[PATCH 1/5] apparmor: Remove redundant assignments

[PATCH 1/5] apparmor: Remove redundant assignments

[Michal Orzel]

Get rid of redundant assignments which end up in values not being
read either because they are overwritten or the function ends.

Reported by clang-tidy [deadcode.DeadStores]

Signed-off-by: Michal Orzel <michalorzel.eng@gmail.com>
---
 security/apparmor/domain.c | 3 +--
 security/apparmor/label.c  | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index a29e69d2c300..77724acd9d8a 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -627,7 +627,6 @@ static struct aa_label *profile_transition(struct aa_profile *profile,
 {
 	struct aa_label *new = NULL;
 	const char *info = NULL, *name = NULL, *target = NULL;
-	unsigned int state = profile->file.start;
 	struct aa_perms perms = {};
 	bool nonewprivs = false;
 	int error = 0;
@@ -661,7 +660,7 @@ static struct aa_label *profile_transition(struct aa_profile *profile,
 	}
 
 	/* find exec permissions for name */
-	state = aa_str_perms(profile->file.dfa, state, name, cond, &perms);
+	aa_str_perms(profile->file.dfa, profile->file.start, name, cond, &perms);
 	if (perms.allow & MAY_EXEC) {
 		/* exec permission determine how to transition */
 		new = x_to_label(profile, bprm, name, perms.xindex, &target,
diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index 0b0265da1926..ce9ae9b6b303 100644
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -807,7 +807,7 @@ bool aa_label_replace(struct aa_label *old, struct aa_label *new)
 		struct aa_labelset *ls = labels_set(old);
 
 		write_lock_irqsave(&ls->lock, flags);
-		res = __label_remove(old, new);
+		__label_remove(old, new);
 		if (labels_ns(old) != labels_ns(new)) {
 			write_unlock_irqrestore(&ls->lock, flags);
 			ls = labels_set(new);
-- 
2.25.1

[PATCH 2/5] integrity: Remove redundant assignments

[Michal Orzel]

Get rid of redundant assignments which end up in values not being
read either because they are overwritten or the function ends.

Reported by clang-tidy [deadcode.DeadStores]

Signed-off-by: Michal Orzel <michalorzel.eng@gmail.com>
---
 security/integrity/ima/ima_main.c   | 2 +-
 security/integrity/ima/ima_modsig.c | 2 +-
 security/integrity/ima/ima_policy.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 3d3f8c5c502b..1aebf63ad7a6 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -432,7 +432,7 @@ int ima_file_mmap(struct file *file, unsigned long prot)
 int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
 {
 	struct ima_template_desc *template = NULL;
-	struct file *file = vma->vm_file;
+	struct file *file;
 	char filename[NAME_MAX];
 	char *pathbuf = NULL;
 	const char *pathname = NULL;
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index fb25723c65bc..2c9d451d6326 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -109,7 +109,7 @@ void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size)
 		return;
 
 	/* Ask the PKCS7 code to calculate the file hash. */
-	rc = pkcs7_get_digest(modsig->pkcs7_msg, &modsig->digest,
+	pkcs7_get_digest(modsig->pkcs7_msg, &modsig->digest,
 			      &modsig->digest_size, &modsig->hash_algo);
 }
 
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index eea6e92500b8..c328c2266092 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -869,7 +869,7 @@ static int __init ima_init_arch_policy(void)
 		char rule[255];
 		int result;
 
-		result = strscpy(rule, *rules, sizeof(rule));
+		strscpy(rule, *rules, sizeof(rule));
 
 		INIT_LIST_HEAD(&arch_policy_entry[i].list);
 		result = ima_parse_rule(rule, &arch_policy_entry[i]);
-- 
2.25.1

[PATCH 3/5] keys: Remove redundant assignments

[Michal Orzel]

Get rid of redundant assignments which end up in values not being
read either because they are overwritten or the function ends.

Reported by clang-tidy [deadcode.DeadStores]

Signed-off-by: Michal Orzel <michalorzel.eng@gmail.com>
---
 security/keys/process_keys.c | 1 -
 security/keys/request_key.c  | 6 ++----
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index b5d5333ab330..8bdd6410f79a 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -92,7 +92,6 @@ int look_up_user_keyrings(struct key **_user_keyring,
 		return PTR_ERR(reg_keyring);
 
 	down_write(&user_ns->keyring_sem);
-	ret = 0;
 
 	/* Get the user keyring.  Note that there may be one in existence
 	 * already as it may have been pinned by a session, but the user_struct
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 2da4404276f0..ad29023c9518 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -116,7 +116,7 @@ static int call_sbin_request_key(struct key *authkey, void *aux)
 {
 	static char const request_key[] = "/sbin/request-key";
 	struct request_key_auth *rka = get_request_key_auth(authkey);
-	const struct cred *cred = current_cred();
+	const struct cred *cred;
 	key_serial_t prkey, sskey;
 	struct key *key = rka->target_key, *keyring, *session, *user_session;
 	char *argv[9], *envp[3], uid_str[12], gid_str[12];
@@ -506,9 +506,7 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
 			kdebug("cons failed");
 			goto construction_failed;
 		}
-	} else if (ret == -EINPROGRESS) {
-		ret = 0;
-	} else {
+	} else if (ret != -EINPROGRESS) {
 		goto error_put_dest_keyring;
 	}
 
-- 
2.25.1

[PATCH 4/5] selinux: Remove redundant assignments

[Michal Orzel]

Get rid of redundant assignments which end up in values not being
read either because they are overwritten or the function ends.

