paul-moore.com
next prev parent reply other threads:[~2023-03-27 21:37 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <f9303bdc-b1a7-be5e-56c6-dfa8232b8b55@web.de>
[not found] ` <0981dc33-95d0-4a1b-51d9-168907da99e6@web.de>
2023-03-17 13:11 ` [PATCH] powerpc/pseries: Fix exception handling in pSeries_reconfig_add_node() Nathan Lynch
[not found] ` <a01643fd-1e4a-1183-2fa6-000465bc81f3@web.de>
2023-03-17 15:41 ` Nathan Lynch
[not found] ` <2f5a00f6-f3fb-9f00-676a-acdcbef90c6c@web.de>
2023-03-20 15:38 ` Nathan Lynch
[not found] ` <afb528f2-5960-d107-c3ba-42a3356ffc65@web.de>
[not found] ` <d4bcde15-b4f1-0e98-9072-3153d1bd21bc@web.de>
[not found] ` <08ddf274-b9a3-a702-dd1b-2c11b316ac5f@web.de>
2024-01-05 17:19 ` [PATCH resent v2 0/2] powerpc/pseries: Fixes for " Markus Elfring
[not found] ` <afe30fc6-04c9-528c-f84a-67902b5a6ed8@web.de>
2023-03-19 11:40 ` [PATCH] RDMA/siw: Fix exception handling in siw_accept_newconn() Leon Romanovsky
[not found] ` <1c06e86d-1468-c11a-8344-9563ad6047b5@web.de>
2023-03-19 14:11 ` Leon Romanovsky
[not found] ` <a03c1d04-a41e-7722-c36a-bd6f61094702@web.de>
2023-03-19 17:37 ` Leon Romanovsky
[not found] ` <f0f96f74-21d1-f5bf-1086-1c3ce0ea18f5@web.de>
2023-03-19 11:41 ` [PATCH] RDMA/erdma: Fix exception handling in erdma_accept_newconn() Leon Romanovsky
2023-03-19 13:36 ` Cheng Xu
[not found] ` <521b63e1-9470-58ef-599e-50a1846e5380@web.de>
2023-03-20 4:21 ` [PATCH] Input: iforce - Fix exception handling in iforce_usb_probe() Dmitry Torokhov
2023-03-20 4:34 ` Tetsuo Handa
2023-03-20 6:05 ` Dmitry Torokhov
[not found] ` <e3aaeecf-8e74-2e74-c58a-d80e153e98f9@web.de>
2023-03-22 9:36 ` [PATCH] media: hantro: HEVC: Fix exception handling in tile_buffer_reallocate() Benjamin Gaignard
[not found] ` <6e9ca062-939b-af96-c8ff-56ad485d6e79@web.de>
2023-03-24 17:30 ` [PATCH] mm/mempolicy: Fix exception handling in shared_policy_replace() Vlastimil Babka
[not found] ` <e6656c83-ee7a-a253-2028-109138779c94@web.de>
[not found] ` <ea0ff67b-3665-db82-9792-67a633ba07f5@web.de>
2023-03-24 17:46 ` [PATCH resent] drm/amd/display: Fix exception handling in dm_validate_stream_and_context() Hamza Mahfooz
[not found] ` <7a523efc-a82b-a1a1-e846-6047226cc968@web.de>
2023-03-24 18:33 ` Hamza Mahfooz
[not found] ` <9e0a7e6c-484d-92e0-ddf9-6e541403327e@web.de>
2023-03-24 20:07 ` [PATCH] selftests/bpf: Improve exception handling in rbtree_add_and_remove() Alexei Starovoitov
[not found] ` <e33f264a-7ee9-4ebc-d58e-bbb7fd567198@web.de>
[not found] ` <d0381c8e-7302-b0ed-cf69-cbc8c3618106@web.de>
2023-03-25 10:16 ` [PATCH resent] bcache: Fix exception handling in mca_alloc() Coly Li
[not found] ` <13b4a57a-5911-16db-2b6e-588e5137c3aa@web.de>
2023-03-25 16:07 ` [PATCH v2] " Coly Li
[not found] ` <00589154-00ac-4ed5-2a37-60b3c6f6c523@web.de>
[not found] ` <b7b6db19-055e-ace8-da37-24b4335e93b2@web.de>
2023-03-25 11:51 ` [PATCH resent] mei: Fix exception handling in mei_cl_irq_read_msg() Winkler, Tomas
[not found] ` <c383bdca-6f0d-4a75-e788-e1920faa0a62@web.de>
2023-03-25 19:24 ` [PATCH] selftests: cgroup: Fix exception handling in test_memcg_oom_group_score_events() Lorenzo Stoakes
[not found] ` <5b7921c9-ee5d-c372-b19b-2701bcf33148@web.de>
2023-03-26 21:39 ` David Vernet
[not found] ` <c46dbb48-259b-1de9-2364-9bfaf1061944@web.de>
2023-03-27 9:13 ` David Vernet
[not found] ` <ab860edf-79ca-2035-c5a3-d25be6fd9dac@web.de>
[not found] ` <3a35fb28-5937-72f8-b2e8-b1d9899b5e43@web.de>
2023-03-27 9:11 ` [PATCH resent] perf/x86/amd/uncore: Fix exception handling in amd_uncore_cpu_up_prepare() Adrian Hunter
