SELinux Archive on lore.kernel.org
 help / Atom feed
* [PATCH] selinux: replace BUG_ONs with WARN_ONs in avc.c
@ 2019-01-26 10:18 Ondrej Mosnacek
  2019-01-28 13:26 ` Stephen Smalley
  0 siblings, 1 reply; 4+ messages in thread
From: Ondrej Mosnacek @ 2019-01-26 10:18 UTC (permalink / raw)
  To: selinux, Paul Moore; +Cc: Stephen Smalley, Ondrej Mosnacek

These checks are only guarding against programming errors that could
silently grant too many permissions. These cases are better handled with
WARN_ON(), since it doesn't really help much to crash the machine in
this case.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 security/selinux/avc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 3a27418b20d7..84f108f4100a 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state,
 	int rc = 0, rc2;
 
 	xp_node = &local_xp_node;
-	BUG_ON(!requested);
+	WARN_ON(!requested);
 
 	rcu_read_lock();
 
@@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
 	int rc = 0;
 	u32 denied;
 
-	BUG_ON(!requested);
+	WARN_ON(!requested);
 
 	rcu_read_lock();
 
-- 
2.20.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] selinux: replace BUG_ONs with WARN_ONs in avc.c
  2019-01-26 10:18 [PATCH] selinux: replace BUG_ONs with WARN_ONs in avc.c Ondrej Mosnacek
@ 2019-01-28 13:26 ` Stephen Smalley
  2019-01-28 15:11   ` Paul Moore
  0 siblings, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2019-01-28 13:26 UTC (permalink / raw)
  To: Ondrej Mosnacek, selinux, Paul Moore

On 1/26/19 5:18 AM, Ondrej Mosnacek wrote:
> These checks are only guarding against programming errors that could
> silently grant too many permissions. These cases are better handled with
> WARN_ON(), since it doesn't really help much to crash the machine in
> this case.
> 
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
>   security/selinux/avc.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index 3a27418b20d7..84f108f4100a 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state,
>   	int rc = 0, rc2;
>   
>   	xp_node = &local_xp_node;
> -	BUG_ON(!requested);
> +	WARN_ON(!requested);

Should this be:
	if (WARN_ON(!requested))
		return -EACCES;

>   
>   	rcu_read_lock();
>   
> @@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
>   	int rc = 0;
>   	u32 denied;
>   
> -	BUG_ON(!requested);
> +	WARN_ON(!requested);

And likewise

>   
>   	rcu_read_lock();
>   
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] selinux: replace BUG_ONs with WARN_ONs in avc.c
  2019-01-28 13:26 ` Stephen Smalley
@ 2019-01-28 15:11   ` Paul Moore
  2019-01-28 15:43     ` Ondrej Mosnacek
  0 siblings, 1 reply; 4+ messages in thread
From: Paul Moore @ 2019-01-28 15:11 UTC (permalink / raw)
  To: Stephen Smalley, Ondrej Mosnacek; +Cc: selinux

On Mon, Jan 28, 2019 at 8:23 AM Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On 1/26/19 5:18 AM, Ondrej Mosnacek wrote:
> > These checks are only guarding against programming errors that could
> > silently grant too many permissions. These cases are better handled with
> > WARN_ON(), since it doesn't really help much to crash the machine in
> > this case.
> >
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > ---
> >   security/selinux/avc.c | 4 ++--
> >   1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> > index 3a27418b20d7..84f108f4100a 100644
> > --- a/security/selinux/avc.c
> > +++ b/security/selinux/avc.c
> > @@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state,
> >       int rc = 0, rc2;
> >
> >       xp_node = &local_xp_node;
> > -     BUG_ON(!requested);
> > +     WARN_ON(!requested);
>
> Should this be:
>         if (WARN_ON(!requested))
>                 return -EACCES;

I think so, it would be bad not to return an error in this case (and
the similar one below).

> >
> >       rcu_read_lock();
> >
> > @@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
> >       int rc = 0;
> >       u32 denied;
> >
> > -     BUG_ON(!requested);
> > +     WARN_ON(!requested);
>
> And likewise
>
> >
> >       rcu_read_lock();
> >
> >

-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] selinux: replace BUG_ONs with WARN_ONs in avc.c
  2019-01-28 15:11   ` Paul Moore
@ 2019-01-28 15:43     ` Ondrej Mosnacek
  0 siblings, 0 replies; 4+ messages in thread
From: Ondrej Mosnacek @ 2019-01-28 15:43 UTC (permalink / raw)
  To: Paul Moore; +Cc: Stephen Smalley, selinux

On Mon, Jan 28, 2019 at 4:11 PM Paul Moore <paul@paul-moore.com> wrote:
> On Mon, Jan 28, 2019 at 8:23 AM Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On 1/26/19 5:18 AM, Ondrej Mosnacek wrote:
> > > These checks are only guarding against programming errors that could
> > > silently grant too many permissions. These cases are better handled with
> > > WARN_ON(), since it doesn't really help much to crash the machine in
> > > this case.
> > >
> > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > > ---
> > >   security/selinux/avc.c | 4 ++--
> > >   1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> > > index 3a27418b20d7..84f108f4100a 100644
> > > --- a/security/selinux/avc.c
> > > +++ b/security/selinux/avc.c
> > > @@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state,
> > >       int rc = 0, rc2;
> > >
> > >       xp_node = &local_xp_node;
> > > -     BUG_ON(!requested);
> > > +     WARN_ON(!requested);
> >
> > Should this be:
> >         if (WARN_ON(!requested))
> >                 return -EACCES;
>
> I think so, it would be bad not to return an error in this case (and
> the similar one below).

Makes sense... will send a v2 right away.

>
> > >
> > >       rcu_read_lock();
> > >
> > > @@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
> > >       int rc = 0;
> > >       u32 denied;
> > >
> > > -     BUG_ON(!requested);
> > > +     WARN_ON(!requested);
> >
> > And likewise
> >
> > >
> > >       rcu_read_lock();
> > >
> > >
>
> --
> paul moore
> www.paul-moore.com

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Associate Software Engineer, Security Technologies
Red Hat, Inc.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-26 10:18 [PATCH] selinux: replace BUG_ONs with WARN_ONs in avc.c Ondrej Mosnacek
2019-01-28 13:26 ` Stephen Smalley
2019-01-28 15:11   ` Paul Moore
2019-01-28 15:43     ` Ondrej Mosnacek

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org selinux@archiver.kernel.org
	public-inbox-index selinux


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/ public-inbox