Message ID | 20190125025639.GA13946@embeddedor (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | security: mark expected switch fall-throughs | expand |
On 1/24/19 9:13 PM, Casey Schaufler wrote: > On 1/24/2019 6:56 PM, Gustavo A. R. Silva wrote: >> In preparation to enabling -Wimplicit-fallthrough, mark switch >> cases where we are expecting to fall through. >> >> This patch fixes the following warnings: >> >> security/integrity/ima/ima_appraise.c:116:26: warning: this statement may fall through [-Wimplicit-fallthrough=] >> security/integrity/ima/ima_template_lib.c:85:10: warning: this statement may fall through [-Wimplicit-fallthrough=] >> security/integrity/ima/ima_policy.c:940:18: warning: this statement may fall through [-Wimplicit-fallthrough=] >> security/integrity/ima/ima_policy.c:943:7: warning: this statement may fall through [-Wimplicit-fallthrough=] >> security/integrity/ima/ima_policy.c:972:21: warning: this statement may fall through [-Wimplicit-fallthrough=] >> security/integrity/ima/ima_policy.c:974:7: warning: this statement may fall through [-Wimplicit-fallthrough=] >> security/smack/smack_lsm.c:3391:9: warning: this statement may fall through [-Wimplicit-fallthrough=] >> security/apparmor/domain.c:569:6: warning: this statement may fall through [-Wimplicit-fallthrough=] >> >> Warning level 3 was used: -Wimplicit-fallthrough=3 >> >> This patch is part of the ongoing efforts to enabling -Wimplicit-fallthrough. >> >> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> > > Acked-by: Casey Schaufler <casey@schaufler-ca.com> > > Ug. It can't be part of a greater comment? Grumble. > Not like the one in this case. It can be part of a one line comment like this: /* fall through - ... */ and it has to be placed at the bottom of the case. I know... I'd be great if this can be improved. >> --- >> security/apparmor/domain.c | 2 +- >> security/integrity/ima/ima_appraise.c | 1 + >> security/integrity/ima/ima_policy.c | 4 ++++ >> security/integrity/ima/ima_template_lib.c | 1 + >> security/smack/smack_lsm.c | 3 +-- >> 5 files changed, 8 insertions(+), 3 deletions(-) >> >> diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c >> index 726910bba84b..c7c619578095 100644 >> --- a/security/apparmor/domain.c >> +++ b/security/apparmor/domain.c >> @@ -572,7 +572,7 @@ static struct aa_label *x_to_label(struct aa_profile *profile, >> stack = NULL; >> break; >> } >> - /* fall through to X_NAME */ >> + /* fall through - to X_NAME */ >> case AA_X_NAME: >> if (xindex & AA_X_CHILD) >> /* released by caller */ >> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c >> index a2baa85ea2f5..57daf30fb7d4 100644 >> --- a/security/integrity/ima/ima_appraise.c >> +++ b/security/integrity/ima/ima_appraise.c >> @@ -114,6 +114,7 @@ static void ima_set_cache_status(struct integrity_iint_cache *iint, >> break; >> case CREDS_CHECK: >> iint->ima_creds_status = status; >> + /* fall through */ >> case FILE_CHECK: >> case POST_SETATTR: >> iint->ima_file_status = status; >> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c >> index 8bc8a1c8cb3f..122797023bdb 100644 >> --- a/security/integrity/ima/ima_policy.c >> +++ b/security/integrity/ima/ima_policy.c >> @@ -938,10 +938,12 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) >> case Opt_uid_gt: >> case Opt_euid_gt: >> entry->uid_op = &uid_gt; >> + /* fall through */ >> case Opt_uid_lt: >> case Opt_euid_lt: >> if ((token == Opt_uid_lt) || (token == Opt_euid_lt)) >> entry->uid_op = &uid_lt; >> + /* fall through */ >> case Opt_uid_eq: >> case Opt_euid_eq: >> uid_token = (token == Opt_uid_eq) || >> @@ -970,9 +972,11 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) >> break; >> case Opt_fowner_gt: >> entry->fowner_op = &uid_gt; >> + /* fall through */ >> case Opt_fowner_lt: >> if (token == Opt_fowner_lt) >> entry->fowner_op = &uid_lt; >> + /* fall through */ >> case Opt_fowner_eq: >> ima_log_string_op(ab, "fowner", args[0].from, >> entry->fowner_op); >> diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c >> index 43752002c222..513b457ae900 100644 >> --- a/security/integrity/ima/ima_template_lib.c >> +++ b/security/integrity/ima/ima_template_lib.c >> @@ -83,6 +83,7 @@ static void ima_show_template_data_ascii(struct seq_file *m, >> /* skip ':' and '\0' */ >> buf_ptr += 2; >> buflen -= buf_ptr - field_data->data; >> + /* fall through */ >> case DATA_FMT_DIGEST: >> case DATA_FMT_HEX: >> if (!buflen) >> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c >> index fa98394a40d0..127aa6c58e34 100644 >> --- a/security/smack/smack_lsm.c >> +++ b/security/smack/smack_lsm.c >> @@ -3391,13 +3391,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) >> */ >> final = &smack_known_star; >> /* >> - * Fall through. >> - * >> * If a smack value has been set we want to use it, >> * but since tmpfs isn't giving us the opportunity >> * to set mount options simulate setting the >> * superblock default. >> */ >> + /* Fall through */ >> default: >> /* >> * This isn't an understood special case.