2023-03-27 14:58 ` Peter Zijlstra
[not found] ` <8d193937-532f-959f-9b84-d911984508aa@web.de>
[not found] ` <941709b5-d940-42c9-5f31-7ed56e3e6151@web.de>
2023-03-27 12:28 ` [PATCH resent] drbd: Fix exception handling in nla_put_drbd_cfg_context() Christoph Böhmwalder
[not found] ` <83763b78-453d-de21-9b48-1c226afa13a0@web.de>
[not found] ` <57a97109-7a67-245b-8072-54aec3b5021d@web.de>
2023-03-27 21:37 ` Paul Moore [this message]
2023-03-27 22:08 ` [PATCH v2] selinux: Adjust implementation of security_get_bools() Paul Moore
[not found] ` <9e8bb69f-99e8-f204-6435-cc6e52816ebf@web.de>
2023-03-28 19:59 ` Paul Moore
[not found] ` <382bc6d8-7f75-822a-6c36-088b1d2f427a@web.de>
2023-03-29 14:19 ` Paul Moore
[not found] ` <5ed1bc78-77a1-8eb8-43f9-6005d7de49c8@web.de>
[not found] ` <9e3705dc-7a70-c584-916e-ae582c7667b6@web.de>
2023-03-28 8:30 ` [PATCH resent] clk: at91: sama7g5: Add two jump labels in sama7g5_pmc_setup() Nicolas Ferre
[not found] ` <7985ac57-5b33-e7df-f319-ad6ee0788e2c@web.de>
2023-03-28 22:02 ` Alexandre Belloni
[not found] ` <6ee3b703-2161-eacd-c12f-7fa3bedf82dc@web.de>
[not found] ` <49adf0c8-825a-018f-6d95-ce613944fc9b@web.de>
2023-03-28 23:21 ` [PATCH resent 0/2] md/raid: Adjustments for two function implementations Song Liu
[not found] ` <2fbfc20a-71ee-ddaa-19d8-7beed559b491@web.de>
2023-03-29 19:03 ` [0/2] " Song Liu
[not found] ` <b3cce5b3-2e68-180c-c293-74d4d9d4032c@web.de>
[not found] ` <2d125f3e-4de6-cfb4-2d21-6e1ec04bc412@web.de>
2023-04-03 3:35 ` [PATCH resent] cpufreq: sparc: Fix exception handling in two functions Viresh Kumar
[not found] ` <39342542-9353-6a7b-0aa9-f9c294b158cb@web.de>
2023-04-03 23:04 ` [PATCH] " Viresh Kumar
[not found] ` <68b1988b-987f-fa2b-111e-b1b42f9767ab@web.de>
2023-04-09 23:55 ` [PATCH v2] " Viresh Kumar
[not found] ` <f9f40c8a-a392-27e3-b19c-c8985a163159@web.de>
2023-04-11 3:30 ` [v2] " Viresh Kumar
[not found] ` <e53bfa4f-c4b0-ee80-a64c-be8e9af76230@web.de>
2023-04-11 6:40 ` Viresh Kumar
[not found] ` <8f785de5-ebe2-edd9-2155-f440acacc643@web.de>
[not found] ` <82aebf6c-47ac-9d17-2d11-6245f582338e@web.de>
2023-04-07 7:54 ` [PATCH] spi: atmel: Improve exception handling in atmel_spi_configure_dma() Nicolas Ferre
[not found] ` <01af2ec9-4758-1fe6-0d74-b30b95c3e9a5@web.de>
2023-04-09 9:59 ` [PATCH 0/2] IB/uverbs: Adjustments for create_qp() Leon Romanovsky
[not found] ` <d0e18bb1-afc4-8b6f-bb1c-b74b3bad908e@web.de>
2023-04-10 17:44 ` [PATCH] remoteproc: imx_dsp_rproc: Improve exception handling in imx_dsp_rproc_mbox_alloc() Mathieu Poirier
[not found] ` <f1eaec48-cabb-5fc6-942b-f1ef7af9bb57@web.de>
2023-05-16 15:20 ` [cocci] [PATCH] firmware: ti_sci: Fix exception handling in ti_sci_probe() Nishanth Menon
2023-05-17 6:43 ` Dan Carpenter
[not found] ` <72a7bfe2-6051-01b0-6c51-a0f8cc0c93a5@web.de>
[not found] ` <ecda8227-d89a-9c23-06b7-54f9d974af5e@web.de>
2024-01-05 17:42 ` [PATCH v2 0/4] powerpc/4xx: Adjustments for four function implementations Markus Elfring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHC9VhR=yK72JXW3hJR+gUQtGCNpF0Bzk5RDzPZR0MunC84AUQ@mail.gmail.com' \
--to=paul@paul-moore.com \
--cc=Markus.Elfring@web.de \
--cc=cgzones@googlemail.com \
--cc=cocci@inria.fr \
--cc=eparis@parisplace.org \
--cc=gongruiqi1@huawei.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michalorzel.eng@gmail.com \
--cc=omosnace@redhat.com \
--cc=ruiqi.gong@qq.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=xiujianfeng@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).