Reported by clang-tidy [deadcode.DeadStores]

Signed-off-by: Michal Orzel <michalorzel.eng@gmail.com>
---
 security/selinux/avc.c         | 4 ++--
 security/selinux/hooks.c       | 1 -
 security/selinux/ss/services.c | 1 -
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index abcd9740d10f..874c1c6fe10b 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state,
 
 	node = avc_lookup(state->avc, ssid, tsid, tclass);
 	if (unlikely(!node)) {
-		node = avc_compute_av(state, ssid, tsid, tclass, &avd, xp_node);
+		avc_compute_av(state, ssid, tsid, tclass, &avd, xp_node);
 	} else {
 		memcpy(&avd, &node->ae.avd, sizeof(avd));
 		xp_node = node->ae.xp_node;
@@ -1151,7 +1151,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
 
 	node = avc_lookup(state->avc, ssid, tsid, tclass);
 	if (unlikely(!node))
-		node = avc_compute_av(state, ssid, tsid, tclass, avd, &xp_node);
+		avc_compute_av(state, ssid, tsid, tclass, avd, &xp_node);
 	else
 		memcpy(avd, &node->ae.avd, sizeof(*avd));
 
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e9e959343de9..f792835b3fb6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6487,7 +6487,6 @@ static int selinux_setprocattr(const char *name, void *value, size_t size)
 			goto abort_change;
 
 		/* Only allow single threaded processes to change context */
-		error = -EPERM;
 		if (!current_is_single_threaded()) {
 			error = security_bounded_transition(&selinux_state,
 							    tsec->sid, sid);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 6901dc07680d..802a80648c6c 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2980,7 +2980,6 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb)
 	}
 
 retry:
-	rc = 0;
 	rcu_read_lock();
 	policy = rcu_dereference(state->policy);
 	policydb = &policy->policydb;
-- 
2.25.1

[PATCH 5/5] smack: Remove redundant assignments

[Michal Orzel]

Get rid of redundant assignments which end up in values not being
read either because they are overwritten or the function ends.

Reported by clang-tidy [deadcode.DeadStores]

Signed-off-by: Michal Orzel <michalorzel.eng@gmail.com>
---
 security/smack/smackfs.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 658eab05599e..9e61014073cc 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -1192,7 +1192,6 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
 			rc = -EINVAL;
 			goto free_out;
 		}
-		m = BEBITS;
 		masks = 32;
 	}
 	if (masks > BEBITS) {
-- 
2.25.1

Re: [PATCH 5/5] smack: Remove redundant assignments

[Casey Schaufler]

On 3/31/2022 10:33 AM, Michal Orzel wrote:
> Get rid of redundant assignments which end up in values not being
> read either because they are overwritten or the function ends.
>
> Reported by clang-tidy [deadcode.DeadStores]
>
> Signed-off-by: Michal Orzel <michalorzel.eng@gmail.com>

Thank you. I will take this via the Smack tree.

> ---
>   security/smack/smackfs.c | 1 -
>   1 file changed, 1 deletion(-)
>
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 658eab05599e..9e61014073cc 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -1192,7 +1192,6 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
>   			rc = -EINVAL;
>   			goto free_out;
>   		}
> -		m = BEBITS;
>   		masks = 32;
>   	}
>   	if (masks > BEBITS) {

Re: [PATCH 3/5] keys: Remove redundant assignments

[Jarkko Sakkinen]

On Thu, Mar 31, 2022 at 07:33:56PM +0200, Michal Orzel wrote:
> Get rid of redundant assignments which end up in values not being
> read either because they are overwritten or the function ends.
> 
> Reported by clang-tidy [deadcode.DeadStores]
> 
> Signed-off-by: Michal Orzel <michalorzel.eng@gmail.com>
> ---
>  security/keys/process_keys.c | 1 -
>  security/keys/request_key.c  | 6 ++----
>  2 files changed, 2 insertions(+), 5 deletions(-)
> 
> diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
> index b5d5333ab330..8bdd6410f79a 100644
> --- a/security/keys/process_keys.c
> +++ b/security/keys/process_keys.c
> @@ -92,7 +92,6 @@ int look_up_user_keyrings(struct key **_user_keyring,
>  		return PTR_ERR(reg_keyring);
>  
>  	down_write(&user_ns->keyring_sem);
> -	ret = 0;
>  
>  	/* Get the user keyring.  Note that there may be one in existence
>  	 * already as it may have been pinned by a session, but the user_struct
> diff --git a/security/keys/request_key.c b/security/keys/request_key.c
> index 2da4404276f0..ad29023c9518 100644
> --- a/security/keys/request_key.c
> +++ b/security/keys/request_key.c
> @@ -116,7 +116,7 @@ static int call_sbin_request_key(struct key *authkey, void *aux)
>  {
>  	static char const request_key[] = "/sbin/request-key";
>  	struct request_key_auth *rka = get_request_key_auth(authkey);
> -	const struct cred *cred = current_cred();
> +	const struct cred *cred;
>  	key_serial_t prkey, sskey;
>  	struct key *key = rka->target_key, *keyring, *session, *user_session;
>  	char *argv[9], *envp[3], uid_str[12], gid_str[12];
> @@ -506,9 +506,7 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
>  			kdebug("cons failed");
>  			goto construction_failed;
>  		}
> -	} else if (ret == -EINPROGRESS) {
> -		ret = 0;
> -	} else {
> +	} else if (ret != -EINPROGRESS) {
>  		goto error_put_dest_keyring;
>  	}
>  
> -- 
> 2.25.1
> 


Acked-by: Jarkko Sakkinen <jarkko@kernel.org>

David: can you pick this?

BR, Jarkko