On 1/24/19 9:29 PM, Gustavo A. R. Silva wrote: > > > On 1/24/19 9:13 PM, Casey Schaufler wrote: >> On 1/24/2019 6:56 PM, Gustavo A. R. Silva wrote: >>> In preparation to enabling -Wimplicit-fallthrough, mark switch >>> cases where we are expecting to fall through. >>> >>> This patch fixes the following warnings: >>> >>> security/integrity/ima/ima_appraise.c:116:26: warning: this statement may fall through [-Wimplicit-fallthrough=] >>> security/integrity/ima/ima_template_lib.c:85:10: warning: this statement may fall through [-Wimplicit-fallthrough=] >>> security/integrity/ima/ima_policy.c:940:18: warning: this statement may fall through [-Wimplicit-fallthrough=] >>> security/integrity/ima/ima_policy.c:943:7: warning: this statement may fall through [-Wimplicit-fallthrough=] >>> security/integrity/ima/ima_policy.c:972:21: warning: this statement may fall through [-Wimplicit-fallthrough=] >>> security/integrity/ima/ima_policy.c:974:7: warning: this statement may fall through [-Wimplicit-fallthrough=] >>> security/smack/smack_lsm.c:3391:9: warning: this statement may fall through [-Wimplicit-fallthrough=] >>> security/apparmor/domain.c:569:6: warning: this statement may fall through [-Wimplicit-fallthrough=] >>> >>> Warning level 3 was used: -Wimplicit-fallthrough=3 >>> >>> This patch is part of the ongoing efforts to enabling -Wimplicit-fallthrough. >>> >>> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> >> >> Acked-by: Casey Schaufler <casey@schaufler-ca.com> >> BTW, thanks, Casey. I'll take this in my tree. -- Gustavo >> Ug. It can't be part of a greater comment? Grumble. >> > > Not like the one in this case. > > It can be part of a one line comment like this: > > /* fall through - ... */ > > and it has to be placed at the bottom of the case. > > I know... I'd be great if this can be improved. > >>> --- >>> security/apparmor/domain.c | 2 +- >>> security/integrity/ima/ima_appraise.c | 1 + >>> security/integrity/ima/ima_policy.c | 4 ++++ >>> security/integrity/ima/ima_template_lib.c | 1 + >>> security/smack/smack_lsm.c | 3 +-- >>> 5 files changed, 8 insertions(+), 3 deletions(-) >>> >>> diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c >>> index 726910bba84b..c7c619578095 100644 >>> --- a/security/apparmor/domain.c >>> +++ b/security/apparmor/domain.c >>> @@ -572,7 +572,7 @@ static struct aa_label *x_to_label(struct aa_profile *profile, >>> stack = NULL; >>> break; >>> } >>> - /* fall through to X_NAME */ >>> + /* fall through - to X_NAME */ >>> case AA_X_NAME: >>> if (xindex & AA_X_CHILD) >>> /* released by caller */ >>> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c >>> index a2baa85ea2f5..57daf30fb7d4 100644 >>> --- a/security/integrity/ima/ima_appraise.c >>> +++ b/security/integrity/ima/ima_appraise.c >>> @@ -114,6 +114,7 @@ static void ima_set_cache_status(struct integrity_iint_cache *iint, >>> break; >>> case CREDS_CHECK: >>> iint->ima_creds_status = status; >>> + /* fall through */ >>> case FILE_CHECK: >>> case POST_SETATTR: >>> iint->ima_file_status = status; >>> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c >>> index 8bc8a1c8cb3f..122797023bdb 100644 >>> --- a/security/integrity/ima/ima_policy.c >>> +++ b/security/integrity/ima/ima_policy.c >>> @@ -938,10 +938,12 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) >>> case Opt_uid_gt: >>> case Opt_euid_gt: >>> entry->uid_op = &uid_gt; >>> + /* fall through */ >>> case Opt_uid_lt: >>> case Opt_euid_lt: >>> if ((token == Opt_uid_lt) || (token == Opt_euid_lt)) >>> entry->uid_op = &uid_lt; >>> + /* fall through */ >>> case Opt_uid_eq: >>> case Opt_euid_eq: >>> uid_token = (token == Opt_uid_eq) || >>> @@ -970,9 +972,11 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) >>> break; >>> case Opt_fowner_gt: >>> entry->fowner_op = &uid_gt; >>> + /* fall through */ >>> case Opt_fowner_lt: >>> if (token == Opt_fowner_lt) >>> entry->fowner_op = &uid_lt; >>> + /* fall through */ >>> case Opt_fowner_eq: >>> ima_log_string_op(ab, "fowner", args[0].from, >>> entry->fowner_op); >>> diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c >>> index 43752002c222..513b457ae900 100644 >>> --- a/security/integrity/ima/ima_template_lib.c >>> +++ b/security/integrity/ima/ima_template_lib.c >>> @@ -83,6 +83,7 @@ static void ima_show_template_data_ascii(struct seq_file *m, >>> /* skip ':' and '\0' */ >>> buf_ptr += 2; >>> buflen -= buf_ptr - field_data->data; >>> + /* fall through */ >>> case DATA_FMT_DIGEST: >>> case DATA_FMT_HEX: >>> if (!buflen) >>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c >>> index fa98394a40d0..127aa6c58e34 100644 >>> --- a/security/smack/smack_lsm.c >>> +++ b/security/smack/smack_lsm.c >>> @@ -3391,13 +3391,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) >>> */ >>> final = &smack_known_star; >>> /* >>> - * Fall through. >>> - * >>> * If a smack value has been set we want to use it, >>> * but since tmpfs isn't giving us the opportunity >>> * to set mount options simulate setting the >>> * superblock default. >>> */ >>> + /* Fall through */ >>> default: >>> /* >>> * This isn't an understood special case.
On 1/24/19 6:56 PM, Gustavo A. R. Silva wrote: > In preparation to enabling -Wimplicit-fallthrough, mark switch > cases where we are expecting to fall through. > > This patch fixes the following warnings: > > security/integrity/ima/ima_appraise.c:116:26: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/integrity/ima/ima_template_lib.c:85:10: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/integrity/ima/ima_policy.c:940:18: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/integrity/ima/ima_policy.c:943:7: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/integrity/ima/ima_policy.c:972:21: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/integrity/ima/ima_policy.c:974:7: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/smack/smack_lsm.c:3391:9: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/apparmor/domain.c:569:6: warning: this statement may fall through [-Wimplicit-fallthrough=] > > Warning level 3 was used: -Wimplicit-fallthrough=3 > > This patch is part of the ongoing efforts to enabling -Wimplicit-fallthrough. > > Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> looks good to me Acked-by: John Johansen <john.johansen@canonical.com> > --- > security/apparmor/domain.c | 2 +- > security/integrity/ima/ima_appraise.c | 1 + > security/integrity/ima/ima_policy.c | 4 ++++ > security/integrity/ima/ima_template_lib.c | 1 + > security/smack/smack_lsm.c | 3 +-- > 5 files changed, 8 insertions(+), 3 deletions(-) > > diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c > index 726910bba84b..c7c619578095 100644 > --- a/security/apparmor/domain.c > +++ b/security/apparmor/domain.c > @@ -572,7 +572,7 @@ static struct aa_label *x_to_label(struct aa_profile *profile, > stack = NULL; > break; > } > - /* fall through to X_NAME */ > + /* fall through - to X_NAME */ > case AA_X_NAME: > if (xindex & AA_X_CHILD) > /* released by caller */ > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c > index a2baa85ea2f5..57daf30fb7d4 100644 > --- a/security/integrity/ima/ima_appraise.c > +++ b/security/integrity/ima/ima_appraise.c > @@ -114,6 +114,7 @@ static void ima_set_cache_status(struct integrity_iint_cache *iint, > break; > case CREDS_CHECK: > iint->ima_creds_status = status; > + /* fall through */ > case FILE_CHECK: > case POST_SETATTR: > iint->ima_file_status = status; > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > index 8bc8a1c8cb3f..122797023bdb 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -938,10 +938,12 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) > case Opt_uid_gt: > case Opt_euid_gt: > entry->uid_op = &uid_gt; > + /* fall through */ > case Opt_uid_lt: > case Opt_euid_lt: > if ((token == Opt_uid_lt) || (token == Opt_euid_lt)) > entry->uid_op = &uid_lt; > + /* fall through */ > case Opt_uid_eq: > case Opt_euid_eq: > uid_token = (token == Opt_uid_eq) || > @@ -970,9 +972,11 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) > break; > case Opt_fowner_gt: > entry->fowner_op = &uid_gt; > + /* fall through */ > case Opt_fowner_lt: > if (token == Opt_fowner_lt) > entry->fowner_op = &uid_lt; > + /* fall through */ > case Opt_fowner_eq: > ima_log_string_op(ab, "fowner", args[0].from, > entry->fowner_op); > diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c > index 43752002c222..513b457ae900 100644 > --- a/security/integrity/ima/ima_template_lib.c > +++ b/security/integrity/ima/ima_template_lib.c > @@ -83,6 +83,7 @@ static void ima_show_template_data_ascii(struct seq_file *m, > /* skip ':' and '\0' */ > buf_ptr += 2; > buflen -= buf_ptr - field_data->data; > + /* fall through */ > case DATA_FMT_DIGEST: > case DATA_FMT_HEX: > if (!buflen) > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index fa98394a40d0..127aa6c58e34 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -3391,13 +3391,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) > */ > final = &smack_known_star; > /* > - * Fall through. > - * > * If a smack value has been set we want to use it, > * but since tmpfs isn't giving us the opportunity > * to set mount options simulate setting the > * superblock default. > */ > + /* Fall through */ > default: > /* > * This isn't an understood special case. >
On Thu, 2019-01-24 at 20:56 -0600, Gustavo A. R. Silva wrote: > In preparation to enabling -Wimplicit-fallthrough, mark switch > cases where we are expecting to fall through. > > This patch fixes the following warnings: > > security/integrity/ima/ima_appraise.c:116:26: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/integrity/ima/ima_template_lib.c:85:10: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/integrity/ima/ima_policy.c:940:18: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/integrity/ima/ima_policy.c:943:7: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/integrity/ima/ima_policy.c:972:21: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/integrity/ima/ima_policy.c:974:7: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/smack/smack_lsm.c:3391:9: warning: this statement may fall through [-Wimplicit-fallthrough=] > security/apparmor/domain.c:569:6: warning: this statement may fall through [-Wimplicit-fallthrough=] > > Warning level 3 was used: -Wimplicit-fallthrough=3 > > This patch is part of the ongoing efforts to enabling -Wimplicit-fallthrough. > > Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Other than the one question in ima_appraise.c, the rest of the IMA changes are fine. Mimi > --- > security/apparmor/domain.c | 2 +- > security/integrity/ima/ima_appraise.c | 1 + > security/integrity/ima/ima_policy.c | 4 ++++ > security/integrity/ima/ima_template_lib.c | 1 + > security/smack/smack_lsm.c | 3 +-- > 5 files changed, 8 insertions(+), 3 deletions(-) > > diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c > index 726910bba84b..c7c619578095 100644 > --- a/security/apparmor/domain.c > +++ b/security/apparmor/domain.c > @@ -572,7 +572,7 @@ static struct aa_label *x_to_label(struct aa_profile *profile, > stack = NULL; > break; > } > - /* fall through to X_NAME */ > + /* fall through - to X_NAME */ > case AA_X_NAME: > if (xindex & AA_X_CHILD) > /* released by caller */ > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c > index a2baa85ea2f5..57daf30fb7d4 100644 > --- a/security/integrity/ima/ima_appraise.c > +++ b/security/integrity/ima/ima_appraise.c > @@ -114,6 +114,7 @@ static void ima_set_cache_status(struct integrity_iint_cache *iint, > break; > case CREDS_CHECK: > iint->ima_creds_status = status; > + /* fall through */ Matthew, is this right? > case FILE_CHECK: > case POST_SETATTR: > iint->ima_file_status = status; > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > index 8bc8a1c8cb3f..122797023bdb 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -938,10 +938,12 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) > case Opt_uid_gt: > case Opt_euid_gt: > entry->uid_op = &uid_gt; > + /* fall through */ > case Opt_uid_lt: > case Opt_euid_lt: > if ((token == Opt_uid_lt) || (token == Opt_euid_lt)) > entry->uid_op = &uid_lt; > + /* fall through */ > case Opt_uid_eq: > case Opt_euid_eq: > uid_token = (token == Opt_uid_eq) || > @@ -970,9 +972,11 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) > break; > case Opt_fowner_gt: > entry->fowner_op = &uid_gt; > + /* fall through */ > case Opt_fowner_lt: > if (token == Opt_fowner_lt) > entry->fowner_op = &uid_lt; > + /* fall through */ > case Opt_fowner_eq: > ima_log_string_op(ab, "fowner", args[0].from, > entry->fowner_op); > diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c > index 43752002c222..513b457ae900 100644 > --- a/security/integrity/ima/ima_template_lib.c > +++ b/security/integrity/ima/ima_template_lib.c > @@ -83,6 +83,7 @@ static void ima_show_template_data_ascii(struct seq_file *m, > /* skip ':' and '\0' */ > buf_ptr += 2; > buflen -= buf_ptr - field_data->data; > + /* fall through */ > case DATA_FMT_DIGEST: > case DATA_FMT_HEX: > if (!buflen) > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index fa98394a40d0..127aa6c58e34 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -3391,13 +3391,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) > */ > final = &smack_known_star; > /* > - * Fall through. > - * > * If a smack value has been set we want to use it, > * but since tmpfs isn't giving us the opportunity > * to set mount options simulate setting the > * superblock default. > */ > + /* Fall through */ > default: > /* > * This isn't an understood special case.
[Cc'ing James Morris] On Thu, 2019-01-24 at 21:47 -0600, Gustavo A. R. Silva wrote: > >>> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> > >> > >> Acked-by: Casey Schaufler <casey@schaufler-ca.com> > >> > > BTW, thanks, Casey. I'll take this in my tree. This patch touches multiple LSMs and IMA. As James has already picked up similar patches, which are in his next-general branch, perhaps he could also pick up an updated version of this one. Mimi
Mimi, On 1/31/19 1:58 PM, Mimi Zohar wrote: > [Cc'ing James Morris] > > On Thu, 2019-01-24 at 21:47 -0600, Gustavo A. R. Silva wrote: > >>>>> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> >>>> >>>> Acked-by: Casey Schaufler <casey@schaufler-ca.com> >>>> >> >> BTW, thanks, Casey. I'll take this in my tree. > > This patch touches multiple LSMs and IMA. As James has already picked > up similar patches, which are in his next-general branch, perhaps he > could also pick up an updated version of this one. > Yeah. I can either integrate your recent fix and respin if you don't mind, or remove the fall-through comment and wait for James to take both patches, yours and mine. What do you prefer? Thanks -- Gustavo
On Thu, 2019-01-31 at 14:12 -0600, Gustavo A. R. Silva wrote: > Mimi, > > On 1/31/19 1:58 PM, Mimi Zohar wrote: > > [Cc'ing James Morris] > > > > On Thu, 2019-01-24 at 21:47 -0600, Gustavo A. R. Silva wrote: > > > >>>>> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> > >>>> > >>>> Acked-by: Casey Schaufler <casey@schaufler-ca.com> > >>>> > >> > >> BTW, thanks, Casey. I'll take this in my tree. > > > > This patch touches multiple LSMs and IMA. As James has already picked > > up similar patches, which are in his next-general branch, perhaps he > > could also pick up an updated version of this one. > > > > Yeah. I can either integrate your recent fix and respin if you don't mind, > or remove the fall-through comment and wait for James to take both patches, > yours and mine. > > What do you prefer? Either way is fine. Mimi
On 1/31/19 2:20 PM, Mimi Zohar wrote: >>> >>> This patch touches multiple LSMs and IMA. As James has already picked >>> up similar patches, which are in his next-general branch, perhaps he >>> could also pick up an updated version of this one. >>> >> >> Yeah. I can either integrate your recent fix and respin if you don't mind, >> or remove the fall-through comment and wait for James to take both patches, >> yours and mine. >> >> What do you prefer? > > Either way is fine. > OK. Well, I think in this case less is more, so I will integrate our changes into a single patch. Thanks for your feedback. -- Gustavo
On Thu, 31 Jan 2019, Gustavo A. R. Silva wrote: > > > On 1/31/19 2:20 PM, Mimi Zohar wrote: > > >>> > >>> This patch touches multiple LSMs and IMA. As James has already picked > >>> up similar patches, which are in his next-general branch, perhaps he > >>> could also pick up an updated version of this one. > >>> > >> > >> Yeah. I can either integrate your recent fix and respin if you don't mind, > >> or remove the fall-through comment and wait for James to take both patches, > >> yours and mine. > >> > >> What do you prefer? > > > > Either way is fine. > > > > OK. Well, I think in this case less is more, so I will integrate our changes > into a single patch. WFM
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 726910bba84b..c7c619578095 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -572,7 +572,7 @@ static struct aa_label *x_to_label(struct aa_profile *profile, stack = NULL; break; } - /* fall through to X_NAME */ + /* fall through - to X_NAME */ case AA_X_NAME: if (xindex & AA_X_CHILD) /* released by caller */ diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index a2baa85ea2f5..57daf30fb7d4 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -114,6 +114,7 @@ static void ima_set_cache_status(struct integrity_iint_cache *iint, break; case CREDS_CHECK: iint->ima_creds_status = status; + /* fall through */ case FILE_CHECK: case POST_SETATTR: iint->ima_file_status = status; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 8bc8a1c8cb3f..122797023bdb 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -938,10 +938,12 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) case Opt_uid_gt: case Opt_euid_gt: entry->uid_op = &uid_gt; + /* fall through */ case Opt_uid_lt: case Opt_euid_lt: if ((token == Opt_uid_lt) || (token == Opt_euid_lt)) entry->uid_op = &uid_lt; + /* fall through */ case Opt_uid_eq: case Opt_euid_eq: uid_token = (token == Opt_uid_eq) || @@ -970,9 +972,11 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) break; case Opt_fowner_gt: entry->fowner_op = &uid_gt; + /* fall through */ case Opt_fowner_lt: if (token == Opt_fowner_lt) entry->fowner_op = &uid_lt; + /* fall through */ case Opt_fowner_eq: ima_log_string_op(ab, "fowner", args[0].from, entry->fowner_op); diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 43752002c222..513b457ae900 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -83,6 +83,7 @@ static void ima_show_template_data_ascii(struct seq_file *m, /* skip ':' and '\0' */ buf_ptr += 2; buflen -= buf_ptr - field_data->data; + /* fall through */ case DATA_FMT_DIGEST: case DATA_FMT_HEX: if (!buflen) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index fa98394a40d0..127aa6c58e34 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3391,13 +3391,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) */ final = &smack_known_star; /* - * Fall through. - * * If a smack value has been set we want to use it, * but since tmpfs isn't giving us the opportunity * to set mount options simulate setting the * superblock default. */ + /* Fall through */ default: /* * This isn't an understood special case.
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. This patch fixes the following warnings: security/integrity/ima/ima_appraise.c:116:26: warning: this statement may fall through [-Wimplicit-fallthrough=] security/integrity/ima/ima_template_lib.c:85:10: warning: this statement may fall through [-Wimplicit-fallthrough=] security/integrity/ima/ima_policy.c:940:18: warning: this statement may fall through [-Wimplicit-fallthrough=] security/integrity/ima/ima_policy.c:943:7: warning: this statement may fall through [-Wimplicit-fallthrough=] security/integrity/ima/ima_policy.c:972:21: warning: this statement may fall through [-Wimplicit-fallthrough=] security/integrity/ima/ima_policy.c:974:7: warning: this statement may fall through [-Wimplicit-fallthrough=] security/smack/smack_lsm.c:3391:9: warning: this statement may fall through [-Wimplicit-fallthrough=] security/apparmor/domain.c:569:6: warning: this statement may fall through [-Wimplicit-fallthrough=] Warning level 3 was used: -Wimplicit-fallthrough=3 This patch is part of the ongoing efforts to enabling -Wimplicit-fallthrough. Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> --- security/apparmor/domain.c | 2 +- security/integrity/ima/ima_appraise.c | 1 + security/integrity/ima/ima_policy.c | 4 ++++ security/integrity/ima/ima_template_lib.c | 1 + security/smack/smack_lsm.c | 3 +-- 5 files changed, 8 insertions(+), 3 deletions(-)